Observations on anti-spam law's regulatory process

The Office of the Privacy Commissioner invites contributions to its blog from members of our External Advisory Committee. Their representation reflects the myriad of public policy perspectives critical to proposing a balanced view on privacy and personal information protection.  While we benefit from their experience and advice, the views they represent in articles appearing here are their own and don’t necessarily represent the views of the Office.

The following blog post is from Professor Michael A. Geist.

Last December, the government celebrated passing eight bills into law, including the long-delayed anti-spam bill. Years after a national task force recommended enacting anti-spam legislation, the Canadian bill finally established strict rules for electronic marketing and safeguards against the installation of unwanted software programs on personal computers, all backed by tough multi-million dollar penalties.

Then-Industry Minister Tony Clement promised that the law would “protect Canadian businesses and consumers from harmful and misleading online threats,” but nearly a year later, the law is in limbo, the victim of a fight over regulations that threaten to undermine important protections and delay implementation for many more months.

One of the most worrying potential changes involves the law’s mandatory disclosure requirements when Canadians install new software programs on their personal computers. With incidents such as the Sony rootkit debacle still fresh in the minds of many – the company surreptitiously installed programs on millions of computers leaving them vulnerable to security breaches – the Canadian law provides welcome protection against spyware and unwanted software.

This issue was hotly debated when the bill came before a House of Commons committee and the compromise language was designed to protect individual privacy and security, while enabling common installations (such as security updates) to proceed unimpeded.

Yet now lobby groups are using the regulatory process to re-open the legislative compromise.

For example, the Information Technology Association of Canada, which represents software and technology companies, argues that software vendors should be permitted to install programs without disclosure provided they notify the user of possible installations within the license agreement. Given the common practice of burying such terms in long agreements that few consumers ever read, few will be aware that they have consented to the secret installation of programs designed to monitor their use of the software.

The law specifically worked to avoid this outcome but it appears that the much-needed privacy and security protections may be in jeopardy.

Professor Michael A. Geist,
Canada Research Chair in Internet and E-commerce Law
University of Ottawa, Faculty of Law

Date modified: