Feed aggregator

CRTC, Competition Bureau Enforcement of Canadian Anti-Spam Law Picks Up Steam

Michael Geist Law RSS Feed - Wed, 2015/04/08 - 12:23

Appeared in the Toronto Star on March 28, 2015 as Plenty of Fish, Avis Fines Show Anti-Spam Law Has Teeth

As the launch of the Canadian anti-spam law neared last spring, critics warned that enforcement was likely to present an enormous challenge. Citing the global nature of the Internet and the millions of spam messages sent each day, many argued that enforcement bodies such as the Canadian Radio-television and Telecommunications Commission and the Competition Bureau were ill-suited to combating the problem.

In recent weeks it has become increasingly clear that the CRTC and the Bureau can enforce the law against companies that send commercial emails that run afoul of the new legal standards. Those agencies have completed three enforcement actions against Canadian businesses that point to the risks of millions of dollars in fines for failing to obtain proper consent before sending commercial messages, not granting users the ability to unsubscribe from further messages, or sending false or misleading information.

The first CRTC case involved Compu-Finder, a Quebec-based corporate training company that sent commercial emails without consent and without proper unsubscribe mechanisms. Their emails practices accounted for a quarter of the complaints in the sector received by the CRTC. In response, the company was hit with a $1.1 million penalty.

The CRTC concluded its second case earlier last month, this time targeting Plenty of Fish, the popular online dating site. The Commission received complaints that the company was sending commercial emails without a clear and working unsubscribe mechanism. One of the key requirements in the law is that each commercial email contain an unsubscribe mechanism to allow recipients to opt-out at any time. Plenty of Fish agreed to settle the case by paying a $48,000 penalty and developing a compliance program to address its email practices.

While most of the anti-spam law enforcement attention has focused on the CRTC, the biggest case to date originates from the Competition Bureau. In March, it took action against Avis and Budget, two of Canada’s largest rental companies. The Bureau alleged that the companies engaged in false and misleading advertising when they failed to disclose numerous additional fees as part of their car rental promotions.

The misleading advertising was featured in several places, including email messages. The Bureau used the anti-spam rules, which contain new prohibitions against false or misleading commercial messaging, as part of its complaint. The case now heads to the Competition Tribunal, where the Bureau is seeking $30 million in penalties as well as customer refunds.

These cases confirm that the Canadian anti-spam law comes as advertised with tough penalties and enforcement agencies that will not hesitate to use it. However, it also suggests that solitary errors are unlikely to lead to investigations or fines. Rather, the CRTC examines the hundreds of thousands of complaints it receives from Canadians to identify trends and suitable targets for enforcement.

The cases have thus far focused on legitimate businesses that fail to comply with the law. That can be expected to continue, but the enforcement agencies must also turn their attention to the large spamming organizations that are still operating in Canada. According to Spamhaus’ Register of Known Spamming Organizations, five of the top 100 spamming organizations (responsible for 80 per cent of spam worldwide) are based in Canada.

Since the anti-spam law is premised on both improving the commercial email practices of legitimate business and shutting down Canadian-based spamming organizations, the CRTC should continue to work with businesses on anti-spam law compliance and also begin the process of wielding tough penalties to stop the groups responsible for clogging in-boxes with millions of unwanted messages every day.

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can be reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

The post CRTC, Competition Bureau Enforcement of Canadian Anti-Spam Law Picks Up Steam appeared first on Michael Geist.

Privacy Commissioner of Canada Rules Bell’s Targeted Ad Program Violates Canadian Law

Michael Geist Law RSS Feed - Tue, 2015/04/07 - 11:26

The Privacy Commissioner of Canada has released the long-awaited decision on Bell’s targeted ads program. The Commissioner’s press release soft-pedals the outcome – “Bell advertising program raises privacy concerns” – but the decision is clear: Bell’s so-called relevant ads program violates Canadian privacy law. As I wrote earlier this year, the key issue in the case centered on whether Bell should be permitted to use an opt-out consent mechanism in which its millions of customers are all included in targeted advertising unless they take pro-active steps to opt-out, or if an opt-in consent model is more appropriate. Given the detailed information collected and used by Bell, I argued that opt-in consent was the right approach.

