Industry committee  I agree with what Mr. Kardash just said, but I would like to provide an example of why the computer program provisions are too broad. If you're a start-up company and you're deciding whether to start up in Silicon Valley or in Waterloo, you look at the laws and at how they apply.

Industry committee  The challenge with the PRA in CASL is in no small part because of the complexity of the law and the innumerable situations in which compliance is next to impossible, and because it's combined with statutory damages. If you are a class action lawyer, you make an economic decision,

Industry committee  You have to say this is my business name, and this is my mailing address and either my email address, my web address, or my telephone number. And I must say that you have the right to withdraw consent, or you can withhold your consent, or pull it back later. If I don't ask it in

Industry committee  That's a great example. Another example is on implied consent. I'm in full agreement with Dr. Geist that we need a strong consent regime, but there has to be a willingness to look at the circumstances and ask whether it makes sense for this small business to send a message to a

Industry committee  Absolutely. If I've made a purchase within the last two years, you can send me a message, but if I've subscribed for a free service—I didn't buy anything—maybe you can't send me a message. I say “maybe” because we're left scrambling to interpret the law. It's too prescriptive to

Industry committee  I'll start by providing some advice to the CRTC about helping organizations comply. The CRTC does not issue findings or decisions that provide the rationale for the fine or the circumstances in which the offence or violation took place. That contrasts with the behaviour of the Pr

Industry committee  I think there would be broad support if the private right of action were targeted on the truly bad actors, and we had a situation where we weren't combining a private right of action, broad standing to sue, and statutory damages, because that's where the potential for frivolous c

Industry committee  Let me give you two real-life examples. The law tells you how you must request express consent.

Industry committee  I would like to take a different perspective. There is no question that we need effective privacy legislation. The discussion and the points that Michael is raising are about privacy, agreed. That's why we have PIPEDA. That's why we have a very active, internationally respected p

Industry committee  I think the problem is, as Mr. Geist has mentioned, we really don't have enough information. We have some statistics that are quite old, from 2015, to suggest there's been a reduction in overall messaging, including of legitimate messages. To Mr. Masse's comment, the question we

Industry committee  I didn't say that, but you're right. The rules prescribed by the CRTC indicate that in any request for consent, you must state that a person will have the opportunity to withdraw consent.

Industry committee  Subsection 6(6) does not deal with a computer program. It deals exclusively with electronic messaging.

Industry committee  I think we need to look at what our international trading partners do. They don't regulate all computer program installations. They regulate malware and spyware. There are unintended consequences of having an overly broad approach, and those are the consequences that I fear are u

Industry committee  Other jurisdictions regulate malware and spyware, as they should and as we need to, but they don't go and regulate all other messages. They certainly regulate collection of information, personal information using computer programs, as we have with PIPEDA and as we will continue t

Industry committee  A decision was made to regulate the installation of all computer programs except for those specifically exempted by regulation.