I would maintain the statutory damage, in that it can be extremely difficult to prove certain things. What it should really be is, “I was sent this after I told them to stop.” That should be sufficient, as long as the court, on a case-by-case basis, thinks that's plausible.
It has to remain relatively broad, because it should not just cover email spam, which is what CASL partially covers. The other thing CASL covers is distributed denial of service attacks of various varieties. If you narrow it down to email spam, then you're leaving out your neighbour deciding to blow your computer off the air. They can do that now, and dealing with it legally would be very difficult.
The private right of action allows you to do something about it, because it's an unsolicited message that you were being sent. It's covered.
That was why I mentioned earlier in my presentation that I was so pleased this law was written to cover just about everything we could possibly think of. So far, it still would, in a very real sense, and this is 12 years or 13 years later. That's not bad.
I wouldn't change it so much. I would make sure that there were some limitations, perhaps, on abuse of it, but I think the broad breadth is about right.