Bill C-28, the Fighting Internet and Wireless Spam Act (FISA), is Canada's anti-spam legislation that received Royal Assent on December 15, 2010. The bill replaced Bill C-27, the Electronic Commerce Protection Act (ECPA), which was passed by the House of Commons, but died due to the prorogation of the second session of the 40th Canadian Parliament on December 30, 2009. The Act went into effect July 1, 2014.
The Act will apply to "all communications sent by Canadian companies, to Canadian companies or messages simply routed through Canadian servers". This includes personalised communications such as email or SMS messages delivering any form of communication, such as text, images, voice or sounds, or technologies not yet available. However, the Act exempts communications sent via telephone or facsimile, as these are already regulated under the Telecommunications Act.
The Act requires that marketers may only send email to individuals who opt into receiving them. Such consent may be implicit, such as by engaging in a transaction with a company, or by virtue of having one's telephone number or email address listed in a public directory. It is mandatory for senders to enable recipients to opt out of receiving messages. Records collected by marketers via implied consent have a time limit. This act makes it necessary for marketers to send a one-time double opt-in subscription request to all its subscribers whose consent has not been explicitly taken till the date this act came into force. As over the years companies' email lists expand and their consent type and source does not remain clear, most of the companies sent the double opt-in email to all their subscribers once the Act came into force.
An email address has always been considered personal information per PIPEDA, which can require implied or explicit consent before an email address is collected or used. The Act added additional protections in PIPEDA to prevent companies from relying on PIPEDA exceptions relating to fraud prevention or debt collection to generate email lists by data mining or automatic crawling without consent.
The law is enforced by three organizations: the Competition Bureau, the Canadian Radio-television and Telecommunications Commission (CRTC) and the Office of the Privacy Commissioner. It includes a "private right of action that will allow Canadian consumers and businesses to take civil action against those who violate the legislation". The CRTC may levy fines of up to $1 million for an individual or $10 million for a business that contravenes the Act. Each violation may result in a fine.
The Act has been criticized by some, such as by David Poellhuber who says "It's not going to change the spam you and I receive in our inboxes" because about 70 per cent of spam originates from botnets operating in other countries, notably Brazil, Russia, and the United States; and by academics who argue that it is unconstitutional. However, one analysis found a 29% reduction in spam received by Canadians and a corresponding 37% reduction in spam sent by Canadians once the Act took effect.
- "C-28: An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act". House Government Bill, LEGISinfo. Parliament of Canada. Retrieved .
- Ouellette, Michael (August 18, 2011). "The next small business time bomb: Bill C-28". Canadian Manufacturing, Business Information Group. Retrieved .
- Lam, Yvonne (April 15, 2011). "How Canada's Fighting Internet and Wireless Spam Act (FISA -- Bill C-28) affects marketers and businesses". International Self-Counsel Press. Archived from the original on 2012-08-22. Retrieved .
- "Bill C-28: Canada's Anti-Spam Law Receives Royal Assent". Competition Bureau, Government of Canada. Retrieved .
- Webb, Dave (December 16, 2010). "Bill C-28 and your inbox". ITWorldCanada. Retrieved .
- Androich, Alicia (February 9, 2012). "Bill C-28: A Fine Line". Marketing magazine, Rogers Publishing Limited. Retrieved .
- "Bill C-28/Canada's Anti-Spam Legislation: Timeline & FAQ". Inbox Marketer. January 22, 2012. Archived from the original on January 27, 2012. Retrieved .
- ^ LEGISinfo
- ^ Ouellette
- ^ Inbox Marketer
- ^ Lam: "Canada's law is also broader in that it covers all personalized electronic messages, whether emails, SMS (text) messages, or any other electronic technologies which may be in use in the future."
- ^ Canada's Anti-Spam Legislation, SC 2010, c 23, sub-section 6(8)
- ^ Telecommunications Act, SC 1993, c 38, section 41 et seq
- ^ CRTC, Telemarketing and Unwanted Calls
- ^ Lam
- ^ Lam: "If a person or business's address or phone number has been "conspicuously published or disclosed" and there's no statement saying that the recipient doesn't want unsolicited commercial messages, that also counts as implied consent. The messages sent do have to be deemed relevant to the recipient, however."
- ^ Androich: One element of Bill C-28 that appears inevitable, says Belton, is that there will be time limits associated with implied consent records.
- ^ Melnyk, Jenn (2 July 2014). "CASL - MOVING FORWARD". SiteWyze. Retrieved 2015.
- ^ OPC, PIPEDA Case Summary #2005-297
- ^ OPC, Report of Findings #2016-005, "Accuracy of Email Addresses"
- ^ SC 2010, c 23, Canadian Anti-Spam Legislation, Legislative Summary, section 2.11, "Under PIPEDA as it currently exists, there is a list of exceptional circumstances under which personal information can be collected, used and/or disclosed by a private sector organization without consent, such as in life-threatening emergencies or for debt collection. Bill C-28 introduces a caveat: in the case of the collection and/or use of an electronic address obtained through data mining or other automated crawling, most of the PIPEDA exceptions do not apply."
- ^ Competition Bureau
- ^ Competition Bureau
- ^ Webb
- ^ Androich: "Senders that violate the law face fierce fines: up to $10 million for an organization and up to $1 million for an individual. The penalties will be imposed per violation and sometimes will even be treated separately for each day the law is violated."
- ^ Webb
- ^ Webb
- ^ Crowne, Emir and Provato, Stephanie, Canada's Anti-Spam Legislation: A Constitutional Analysis (November 13, 2014). John Marshall Journal of Information Technology & Privacy Law, Vol. 31, No. 1, 2014 . Available at SSRN: http://ssrn.com/abstract=2523985
- ^ "Expect Canada's anti-spam law could face Charter challenge, law professor says", http://business.financialpost.com/2014/12/03/expect-canadas-anti-spam-law-could-face-charter-challenge-law-professor-says/
- ^ Cloudmark, 2015 Q1 Security Threat Report