Evidence of meeting #83 for Industry, Science and Technology in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was casl.
A recording is available from Parliament.
11:30 a.m.
Liberal
11:30 a.m.
Liberal
Mary Ng Liberal Markham—Thornhill, ON
Thank you very much.
Thank you so much for coming back. As you said, the law has been in place for three years. I think what we heard from the testimony that came in is that people are giving us feedback about how they're working within it.
To the point my colleague made, I think we heard from businesses that they are trying to comply. I think that's certainly the intent, and they're looking to us to understand where there could be some improvements to help with compliance. For sure, applaud and know that the intent here is to try get at anti-spam and at the bad actors that can hurt overall confidence. The intent is to protect consumers. We heard, virtually overwhelmingly and unanimously, that there needs to be some clarification in some of the definitions. Maybe that's what I'll focus on, and you can talk about that.
For commercial electronic messages, we heard from many, almost everyone, asking for some clarity around that, because there's a lack of understanding around a CEM for business-to-business use. We heard examples of someone or an organization not being able to communicate to a customer to give them a notification.
Can you talk to us from your perspective? We heard the testimony. Is it worthwhile to do some further clarification on the definition of CEM to help with compliance?
11:35 a.m.
Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
I'll start, and then my legal counsel will get me out of trouble.
I think that's a really good point. Obviously, for every piece of guidance that we give, we try to provide that clarification on everything from the definition of a commercial electronic message to other issues.
I think it's interesting; I read the blues on the weekend from this committee on the entire study, and you're right that people bring that back. What I found interesting in some of that testimony is, for me, clarity on the fact that people don't understand some of the exemptions. There are exemptions for business to business. There are exemptions for charities. If I am a credit card holder with a certain company, and they want to text me or email me to tell me something about my account because I've given them that information, that is permitted; there is an existing business relationship there.
I was a bit surprised by some of the testimony I was reading in that they felt they couldn't do certain activities or that they were unable to do certain activities.
With respect to certain clarifications with CEM, I'll let Kelly-Anne tell you more, but I think the key thing for me as the chief compliance and enforcement officer is to make sure that we don't get so granular that it becomes even more challenging for people to comply or for me to enforce a particular activity.
11:35 a.m.
Senior Legal Counsel, Canadian Radio-television and Telecommunications Commission
The definition in the act is a broad definition, I think. We have heard as well that there's a lack of clarity with respect to the definition. I think the definition contains other definitions, other terms that you need to refer to other terms, in order to determine what those terms mean.
In the recent Compu.Finder decision, the commission itself has provided some clarification and some guidance as to what in their view constitutes a commercial electronic message. I think the definition is so broad in order to capture circumstances where a party could be soliciting. If you want to make tweaks to the definition, it is your opportunity to do so. I do note that when the witnesses testified, people criticized the definition but didn't offer any suggestions for how we could clarify the definition. I would certainly be open to commenting on how we could clarify the definition, but I would exercise caution there. If you tighten it up too much, you might restrict our enforcement of real spam emails that are sent.
There are so many exemptions, some of which are not even consent-based, that if you have any kind of relationship with a party, you really can send a commercial electronic message.
11:35 a.m.
Liberal
Mary Ng Liberal Markham—Thornhill, ON
That's helpful. I guess the concern really is that we just heard overwhelmingly—and if you read the blues, it's overwhelming—about the lack of clarity on the definitions, and under what circumstances implied or explicit consent is needed. I think that chilling effect that is being borne is real, because this is what organizations are facing in trying to comply. So the ability for us to be able to give a set of recommendations that genuinely can then help improve the intent of the legislation...but at the same time also give clarity so that there is a practical implementation, just because people have now lived with it for a few years now, right? So that's helpful.
On the exemptions that exist such as business to business, personal to personal, charities and so forth, do you have any ideas about how we could make those modifications, or what action could be taken that would then help with a better understanding? It's a combination of clarifying CEM but also—
11:35 a.m.
Senior Legal Counsel, Canadian Radio-television and Telecommunications Commission
There is a multitude of exemptions, there's no doubt, and I think in some cases there is an overlap.
11:40 a.m.
Liberal
Mary Ng Liberal Markham—Thornhill, ON
It's perhaps that overlap that is just providing a lack of understanding.
11:40 a.m.
Senior Legal Counsel, Canadian Radio-television and Telecommunications Commission
I think so.
11:40 a.m.
Liberal
Mary Ng Liberal Markham—Thornhill, ON
In an absence of direction, people and businesses are just saying they can't do it, and because there are penalties that could be quite severe, they really aren't doing it. How do we incent and enable people to get that level of comfort to adopt and then make all of us safer?
11:40 a.m.
Senior Legal Counsel, Canadian Radio-television and Telecommunications Commission
I think maybe you could tighten up the exemptions. There are areas where there's an overlap. In the GIC regulations, there's the exemption where, if you're a business and you have a relationship, you can send to another business. But then there's the existing business relationship exemption. If you're a business, you already likely fall under the existing business relationship exemption, so there's an overlap there.
I'm sure you heard about subsection 6(6).
11:40 a.m.
Senior Legal Counsel, Canadian Radio-television and Telecommunications Commission
I'm going to be very cautious here, but I think there is likely an opportunity to clarify with respect to subsection 6(6).
