Maclean’s magazine reported in February that an estimated 60 per cent of today’s e-mail is spam.1 The ever-increasing volume of spam has created new challenges and new costs for businesses and individuals.
However, many businesses use unsolicited commercial e-mail as a part of their marketing programs. Should they be considered "spammers"? It is important to remember that there is a big difference between responsible e-marketing and the type of spam that offers questionable products, or access to money held in Nigerian bank accounts. For one thing, responsible e-marketers do their best to comply with anti-spam laws and voluntary codes. Is your company aware of the legislative framework related to spam in Canada and the U.S.? If your company is a member of an industry association, does it comply with a voluntary code of ethics?
Complying with Anti-Spam Laws
To date, Canada has not passed any anti-spam laws although a Senate Bill (Bill S-2) was introduced on February 3, 2004.
This Bill proposes the establishment of an Internet Consumer Protection Council to which all Internet Service Providers would have to belong. The Council would be responsible for setting standards for its members. The Bill also calls for the creation of a "no-spam list" whereby people could refuse to receive spam.
In terms of enforcement, Bill S-2 would establish a civil cause of action in nuisance that could be brought by any person who received spam in violation of the law.
There is very little chance that Bill S-2 will ever become law. However, it is expected that, at the urging of Industry Canada, the government will soon contemplate legislative reform.
In the meantime, advertisers and marketers who send spam should be aware of the federal Personal Information Protection and Electronic Documents Act ("PIPEDA") that came into effect for all businesses on January 1, 2004. Among other requirements, companies must ensure that recipients of their unsolicited commercial e-mails be given the opportunity to opt-out of receiving such messages in the future. Companies and their affiliates must also ensure that they are able to respond to these opt-out requests promptly and efficiently. This usually means that a company has to analyze how its e-mail lists are generated, used, stored and updated.
Four e-mail providers – Yahoo, Microsoft, AOL and Earthlink – recently launched a series of lawsuits against spammers under the U.S. CAN-Spam Law ("CAN-Spam") that took effect on January 1, 2004. CAN-Spam attempts to regulate e-mail sent to a "protected computer", defined as one "which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States[.]"2
Similarly broad, CAN-Spam defines a "recipient" with respect to a commercial e-mail as "an authorized user of the electronic mail address to which the message was sent or delivered".
It appears from these definitions that recipients do not have to be physically located in the U.S. to be protected by the legislation. Similarly, a "sender" with respect to a commercial e-mail is defined as "a person who initiates such a message and whose product, service, or Internet web site is advertised or promoted by the message."
Again, it does not appear to matter that the "sender" may be in a different country. In fact, three Canadians are reportedly named in one of the lawsuits brought by Yahoo. Although the CAN-Spam Law attempts to extend its reach beyond the borders of the U.S. in its definitions of "protected computer", "recipient" and "sender", it is questionable how this law will be applied outside of the U.S.
International law does have some mechanisms whereby a country can extend its laws outside of its borders in certain circumstances. For instance, the U.S. may be able to assert jurisdiction over a foreign company using the "effects doctrine", a principle that allows a country to claim extra-territorial jurisdiction where it can be shown that the offending party’s actions have had an effect in that state. However, even if the U.S. were able to claim jurisdiction, it is still an open question whether a foreign court, such as one in Canada, would enforce a penal order from the U.S.
CAN-Spam: To comply or not to comply
Although it is not clear whether Canadian companies would be subject to CAN-Spam, it could be considered part of a company’s best practices to voluntarily comply.
In order to comply with CAN-Spam, companies must:
(a) make sure that the header information is not materially false or misleading ("header information" is any information that identifies the sender, such as "the source, destination and routing information attached to an electronic mail message");
(b) draft clear and truthful subject headings – the subject must not be likely to mislead a recipient about a material fact regarding the contents or subject matter of the message;
(c) include a functioning opt-out mechanism whereby the recipient may easily remove his/her name from future mailings (it is unlawful to send another unsolicited message more than 10 business days after receiving an opt-out request);
(d) make it clear that the e-mail is an advertisement;
(e) give the recipient "clear and conspicuous" notice of the opportunity to opt-out; and
(f) include a valid physical postal address of the sender.
It is also considered unlawful under CAN-Spam to generate e-mail lists using automated systems that combine names, letters, or numbers into potential e-mail addresses.
Canadian Marketing Association
The Canadian Marketing Association’s ("CMA") Code of Ethics and Standards of Practice preclude its members from using unsolicited e-mail to obtain new customers. However, CMA members may send e-mails to customers who have voluntarily provided their e-mail addresses, as long as the message includes an opt-out mechanism. The collecting, using and disclosing of these e-mail addresses are still subject to PIPEDA, as discussed above.
In addition, the CMA’s Weekly Watching Brief, dated March 12, 2004, reported that it is working closely with Industry Canada to develop a spam action plan. Stay tuned.
Until technological innovations help control the flood of spam, companies that wish to avoid the label "spammer" should pay attention to the rules when sending unsolicited e-mail messages. In Canada, the most important requirement is the opt-out mechanism – recipients should always have the option of removing their names from e-mail lists. When e-mailing U.S. recipients, it may be wise to comply with the minimum requirements of the CAN-Spam Law, even though it is not clear whether it is enforceable in Canada. Lastly, companies that belong to industry associations should ensure their e-mail solicitations comply with the applicable voluntary codes.
1 Derek Chezzi, "You’ve Got Spam" Maclean’s (23 February 2004) 30 at 31.
2 U.S.C. tit. 18 § 1030 (e)(2)(B).
The foregoing provides only an overview. Readers are cautioned against making any decisions based on this material alone. Rather, a qualified lawyer should be consulted.
© Copyright 2004 McMillan Binch LLP