The Privacy Commissioner of Canada agrees:

In our view, for the reasons expressed above, the RAP clearly involves the use of sensitive personal information. As such, the sensitivity of the information at issue leads us to the conclusion that Bell must obtain express consent for the RAP in the circumstances. This conclusion is further supported by our assessment of the reasonable expectations of Bell Customers, which is set out below.

The decision includes detailed analysis of why the opt-in standard is appropriate and why Bell’s insistence that the personal information is not sensitive is wrong. The decision concludes:

we remain of the view that Bell cannot rely on the opt-out consent of its customers in order to implement the RAP. Both the sensitivity of the information at issue and the reasonable expectations analysis lead us to the conclusion that such consent is not appropriate in the circumstances. In our preliminary report, we recommended that Bell provide its customers with the opportunity to make an express opt-in choice regarding whether or not they consent to Bell’s use of their personal information for the RAP. Bell refused to comply with our recommendation. [emphasis added]

Bell’s decision to violate Canadian privacy law leaves the Privacy Commissioner of Canada with little alternative: it must pursue the case in the Federal Court of Canada. Yet that approach will takes years as the case will have to be mounted from scratch. In the meantime, Bell will presumably continue to violate the law.

[Update: Bell now says it will abide by the Privacy Commissioner of Canada’s ruling including the opt-in approach issue.]

The case is a perfect illustration of why Bill S-4, the Digital Privacy Act, should be amended to include order making power (I argued for order making power during my appearance before the Industry committee last month). The government cannot credibly claim that its bill offers Canadians strong privacy protections when the country’s largest telecommunications company can simply refuse to comply with the law and the Privacy Commissioner of Canada’s only recourse is lengthy, expensive litigation.  Provincial privacy commissioners have order making power as do virtually all data protection and privacy commissioners around the world. As currently drafted, PIPEDA leaves the Privacy Commissioner of Canada with little power to fully protect Canadians’ privacy with companies such as Bell seemingly free to reject his decisions.

The post Privacy Commissioner of Canada Rules Bell’s Targeted Ad Program Violates Canadian Law appeared first on Michael Geist.

Scan This or Scan Me? User Privacy & Barcode-Scanning Applications

Freedom to Tinker - Mon, 2015/04/06 - 08:00
[Please welcome guest bloggers Eric Smith and Nina Kollars. Eric Smith serves as the Chief Information Security Officer (CISO) for a higher ed consortium with membership consisting of Bucknell University, Franklin & Marshall College and Susquehanna University. Nina Kollars is assistant professor of government at Franklin & Marshall college, where her scholarship examines the ways […]

Where is Internet Congestion Occurring?

Freedom to Tinker - Thu, 2015/04/02 - 12:32
In my post last week, I explained how Netflix traffic was experiencing congestion along end-to-end paths to broadband Internet subscribers, and how the resulting congestion was slowing down traffic to many Internet destinations. Although Netflix and Comcast ultimately mitigated this particular congestion episode by connecting directly to one another in a contractual arrangement known as paid peering, […]

Bitcoin and game theory: we’re still scratching the surface

Freedom to Tinker - Tue, 2015/03/31 - 11:03
In an earlier post I argued why Bitcoin’s stability is fundamentally a game-theoretic proposition, and ended with some questions: Can we effectively model the system with all its interacting components in the language of strategies and payoff-maximization? Is the resulting model tractable — can we analyze it mathematically or using simulations? And most importantly, do […]

Be wary of one-time pads and other crypto unicorns

Freedom to Tinker - Wed, 2015/03/25 - 18:53
Yesterday, a new messaging app called Zendo got some very favorable coverage from Tech Crunch. At the core of their sales pitch is the fact that they use one-time pads for encryption. With a few strong assumptions, namely that the pads are truly random and are only used once, it’s true that this scheme is “unbreakable” […]

Why Your Netflix Traffic is Slow, and Why the Open Internet Order Won’t (Necessarily) Make It Faster

Freedom to Tinker - Wed, 2015/03/25 - 07:07
The FCC recently released the Open Internet Order, which has much to say about “net neutrality” whether (and in what circumstances) an Internet service provider is permitted to prioritize traffic. I’ll leave more detailed thoughts on the order itself to future posts; in this post, I would like to clarify what seems to be a […]
Syndicate content