Subsection 6(6) is a bit of an oxymoron in that it says that these commercial electronic messages are exempt for consent purposes. But if you look at what those provisions are, a lot of them are not really commercial electronic messages by their very nature. We've heard a lot of confusion from people with respect to subsection 6(6), and we've tried to give them comfort, but we can't change the way the legislation is worded.
11:40 a.m.
Liberal
Mary Ng Liberal Markham—Thornhill, ON
One point I want to go to really quickly is software. People said that there's an inability, because of the requirements for consent, etc., to get software in that's going to essentially help them be more compliant or be more secure; or in the world of the Internet of things, where things will just update, they don't know that they're able to do it, because in doing so they may violate CASL.
At any rate, there's no time for an answer. Maybe someone else will bring it up.
11:40 a.m.
Liberal
The Chair Liberal Dan Ruimy
Thank you. We can come back to this.
Mr. Eglinski, you have five minutes.
November 9th, 2017 / 11:40 a.m.
Conservative
Jim Eglinski Conservative Yellowhead, AB
Thank you.
Thank you again for coming back.
Neil, there were some questions being asked earlier by Mr. Baylis about the amount of enforcement you did. I think somebody did the quick math and said you only did nine every year for the last three years. Being a former police officer, though, I've had three or four guys work on a very serious crime case for four of five years with only one charge. You casually let slide that one of your investigations lasted upwards of two years. I know you need to get the evidence, and you need to have the right materials, if you're going to do the fine.
Can you expand on that a little bit? Let's look at maybe Rogers or Porter Airlines, two that came up that all the lawyers want to throw at us and stuff like that. How long would that investigation have taken, and how many people would you have had working on it?
11:40 a.m.
Director, Electronic Commerce Enforcement, Canadian Radio-television and Telecommunications Commission
I don't have the details specifically for that one, but you are right that they take a lot of time and can often require several investigators to be involved at the same time.
In general terms, an investigation is going to start with the intelligence we have in the spam reporting centre or elsewhere, but we need to be able to validate all that information. In the case of a legitimate company that's sending out messages, we need to ask them to get their consent records. There can often be millions of records, so we're talking about a spreadsheet with millions of lines for each email: who they're sending emails to, when their business relationship was established, and things of that nature.
Going through all of that information obviously takes time. We need to then also contact any complainants we may have and get witness statements to validate and corroborate the other information we have. It's a long process, and when we get into cases that are multi-party, such as the coupons investigation that I referred to earlier, then you have several legal entities that you're looking into at the same time, and people in different jurisdictions. In that case we had one American and one Canadian. It necessarily takes a little longer when we're dealing with partners in the U.S., for example.
11:40 a.m.
Conservative
11:40 a.m.
Director, Electronic Commerce Enforcement, Canadian Radio-television and Telecommunications Commission
Yes. As we get closer to cases of malware and things of that nature, that's only going to increase the complexity and the amount of effort and resources going into the investigations.
11:40 a.m.
Conservative
11:40 a.m.
Director, Electronic Commerce Enforcement, Canadian Radio-television and Telecommunications Commission
I currently have about 12 investigators.
11:40 a.m.
Conservative
Jim Eglinski Conservative Yellowhead, AB
Now, Steve, you mentioned during your presentation that during the time that evidence has been given—obviously you guys have been listening, so thank you—you are already making some changes. Could you tell us about some of the things you are adapting right now? I think your submission mentions some new “tools” as a result of evidence from the committee.
11:45 a.m.
Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
With every piece of information we get, whether through an investigation or through our outreach activities, and we've certainly taken it upon ourselves also to look at the testimony of this committee, if people see that there's confusion and we have the opportunity—we have guidance we can showcase on our website, or information we can share with others—we've taken it upon ourselves to look at it and say that we may need, perhaps, an infographic on such and such. We have the information, it is public, people can find it in four different places on our website, but perhaps we should look at how we can tighten it up and make our CASL information pages more accessible to people.
We've looked at that, have noted that there still seems to be some confusion, and asked whether we can add some new FAQs to our website, for example. That would probably be the most immediate thing we've done: “Let's make sure people are clear as a registered charity”, and so on. We've tried to make tweaks as we go, because every piece of learning we get is helpful for us. For us it's all about wanting everyone to comply, so the more guidance the better.
11:45 a.m.
Conservative
Jim Eglinski Conservative Yellowhead, AB
Going back, do you keep a record? You've told us how many major investigations you've had, and you spoke about having many inquiries where you have dealt with companies individually, gone through things, and made recommendations. Do you keep a record on the corporate end of how many people you've dealt with over the last three years?
11:45 a.m.
Director, Electronic Commerce Enforcement, Canadian Radio-television and Telecommunications Commission
We track the number of warning letters that we issue, and obviously, the number of undertakings we enter into or notices of violation that we issue. Do we track every time we have a conversation or a back-and-forth with a company about compliance? Maybe we do it a little bit less robustly than we do those other metrics, but every time we get information or questions from people, we use them to develop the next set of presentations we're going to give. We presume that, if someone comes to us with a question, there are probably several other people who have that same area of concern.
11:45 a.m.
Conservative
Jim Eglinski Conservative Yellowhead, AB
But there's no one there asking you how much you're really doing, or what you're really doing?
Steve doesn't get on your case and ask you to justify your 12 or 13 guys?