As long as CASL applies broadly to the issue of regular messaging to consumers, and it does that to provide a backstop that enforces good marketing practices, the danger is that unless the private right of action is either removed or narrowed, it is a perfect vehicle for class action lawyers to go after some company that made a small error and sent out 100,000 messages to people they shouldn't have. It's not damaging to those people, but there are statutory damages in the law that could result in enormous fines. This is the kind of chilling effect.
I don't think we're going to see CASL change to the point where it's only focused on malicious activity. It would be nice to get it set up so that it's largely focusing on malicious and negative activity, but it's still needed to enforce good marketing practices. The private right of action must be dealt with, either narrowed substantially or removed from the law. When I say “narrowed”, I am saying to either take out the statutory damages and force plaintiffs to demonstrate they've been damaged and incurred costs, or narrow it so only ISPs—as has been done in other jurisdictions—would be able to use that part of the law to go after players who are abusing their customers, their whole network. It's important to deal with the private right of action no matter what.