The Privacy Commissioner of Canada’s Position at the Conclusion of the Hearings on the Statutory Review of PIPEDA

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Appendix VII

OPC’s letter to the Minister of Industry on Spam

January 22, 2007

The Honourable Maxime Bernier P.C., M.P.
Minister of Industry
5th floor, West Tower
C.D. Howe Building
235 Queen St.
Ottawa, Ontario K1A 0H5

Subject: The Need for Government Action against Spam

Dear Minister,

As you know, as Privacy Commissioner of Canada, my role is to oversee the application of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Privacy Act and, within that context, to protect and promote privacy.

This includes acting as an advocate for the privacy rights of Canadians. These rights are being threatened by the scourge of spam and spam-borne online threats such as spyware and phishing attacks. Far beyond the impacts on privacy alone, these malicious activities are undermining confidence in the Internet and literally prompting some people to abandon activities in electronic commerce. Spam also impacts the operation of government through resource consumption in order to deal with this problem. And, as a vector for malicious code, it threatens the integrity of government systems as well as the efficiency of its activities.

In 2005, OPC officials had the privilege of working with officials in your Department and in the Competition Bureau as part of the Task Force on Spam and working on draft legislation. I am concerned by the fact that none of the Task Force recommendations have been implemented. Furthermore, Canada is the only G-8 country with no anti-spam legislation.

Spam, even in its most benign form (that of unsolicited bulk commercial e-mail), violates the basic privacy principle of express consent to the collection and use of personal information, namely e-mail addresses. When used as a vehicle for propagating other threats such as spyware and phishing attacks, the potential harm to information privacy increases significantly. Your own web site acknowledges the threat that spam poses.

A representative of this Office attended the most recent meeting of the London Action Plan, held in Brussels in December 2006. Several themes emerged from the country and organizational updates, with presentations being made by representatives from Canada, the United States, the Netherlands and Japan, among others. It is clear that spam is proving difficult to deal with effectively, as evidenced by the continued rise in the volume of spam reaching individual mailboxes.

While simply passing a law to outlaw spam is also insufficient of itself, countries such as the United States and the Netherlands are finding it an essential element of an overall response to the spam issue. As was pointed out by several of the presenters in Brussels, effective responses are likely to include a mix of technical requirements and controls and cooperative actions by governments, regulators and ISPs. However, the fact that law alone is not enough should not obscure the possibility that it may be a key part of a solution. There may be a risk that in the absence of a legislated response to spam, the “spam business” may be driven out of other jurisdictions and into Canada, as has been happening in New Zealand.

As of January 7th, 2007, Spamhaus, an international non-profit organization whose mission is to track the Internet's Spam Gangs, lists Canada as Number 6 in the top ten worst countries for originating spam. I think this is unacceptable, and I hope you would agree.

As Privacy Commissioner, I am convinced that the government must do more, and to that end, I pose the following questions:

1) Spam is an issue that will require a concerted effort on the part of numerous departments (e.g., Industry Canada, Justice, Treasury Board Secretariat, Public Works and Government Services) if we are to reduce or eliminate it. How does the government propose to address this issue, and what role do you see for your department?;

2) The message that emerged from the Brussels London Action Plan meeting was that although it was a necessary and useful piece of the solution, legislation alone will not stem the tide. Notwithstanding this, numerous other countries are enacting legislation. Why is Canada the only G-8 country without specific anti-spam legislation?;

3) Public education and possibly incentives to industry should also be considered as part of the solution. What other key policy instruments will the government invoke in order to develop an effective strategy for dealing with spam?;

4) The key motivation for spamming appears to be profit; the economics of spam overwhelmingly favouring the spammer. What plans does the government have to identify and address the root causes of spamming?

March is Fraud Awareness Month and we have an excellent opportunity to help educate people so that they can attempt to deal with the growing number and variety of online threats. While I intend to develop a number of public education materials to put on my web site, I feel this is not enough and would welcome an opportunity to work with you and your officials to do more to protect Canadians.

Yours sincerely,

Jennifer Stoddart
Privacy Commissioner of Canada

c.c.: Mr. Tom Wappel

Date modified: