Skip to main content

INDU Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

Previous day publication Next day publication
Skip to Document Navigation Skip to Document Content






House of Commons Emblem

Standing Committee on Industry, Science and Technology


NUMBER 079 
l
1st SESSION 
l
42nd PARLIAMENT 

EVIDENCE

Thursday, October 26, 2017

[Recorded by Electronic Apparatus]

(1105)

[English]

    Here we were thinking we were going to be even further delayed by our vote, but no, we're here on time.
    Welcome, everybody, to meeting number 79 of the Standing Committee on Industry, Science and Technology, as we continue our study into the anti-spam legislation.
    Today we have with us, as an individual, William Michael Osborne, partner at Affleck Green McMurtry LLP.
    We have, via the World Wide Web, Philippe Le Roux, chief executive officer of Certimail. Can you hear me, sir?

[Translation]

    Perfect.

[English]

    We have, from Imagine Canada, Bill Schaper, director, public policy.
    We will have eight minutes each. We're going to just get into it.
    Ms. Ng.
    Can I just ask a quick question?
    Mr. Osborne, you're here as an individual, but I see that you are also an advisory member to Lighten CASL. Can you just help clarify for us your relationship with Lighten CASL, if you wouldn't mind, please, before we get going?
    Sure. The fellow who founded that contacted me some time ago, or I contacted him, and he put me on his list of advisers. That's more or less the extent of my involvement with them. I've spoken with them but I'm appearing here to give you my own opinion. I'm not doing so on their behalf, and I haven't run what I'm going to say by them in any way. What you're going to hear is what I think.
    Thank you.
    Thank you very much.
    We're going to go right into it, actually, with Mr. Osborne.
    You're first up.
     Thank you, Mr. Chair.
    I'm a lawyer. I practise a mix of competition law and commercial litigation. I'd like to think that it's my competition law experience that is going to drive a lot of what I'm going to tell you today.
    I'm going to divide my comments on CASL into three categories, which I'll call “the good, the bad, and the ugly”.
    What is the good? Generally speaking, the provisions added to the Competition Act by this law are good. It's a good thing. It's good that we have bulked up the Competition Act to deal with misrepresentations in electronic communications. Also, I generally think the provisions about computer programs are good. I also think that having a robust unsubscribe requirement for electronic communications is a good thing.
    I'm going to turn, though, to the bad, because of course what this committee is about is reviewing and proposing potential changes to this law.
    As you know, CASL establishes an opt-in regime for commercial electronic messages. It does not distinguish between one-off emails and bulk emails. In fact, it was deliberately drafted so as to apply to even a single email. Basically what this law does is to make it presumptively unlawful to use email—and I'm using “email” as a shorthand for any kind of electronic communication that's captured by the act—for any commercial purposes.
    I see four problems with this.
    The first relates to the scope. I won't spend a lot of time on that, because I suspect you've heard a lot about it. What we're really concerned about, I would think, is bulk emails, people sending out large amounts of emails, yet CASL applies if I as a lawyer send an email to an in-house counsel saying, “Hey, I'd like to pitch my firm to do some work for you”, or even if I send an email to a lawyer to say, “Let's get together for lunch”. It also applies if I send an email to a neighbour asking if they'd like to buy tickets to a gala dinner, say, for a kids' sports team. That would be a commercial electronic message. In theory, I should be putting an unsubscribe in there.
    All of these are likely commercial electronic messages. All of them, therefore, have all of these requirements superadded to them, yet I think no one would say in these situations, one-off emails between people in these circumstances, that all of this apparatus is necessary.
    I'm going to turn now to a more fundamental point. In my submission, the mechanism in CASL is inconsistent with a free-market economy. Freedom isn't just about freedom of political speech. In fact, I would say that, for most people, freedom means the freedom to go about their daily lives. This includes economic freedoms, the freedom to start a business, to look for clients, to market that business, to tell people about new and innovative products that you've created, and to offer them on the market.
    The quid pro quo for my freedom and the freedoms of Canadians to start businesses is that I'm going to get publicity from other people exercising their freedoms. I might not be that interested in that publicity, but if I want the freedom to tell people about my business and what I do, then I have to accept that I'm going to get stuff that I'm going to have to put in the trash—in the case of snail mail or flyers that are paper—or hit delete on. Of course the other thing is that one person's junk mail or spam is another person's coupon-clipping opportunity.
    A corollary to this is that this law reduces competition. In fact, it does so, I'd say, deliberately. That makes its title, frankly, the opposite of what it is. It's almost Orwellian. It parodies some of the purposes of the Competition Act. It talks about, “An Act to Promote the Efficiency and Adaptability of the Canadian Economy...” but, in fact, what CASL does explicitly is privilege incumbent firms over new entrants.
    Competition is about new entrants coming into the market offering new products, innovative products, expanding entering markets, and competing with the incumbents, and maybe even unseating them as incumbents.
     CASL privileges the relations between incumbents and their clients over those with new entrants who would want to establish new relationships with new clients. It does so by erecting what is effectively a barrier to entry. It says you can't send a commercial electronic message. You can't email people to tell them about your new and innovative products unless you have first somehow contacted them and got their consent to do that.
    It raises the costs to a new business and a new entrant to tell Canadians about new and innovative products, and that reduces competition. It's built into the act. It's not a bug. It's a feature.
    You've probably heard from other witnesses, so I'm not going to belabour the point, but there's a very serious constitutional argument about this statute, that the mechanism that makes it presumptively unlawful to use email for commercial purposes is inconsistent with the existence of any commercial freedom of speech. As we know, our courts have said there is such a thing as constitutionally protected commercial speech. It's not as strongly protected as what I'm doing today—political freedom of speech—but it is protected.
    You may also have heard issues about the effectiveness of CASL, so I won't spend a lot of time on that but I will note that most spam comes from outside of Canada. CASL can't really touch that directly; we have to rely on our partners abroad to deal with that.
    The other thing is that some of the absolutely worst kind of spam that we get—phishing messages trying to get us to log on to things and give over our passwords—might not even be caught at all because it's not a commercial message. It's not about buying and selling a product. It's just flat out fraud. It's already probably a criminal offence under our criminal law, but CASL doesn't really touch it. In the end, CASL goes after legitimate businesses here in Canada, loads them up with restrictions that you've probably heard a lot about, and probably doesn't do very much for us in return.
    What would I propose in its place if I had the decision-making power? I'd say we should have a very strong opt-out system with very robust unsubscribe requirements that are enforced. The CRTC is enforcing the unsubscribe requirements, of course.
    I'll turn quickly to the ugly—the things that need to be fixed a bit, as opposed to just changed fundamentally. First is the private right of action. There are three problems with it. The first is it's an open invitation to class action lawyers to start actions against reputable companies. They're not going to go after the Russian brides and the spammers outside of the country. They're going to go after Air Canada, WestJet, and all the rest of them.
    Second—and this is troubling—because you can get out of a class action, although you have to do it before it starts by entering into an undertaking with the CRTC, it gives the CRTC a big tool, a big club, to get money out of companies. What's wrong with that? Well, anytime you create incentives for a regulator that give them a club to get money, there's a danger that they'll try to do that. I'm not saying they will. I'm saying there's a danger. It's like an invitation for them to do it.
    The third is a nit, but in its application to section 74.011 of the Competition Act, there's no materiality threshold requirement in that provision. That means you could have a cause of action and lawsuit over an insignificant, trivial misrepresentation or inaccuracy in a subject line of an email.
    I suspect my time is over. I'll just mention quickly that the warrantless searches provision, notice to produce, is almost certainly unconstitutional. The act is full of what I'd call statutory interpretation nightmares, but I don't have the time to take you through them.
    Thank you.
(1110)
    Thank you very much.
    We are going to move on to Certimail.

[Translation]

    Mr. Philippe Le Roux, you have eight minutes.
    Thank you very much, Mr. Chair.
    I would like to thank all the members of the committee for inviting me to appear today.
    I have noticed that the media have not reported much on the committee's work, and yet you do excellent work, both for companies and Canada's economy, and for consumers.
    For my part, I have followed your work with great interest, albeit from a distance, through the committee's website, and have published a regular update about it on our blog.
    I have to admit that this is the first time I have been in a so-called lobbying position, and I was especially surprised by the number of approximations, exaggerations, and “alternative facts” that have been presented to you by various witnesses as scientific truth. I will come back to that later on.
    First, allow me to introduce myself briefly. I am an Internet pioneer in Quebec. In 1994, I founded the first digital marketing agency, through which, for close to 20 years, I have helped various organizations such as VIA Rail, RDS and Club Med USA use the web to transform their marketing strategies, their sales strategies, and sometimes even their business model.
    I have always considered email as being at the heart of any digital marketing strategy, and I started implementing email marketing strategies for our clients back in 1996.
    In 2013, I left the agency to found Certimail, the company I am representing today, whose mission is to help SMEs increase the effectiveness of their email marketing while complying with Canada's anti-spam legislation, or CASL.
    Far from being dogmatic, the observations and recommendations I will present today are based on 20 years of email marketing experience, and four years dedicated to analyzing CASL and its 13 regulatory instruments, in order to help dozens of SMEs of all sizes implement a compliance program based on the CRTC's requirements.
    Before I get to the analysis of CASL and its enforcement, I would like to answer a simple question that the committee members have asked regularly, at nearly every meeting, without ever getting an answer, namely, what does it cost for a company to comply with CASL. The answer is simple. The compliance packages offered by Certimail cost $699 for a sole proprietorship or self-employed person, $1,249 for a small company with fewer than 10 employees, and between $3,000 and $15,000 for companies with between 11 and 300 employees. If my colleagues from Newport Thomson, Deloitte, or KPMG, which offer similar services to larger companies, had been invited to appear before the committee, they would have told you that their rates for compliance range from $25,000 to $100,000.
    I think this is important information. I admit that I was surprised that neither the CRTC nor the various industry organizations that appeared before you were able to provide this essential and publicly available information.
    That being said, I will focus on three elements: the importance and effectiveness of CASL, the inadequacy of the CRTC's approach to its enforcement, and a few recommendations to strengthen CASL by reducing its negative impacts.
    Contrary to what many lobbyist have stated before the committee, CASL does not pertain to cybersecurity or computer security risks, but rather seeks to develop consumer confidence in electronic commerce and to develop Canadian industry.
    As suggested in the report of the Task Force on Spam, which preceded the legislation, the legislation and its regulations seem more like rules of the road for electronic communications than legislation about information security threats, as people have led us to believe.
    When I crossed the bridge this morning to attend your meeting, I noted that the complex and strict regulations that were established a century ago to guide the few automobile drivers of the time have not really compromised this mode of transport or that industry. The same thing applies to CASL.
    These rules of the road for electronic communications are very important to Canadians. They demonstrated this by filing more than a million complaints in three years, without a single advertisement encouraging them to do so. There was no advertising campaign informing people who received spam that they could forward it to the Spam Reporting Centre. The idea caught on spontaneously and people filed more than a million complaints. These votes in support of CASL continue to come in by the thousands every day.
    Moreover, this volume of complaints is sufficient to contradict a recent statement made to your committee by a Canadian Chamber of Commerce representative, namely, that the problem of unsolicited email has been resolved by anti-spam technology. Receiving unsolicited email is in fact still a major problem for a vast majority of Canada's population. Anti-spam technology is increasingly effective, but it has not solved the problem. Moreover, this technology is starting to show its limitations. Just ask the U.S. Department of Homeland Security, which was short on tasers last week because the Taser server had treated its purchase orders as spam.
    By its first anniversary, CASL had reduced the volume of spam received by Canadians by 37%. This shows the effectiveness of CASL for consumers. It is also effective for businesses, at least for those that want to do real email marketing, and not use email incorrectly to do traditional mass marketing from the Mad Men era.
    Since CASL came into force, Canada has pulled ahead of the pack to become one of the two countries with the most effective email marketing by far. The other country is Australia, the only other country that has legislation that is as broad, complex, and strict as CASL.
    The delivery rate, that is, the proportion of commercial email that is sent and is visible to addressees, that is not filtered by anti-spam or other systems, is in the order of 80% in most countries in the world. In Canada, that rate rose from 79% in 2014 to 90% today. The only country in the world with a similar success rate is Australia.
    Similarly, the readership rate, that is, the proportion of marketing emails that are opened by addressees, fluctuates between 12% on the African continent and 24% in the United Kingdom. In the United States, it is 21%. With a readership rate of 32%, Canada is in second place, just behind Australia, where the rate is 33%. Before CASL came into force, the readership rate in Canada was just 26%.
(1120)
    I apologize, Mr. Leroux, but time is running out and I'm afraid you may not have enough time to go over everything from your written document.
    I will give you another minute to conclude your presentation.
    Okay, I will be brief.
    Narrowing the scope of CASL today would help encourage Canadian businesses to maintain an outdated marketing approach rather than to harness innovation and prepare to meet current challenges.
    CETA has just come into force, and Europe has passed legislation that is practically a carbon copy of the Canadian Anti-Spam Legislation in order to manage all the electronic communications of the 300 million European citizens.
    CASL enables Canadian companies to comply, to prepare and to gain a competitive edge over other companies that want to enter the European market.
    I have about a dozen recommendations for you, but since I won't have time to go over them, I suggest that we talk about them in the debate. We will also submit a brief to you after my testimony.
    Thank you very much.

[English]

    We are going to move on to Mr. Schaper.
    Thank you to the members of the committee for inviting us to testify.
    Imagine Canada is the national umbrella for registered charities and public benefit non-profits. Some 86,000 charities and a similar number of non-profits provide vital services and supports to individuals and communities across Canada. Before I get into our specific recommendations regarding CASL, I just want to set a bit of context.
    In the aggregate, when you factor out hospitals, universities, and colleges, organizations generate more than half of their income from sources other than donations and government grants. Registered charities are strictly regulated by the Canada Revenue Agency. An organization can have charitable status only if it demonstrates that it is acting for the public good and that no undue private benefit results from its actions.
    Public benefit non-profits include things like public housing corporations, community development corporations, and social service agencies. They deliver public benefits, and no part of their income or assets is available for private use. Finally, more than half of the organizations in our sector are operated completely by volunteers. These include board members, who serve their communities with no remuneration.
    In preparation for this committee's review, we conducted a survey of charities and non-profits about their experiences since CASL was proclaimed. Among the key findings is that almost 70% of them send some kind of commercial electronic message, as defined in CASL. Upwards of 99% are compliant when it comes to identifying themselves, providing contact information, and providing unsubscribe options.
    The definition of a commercial electronic message remains unclear to them. For example, around 40% of organizations sending messages to promote services for which a fee is charged believe that they are not sending CEMs. Almost half of the organizations have incurred compliance costs. More than 30% of those that do not send CEMs have also reported compliance costs, as they are unsure of the definition of a CEM. More than half of the organizations fear that the private right of action provisions of CASL would limit their ability to recruit volunteer board members.
    We appreciate the efforts that the government and the department made in 2014 to provide comfort to charities through a limited exemption. However, conflicting views between those who drafted the exemption and the CRTC as the enforcement agency have led to increased confusion as to the charities' obligations under the law.
    We believe the solution is to exempt registered charities from the consent provisions of CASL. This would be similar to the exemption they have always had under the do-not-call list.
    We also believe it's time to distinguish between public benefit non-profits, such as public housing corporations, and those that exist for private purposes, such as golf clubs or condo corporations. CASL already does this to some extent for certain purposes, and precedent exists in other jurisdictions to make the distinction. With this distinction made, we recommend that public benefit non-profits also be exempt from the consent provisions.
    We support maintaining CASL's requirements regarding sender identification, contact information, and unsubscribe mechanisms. Indeed, charities seeking accreditation under Imagine Canada's standards program have been required to meet these standards since prior to CASL.
    Regardless of the consent provisions, we also recommend that charities and public benefit non-profits be protected from CASL's provisions regarding PRA, the private right of action. Where organizations have assets, these are held in trust for the public good; they should not be subject to private seizure. As noted above, board members are volunteers serving their communities. They should not be subject to personal liability, particularly when agencies of the federal government have not been able to agree on what the rules are. CASL's administrative penalties are more than sufficient to ensure that charities and non-profits adhere to their obligations, if and when those obligations are truly clarified.
    Thank you. I'd be happy to answer any questions you might have.
(1125)
    Just the way we like it, short and sweet. Thank you very much.
    We are going to move right into questioning. We'll start off with Ms. Ng.
    You have seven minutes.
    Thank you.
    Thank you to all the witnesses for coming today and giving us their very helpful perspective.
    Mr. Osborne, I'm going to start with you.
    We've heard a lot of testimony about where the legislation doesn't work. I think what this committee wants to do is to come out with an outcome to improve a piece of legislation that is intended to protect consumers and to allow for an ease of commerce to take place and to continue taking place into the future, because our economy depends on it. In principle, that's what we want to do.
    You've talked about—and you've certainly written about—the fact that CASL does not help the consumer at all. I don't think I heard that from you today, but maybe you could clarify that, because I want to get to some recommendations through which this committee can be helpful. Can you talk to us about whether it is the definition of CEM..., and how we might look at clarifying that? From a recommendation standpoint, would clarifying CEM help?
     First of all, in terms of helping the consumer, CASL certainly does help consumers in ways, and I wouldn't want you to think that I'm saying it doesn't. The—
    Well, only because I'm reading an article that you wrote where you said that “CASL is a bad law” and “offers no benefit to consumers”, I wanted to ask that.
    I may have overstepped. The point is that the central thrust of it, the opt-in requirement, I see as bad. However, having strong unsubscribe mechanisms—and they're there in CASL—makes a lot of sense. Any reasonable anti-spam law is going to have those, so I wouldn't want you to think that I think those are not necessary and good things.
    Yes, the definition of a CEM needs to be clarified. My own view is that it's hard to craft, but it should be restricted to the bulk type of emails and not the one-off type of emails. I don't think our enforcers are that concerned if I send one email to someone or if anyone does. It's just not what the law is about—
(1130)
    Can I just ask you to pause there? You talked about new entrants. That's really important, because there are a lot of people who are small and medium-sized enterprises or start-ups that are going to use this mode to do business. Talk to us about how this could be improved to help those organizations do electronic business.
    I'm thinking on the fly here. First of all, changing the central mechanism would mean they would not need to get consent to send an electronic message. Now, that doesn't mean they could just go and blast away. There's still PIPEDA to consider. There's still the issue of how they get email addresses in the first place.
    There are still barriers, which I think everyone would say are reasonable barriers, in the sense of restrictions on companies selling our personal information, including email addresses, but it would certainly unlock to an extent the issue of how you would collect email addresses for purposes of sending something. Or if someone sends you an email, you don't have to worry as much about how you respond and what the limits are: two years, six months, or what have you. It would reduce the compliance costs for new entrants.
    Again, changing the thrust of the law would not mean that you could just go and scrape email addresses all over the place and blast away. I wouldn't advocate going that far.
    Thank you.
    Mr. Schaper, thank you for coming. We did hear about how we might need to consider modifying CASL to help the not-for-profits. You started talking a bit about that. Again, we're looking at some practical tools, solutions, or modifications. Can you talk to us a bit about that as it relates to the not-for-profits and how we might be able to help with that balance, to enable them to operate and for it not to be too onerous?
    Again, in some ways we find it ironic that when the do-not-call list was brought in, there was an exemption for charities. We've all been subjected to phone calls during dinner and whatnot, and that's a much more expensive and intrusive way of contacting people. When CASL was brought in, we recommended a similar exemption for charities, and also, if they can be properly defined in the law for public benefit non-profits—
    You are exempt, though. Charities are exempt.
    Under the regulations, charities have a limited exemption. Our understanding of the intent of the officials who wrote the exemption was that it was meant to cover virtually any commercial message that a charity might send.
     When we published the information that the officials at what was then Industry Canada had vetted and confirmed was accurate, we were contacted by the CRTC. They said to hold on, that they were the enforcement agency and that they were not sure that was what the exemption meant, but they couldn't really tell us what they thought the exemption meant.
     What we'd be looking for is a much more clearly worded exemption from the consent provisions.
    I see. All right.
    How much time do I have—one minute?
    Take my one minute, Frank.
    I'd like to follow up and come back to you, Mr. Schaper.
    We had someone explain to us—and I think you pointed it out—that 50% of your income comes from donations and from government. How is the other 50% acquired?
     Basically, we call it self-generated income. It's from sales of goods and services. It's lottery tickets—
    We were led to believe by one of the other experts that that's the line for you. I understand that you've talked to CRTC. There's confusion everywhere, because we were told it was clear, but when I asked for it to be explained to me, I couldn't understand it.
    What I think I understand a little bit is that if you ask me to give you money, that's okay, but if you ask me to give you money because you want to sell me a ticket to your gala, or a lottery ticket, then that's not okay. Is that sort of—
(1135)
    That's the gray area, and that's the concern—
    We'll come back to this in a bit then.
    Thank you very much.
    We're going to move to Mr. Eglinski.
    You have seven minutes.
    Thank you to all three of you for coming today. I would like to start off with Mr. Schaper.
    You were talking about the not-for-profits and the charitable-sector organizations. Have you any statistical data you could share with us? Has their funding dropped over the last three years, since this program has been out?
    We don't have real-time data on that. For donation information, we rely on the information published by the Canada Revenue Agency from tax filer data. I can certainly see what we have, to see if we have anything that might show a trend during that period, and get back to the committee on that.
    So most of your presumptions that it's hurting them are just presumptions.
    Yes. It is based on concerns they've had and concerns we've had, in terms of the applicability and the potential for damage, as well as the disconnect between the messages we were getting at the time from Industry Canada and the minister's office versus what the CRTC was indicating to us. It created confusion.
    All right, thank you.
    Mr. Le Roux, you were starting to explain the similarities between Canada and Australia. Then we cut you short because you were running out of time. I wonder if you could just explain a little bit more how you see the comparison between the two countries. I think you were saying that one of the European countries is now adopting a policy very similar to our CASL.

[Translation]

    In 2003, Australia passed a law that is very similar to the Canadian Anti-Spam Legislation. It is based on prior consent and provides for unsubscribe mechanisms, mandatory identification and fairly harsh penalties. That legislation has been in force in Australia for nearly 15 years, and we have never heard it said that the country's economy was crumbling. On the contrary, that country has excellent results, as we have had since the Canadian legislation was implemented.
    In Europe, the legislation was passed last year and will come into force next May. Up until now, every European country has had its own legislation on this issue. As of next May, the electronic communications of 300 million consumers from 27 European Union countries—there will be 26 countries once Brexit comes into force—will be governed by a piece of legislation similar to the Canadian one. That legislation will contain the same rules, including with regard to express consent. It will even impose additional requirements on people, and fines will be as high as 20 million euros, which is much higher then the penalties under the Canadian legislation.
    Just like the Australian and Canadian pieces of legislation, the European statute is extraterritorial. Canadian businesses that will send messages to Europe—if they comply with the Canadian legislation in its current form—will be very well prepared compared with companies from the U.S. or other parts of the world.

[English]

    Thank you.
    I would like to thank you for bringing in the amounts. I think you were quoting $699 for a small company, $1,249 for 11 or better, and then for better than 11, it was between $3,000 and $15,000. I take it that's the type of work that you do. For the smaller companies you deal with, say those with under 50, you help them; you guide them in the right direction. Have any of those been approached or challenged for offences?

[Translation]

    I would say so.
    What we provide, at the prices I mentioned, is a comprehensive compliance program. We conduct an audit, issue recommendations, guide companies in the implementation of compliance recommendations, and provide them with a written compliance policy and records. It's really a turnkey comprehensive compliance program.
    The main obstacle we currently face is the CRTC. The problem is two-fold. First, the CRTC's communication is flawed. Two different organizations have carried out two separate surveys, which show that 75% of Canadian businesses feel that they are ill-informed with regard to the real issues of the Canadian Anti-Spam Legislation. People are familiar with the legislation, and they know that there is an issue in terms of consent and unsubscription, but they know absolutely nothing about the compliance requirements, the regulatory requirements. There is really a major problem in that respect. Second, documentation is lacking on the objective interpretation of that regulation by the CRTC. In three years, the CRTC's investigative team has come up with three interpretation guides on three small rules. There are still dozens that affect pretty much all Canadian companies. So the CRTC really needs to make a major effort, and that is one of the recommendations we will submit to you.
    The last point is the motivation of businesses, which feel like a million complaints have been filed by consumers. Steven Harroun testified before you a few weeks ago, and he told you that 500 investigations have been opened in three years, that about 30 have been completed and that eight fines have been made public. SMEs feel that they are more likely to win the lottery jackpot than to have an investigation on their emails launched.
    We know how SMEs operate. They have constraints. They are always managing urgent considerations and only focusing on the most important matters. The message sent by the CRTC, probably unwittingly, is that this legislation is not important.
(1140)

[English]

     Thank you.
    I'll go to Mr. Osborne.
     You stated in your evidence...and I think you were talking about the privacy portion of it. Do you know of any actions taken by private individuals?
    You were talking about the possibility of people using this frivolously. Has any of that happened?
    No, it hasn't, sir.
    The private right of action was due to come into force this summer. It's been delayed, I believe, pending your review.
    You're right.
    I did speak with some class action lawyers to ask them if they were chomping at the bit, and the answer wasn't the scare stories that some have told.
    I should fairly point out that the answer was was, “Well, we'll wait and see how it goes.”
    Thank you.
    I think I'm running out of time.
    I think you would be correct.
    We're going to move on to Mr. Masse.
    You have seven minutes.
    Thank you, Mr. Chair.
    It's all speculative in terms of what the private right of action can be. In fact, we don't know.
    I think it's interesting that there still seems to be confusion about compliance and how to do that.
    In the last session, I talked about maybe having more of the rules defined and so forth. At the end of the day—I was just thinking about this in terms of the process we're following—I have yet to find evidence. Maybe we can go around the table and you can provide it. What evidence is there that Canadians want more electronic messaging?
    I'm wondering about all this in terms of how we go on. How many more people out there and Canadians.... I'm just thinking that I asked my staff to do a review, and I just don't remember. I get complaints about just about everything in my office, all kinds of things. Over 15 years, we've seen it all. In fact, I have some rather colourful stories. At any rate, what evidence is there that since this has been in place, many of the charitable supporters have demanded more information or asked for more emails, legitimate or not legitimate, from the people that you deal with?
    We'll go around the table here starting with Mr. Schaper.
    With regard to that part of the question, I don't know whether such evidence exists or where it would be. The perspective we bring is that donors are very interested—and governments have been very interested—in charities seeking to reduce their costs of doing business wherever possible. Using electronic communication is a much cheaper way of raising funds and getting the word out there than are phone banks. We believe they're much less intrusive for people.
    To the extent that people are increasingly responding to online appeals and to the extent that the cost of generating a dollar for charities is going down, we think there's...but in terms of the specific question, “Do you want more email?”, I can't answer that.
(1145)
     I don't think it's out there. I think it's debatable.
    My background is in the not-for-profit sector. When I had a real job, that's what I did. I was an employment specialist for persons with disabilities and youth at risk. I would disagree, though, about the.... Maybe it is less intrusive, but the problem with email and spam is that it can be far more damaging and it's much more costly for you, as basically an unsolicited client, to receive it for information.
    I want to get to Mr. Osborne and then to Mr. Le Roux with regard to the original question, which was what evidence is there that Canadians want more spam and want more email electronic advertising? There are two things happening out there: they're getting legitimate emails and advertising, and then there's the spam-type stuff.
    Are you receiving any type of commentary about that?
    I'm not. That's not the kind of evidence I would be tracking. It's not really what I do.
    What I can say is this. As a consumer, I get many things that I don't want. I get a lot of flyers in the mail and I don't want them, except that sometimes there's one I do want, and I don't know which one I'm going to want. I get a lot of emails from businesses. Most of the time I don't really want to hear about the specials that Air Canada has for flights to wherever until I'm actually thinking of travelling. Then all of a sudden I have to come up here and I see that there's a seat sale on, and suddenly I want that.
    I can only offer my own personal view about this, and, as I said before, I don't think it's about what Canadians want; I think it's about what's right for our economy.
    Well, your expenses coming here should have been covered by the committee. We have a budget for that, so let's make sure it happens.
    Don't worry.
    Mr. Le Roux?

[Translation]

    To answer your question, I would say that Canadians increasingly want to receive emails, but they have two conditions. First, they want to decide for themselves who can send them an email. Second, they want the email's content to be relevant.
    I was saying earlier that Canada had excellent email marketing results. So, the legislation has been positive for businesses. Those of them that do good email marketing make more money today than they did before the legislation came into force. Businesses that do bad email marketing—in other words, those that take advantage of the inexpensiveness of sending their messages to everyone without worrying about whether they are relevant or whether the individual has asked or agreed to receive them—are struggling and will perform very poorly.
    What the legislation does is encourage businesses to improve. One of the things the task force on spam did was analyze what the best email marketing practices were. The legislation kind of forces businesses to apply those best practices and encourages them to develop good marketing skills, which will in turn help them get results.
    I support what Mr. Osborne just said. He said that he was receiving a lot of emails, but there were many that he never asked to receive and that did not concern him. He said that he was receiving emails from Air Canada, but that most of them were of no interest to him. That is something all Canadian consumers are experiencing. The legislation pushes companies to make an effort to ensure to send the right information to the right people.
    Extremely affordable technologies exist today that help automate that process. We are trending toward that. Europe has gone in that direction because that is the current trend.
    Mr. Osborne was talking earlier about the system that enables recipients to have their name removed from a distribution list. Under that system, businesses can send an email to anyone, as long as people have the option to unsubscribe. That is the system implemented by the United States through the CAN-SPAM Act. The U.S. is currently generating the most spam in the world, even more than Russia and North Korea. It's also a country where email marketing is becoming less and less effective.
    When it is well done, email marketing is a goose that lays golden eggs for businesses. Seeing Canada moving backward, while the rest of the world is moving forward, is like deciding to kill the goose. That would detract from Canada's ability to compete.

[English]

    It's a good point, though, which needs to be raised, because even the old, traditional print marketing material that you receive has changed too. If you're a business now using non-recyclable material and using ink that is not properly managed and disposed of.... In fact, some businesses pride themselves on their environmental practices, from the ink to the paper, in their customer communication. I'm worried that if we retreat on some components of CASL, we'll get more garbage. In the past, it was not necessarily about the effectiveness of a piece and its rate of return but it was about the volume to get the return, and so garbage, poor quality, loss of privacy, exposure to viruses, and other things escalate, because the senders are almost bottom-trolling, as on the ocean floor, trying to grab anything they possibly can rather than using actual skills of the art.
(1150)
     Sorry, you're way over. Thank you very much. Perhaps you can come back to that.
    Mr. Baylis, you have seven minutes.
    I'd like to finish up with you, Mr. Schaper, on what we were talking about with the charities. One of the questions my colleague asked was whether it is a presumption that's hurting charities. You did mention that charities are spending money to try to adhere to it. Is that correct?
    They're spending money. They're putting human resources into it.
    They're taking their financial capital and their human capital to adhere to that—
    Yes.
    —and this was not the intention, so whether or not we call that hurting, it's certainly diverting. People don't want to give money to a charity just so they adhere to a law.
    Yes, we believe it was not the intent for this to be happening. We know that donors are always concerned that charities make the most efficient use of the dollars they—
    You gave an example about the do-not-call list, which is just a straightforward exemption. It doesn't have this ambiguity. Is that something you're looking for?
    Yes, as I said, it's in our brief that if we can get a clear exemption from the consent requirements.... Charities are following the other requirements of CASL, the unsubscribe and those things, and that's something—
    You'd like a clear exemption from what part? Do you mean the electronic messaging?
    Yes, well, it's the requirement for opt-in to be able to send out those messages.
    If I understand it right now, assuming that the CASL-type rules applied to the do-not-call list, you could theoretically call someone and say, “I'm just calling from Charity A and I want you to give me money”, no problem. But if you pick up the phone and call them and say, “I'm calling from Charity A. We're having an event for which I'm selling tickets to raise money”, then you'd have a problem? Is this the difference?
    That's where some of the grey area is. The FAQs that the CRTC has put out say that if you're sending a message to sell tickets, you may or may not....
    That lack of clarity from the CRTC, which Mr. Le Roux also touched on, is a problem.
    Yes.
    For a charity, then, can you repeat again what you're looking for exactly?
    Yes. It would be for us, and again it's very similar to what Australia has done in their law. They have the opt-in provisions, but they exempt charities from the opt-in provisions.
    The Australians exempt the opt-in?
    Yes.
    Okay.

[Translation]

    Mr. Leroux, that brings me to the issue you raised. Unless I am mistaken, you said that the vast majority of businesses were aware of the legislation, but that they did not know how to comply with it. Is that what you said?
    Yes. Companies heard about the legislation in 2014, before it came into force, because it received extensive media coverage. They even talked about a syndrome similar to the Y2K. Everyone expected to be hit with fines as of July 1 or 2. There was a wave of panic. In reality, not much happened and the syndrome faded away.
    In May 2014, the CRTC published a newsletter that outlined specific requirements that had to be met in order to be able to use the due diligence defence, as set out in subsection 33(1) of the legislation. That provision stipulates that any business that establishes that they did what was necessary to comply with the legislation is safe from penalties in case of violation. In that newsletter, the CRTC specifies that, by “necessary measures”, it means a compliance program with eight requirement categories. The problem is that the newsletter was buried deep within the CRTC's website. It took most lawyers who specialize in the area two years to discover it. Fightspam.ca, the website that explains the legislation, makes no mention of that newsletter, and neither do the CRTC's public communications.
    People know that they must comply with the legislation, but when they are told that they must have a compliance program, they wonder what that is.
    From your comments, I gather that there is some confusion.
    Many people who have appeared before us talked about the very definition of “electronic messages”. Mr. Schaper just said that even the charitable organization he represents has trouble understanding to what types of electronic messages the legislation applies and to what types it does not apply.
    Aside from volunteer organizations, other businesses are having the same difficulty. For example, Rogers' representatives told us that some emails they had to send to their clients fell under the general definition and that it would be worthwhile to take the time to clarify that definition.
    Do you agree with that?
(1155)
    I partially agree. However, I would like to make a nuance.
    There are actually two issues here, one of which was raised by Rogers. I completely agree with Rogers, and that is part of our recommendations. Subsection 6(6) of the Canadian Ant-Spam Legislation stipulates that transactional messages or personal messages—so those that are not of a commercial nature—must contain an unsubscribe mechanism. That creates a great deal of confusion and complexity for businesses, but also for consumers. They receive a transactional message for which they don't have to give their consent, the message contains an unsubscribe mechanism, but they don't understand why they can unsubscribe when they did not give their consent to begin with. They figure that, if they try to unsubscribe, the system will not work because they did not subscribe in the first place.
    That's exactly what we have been told.
    However, Mr. Osborne talked earlier about putting individual messages, so messages sent to an individual....
    We will come back to this question soon. Right now, I would like to understand the arguments we have heard.
    So you agree that the idea of including an unsubscribe option in a transactional email only creates confusion and that we should amend subsection 6(6), so that it would not apply.
    I think that subsection 6(6) could even be removed.
    It could even be removed?
    That is Rogers' recommendation, and we fully support it.
    Okay.
    You can now comment on emails sent to an individual compared with mass emails.
    This is where it's important to have a marketing perspective rather than a legal perspective. The current prevalent trend in email marketing is what is referred to as marketing automation. Those are systems that make it possible to automatically generate individual emails based on consumers' actions. If individual emails were removed from the legislation, it would be like saying that the use of marketing automation is giving businesses free rein.
    I know that I don't have much time left, but I will still ask one last question.
    I understand your point about automated systems. That said, Mr. Osborne talked about a situation where he would want to send an email not generated by a computer to someone he knows. How could the distinction be made?
    As I am not a lawyer or a legal drafter, I don't have the necessary expertise to tell you how we could do it. However, I can tell you that proving whether the email was written by an individual or generated by a machine seems very complicated to me.
    The examples Mr. Osborne provided earlier involve situations where the legislation allows a message to be sent. If I have a personal relationship with someone, I already have the right to send them a message. If I send a message to someone to offer services to their company and not to them as a consumer, the legislation already provides an exception and gives me the right to contact them.
    I have heard a number of witnesses at different meetings talk about situations where they said they did not have the right to send a message. In reality, in 80% of the mentioned cases, the legislation allows them to send messages. The issue is that the CRTC's restrictive interpretation of the legislation and the regulations makes it extremely dangerous to do so, and....
    Thank you very much, Mr. Le Roux.
    I have to stop you here. Thank you very much.

[English]

     Monsieur Jeneroux, you have five minutes.
    Is that a generous five minutes, Mr. Chair, as for Mr. Baylis? I'll take it.
    It's a quick five minutes.
     It's a quick five minutes, and I'm eating up my own time here anyway.
    I want to talk to all of you about the cost to local business. Perhaps you can give us some examples of that.
     But first of all, I would like to start with Mr. Le Roux.
    As you were talking, I was trying to visualize how Certimail works. I'm hoping you can describe it in a bit more detail. Is it adaptable to all types of businesses? Is there a particular type of industry that it works well with? I'm hoping you can briefly describe some of that for us.
(1200)

[Translation]

    We offer our services to businesses of all sizes—with up to 300 employees—in a variety of sectors. We have worked with NPOs, museums, associations, as well as with businesses in the fields of insurance, marketing, media and road transportation. This applies to any situation.
    We begin by making a presentation to the company on the CRTC's compliance requirements. We conduct an audit, which is generally done by telephone or video conference, using Skype or another similar program. We then gather all the information on the way our client operates.
    We carried out a research and development project with researchers from the Université de Montréal's Faculty of Law. We modelled the legislation and electronic means of communications, and we came up with a grid that lists about 100 compliance issues an SME could face. We review those 100 potential problems for each business, and we then provide them with a report of 20 to 30 pages, depending on the situation. We analyze the way the business operates, its processes, its systems and its policies in order to identify all compliance issues. For each issue, we provide an optimized recommendation that will help the business comply with the legislation and meet the compliance requirements, and improve the effectiveness of its email marketing in the process.
    After that, we give the company the report and support it remotely—over the telephone, by email or by video conference—in the implementation of our recommendations. We provide the company with a custom draft policy, a potential training program for its employees, as well as all the necessary records. Finally, we provide the business with certification, which has no legal value and is not sanctioned by the CRTC, but which proves that the business has a compliance program in place. That enables us to receive consumer complaints on the company's behalf and, if necessary, we can take away its certification.

[English]

     I'm sorry, but you said you provide a certification?
    Yes.
    What would be the overall cost of some of this?
    It's commercial accreditation, not legal.
    I'm sorry. I didn't hear the translation on that.
    It's commercial certification.
    It's commercial? Fair enough.
    Again, what would be the cost of your services? Do you have a standard rate? Is it determined by the type of business?

[Translation]

    We almost always use flat rates, precisely because we don't want businesses to hold off on calling us for help.
    For a one-person enterprise, a retailer, artisan, self-employed worker or freelancer, we charge $699 plus tax. For a 2-to-10 employee business, we charge $1,249 plus tax. For a business with 11 to 300 employees, the cost will vary according to the specifics of the business. We will ask them a few questions in order to come up with a customized flat rate. For those businesses, our rates vary from $3,000 to $15,000. A 300-employee business that is complex and has a lot of systems might be charged up to $15,000. That said, over the past four years, we have never charged anyone that much.

[English]

    Fair enough.
    Mr. Schaper and Mr. Osborne, do you have any examples of how much a system similar to this one would cost your clients?
    I don't have anywhere near the detailed data that Mr. Le Roux has, but I can offer a couple of examples.
    I had a client—I obviously can't name them—who wanted to dig into issues around text messaging. I can't remember what the bill was, but if memory serves, it was several thousand dollars. It may have been as high as $10,000. It wasn't a massive bill, but it wasn't nothing.
    In my own firm, we didn't spend a lot of money, but that's because I spent a lot of my time—several thousand dollars' worth of time—on our newsletter list. We are employing a guy right now on contract who's going through and updating the implied consents and so forth.
    I'll anticipate Monsieur Le Roux's comment. He's right: it's a best practice to do that anyway, because of course databases age and you should be updating those. Some of what someone might call a compliance cost is in fact a cost of maintaining a good database, but it's not negligible.
     There are companies out there offering these plug-ins at about eight bucks a user to monitor and intervene so you can't accidentally send a spam email. Eight bucks a user doesn't sound like much, but consider that your cost of Microsoft Office, depending on the package you buy, is around $12 to $25 a user. That's a significant increment on a per-user IT cost for an organization.
(1205)
     That was generous.
    Voices: Oh, oh!
    The Chair: We're going to go to Mr. Sheehan.
    You have five minutes.
    Thank you, and I'll be sharing some of my time with David as well.
    First of all, thanks for the presentations, everyone.
    Bill, I want to start with you and some of the questions and answers we've been getting around charities—and I appreciate your excellent testimony—and how the CASL may or may not affect not only the charities. A lot of charities, for example, smaller charities in Sault Ste. Marie, seem to hire people for either a small event or a small fundraising effort outside of “USH”—the universities, schools, and hospitals. If the charities are exempt, how about the people who are working to help the charities? Do you have any comments on that?
     The exemption in the regulations right now refers to messages sent by or on behalf of charities, and so our hope would be that in those cases where people are outsourcing some of that messaging, it would be the same sort of thing.
    Thanks for that clarification.
    We've been hearing a lot of testimony that Minister Bains has suspended the private right of action pending further review. Would you like to give us some comments about the private right of action from the charities' perspective?
    Again, we supported the suspension, especially knowing that the review by the committee was coming up. We thought that made a lot of sense. But when we're dealing with organizations large and small, for which the board members are members of the community who are volunteers doing this to serve their community, the prospect of personally being liable under a PRA if the organization either doesn't have assets or doesn't have sufficient assets is troubling to a lot of organizations. As I said, in the survey we did, more than half the charities were concerned. Being aware of this, they're not going to be able to recruit board members in the future because of that potential issue.
    Thank you. I'm going to pass some time to David, and if any time is left, I'll ask the others about PRA.
     Thank you, Mr. Sheehan.

[Translation]

    I only have one question and it is for Mr. Leroux.
    Regarding the administration of the plan, you referred to the CRTC. Is there a resource problem, or an attitude problem, in your opinion? We should perhaps suggest that it provide more guidance, or advertise more. With regard to the management of missent emails, what would you suggest? Is there an alternative solution?
    What we would like the CRTC to do first and foremost is clarify its interpretation of the act. We identified about a hundred compliance issues for an ordinary SME. For half of these problems, we do not know what the CRTC's interpretation would be. What we see based on the rare published cases or rare details it provides, or the conferences it holds, is that there is a systematically radical and restrictive interpretation. Everything that seems to make good sense should be permitted, authorized or managed by the CRTC. However, the positions the CRTC adopts never seem to proceed from logic or common sense; this creates a climate of fear and uncertainly which makes the compliance process more cumbersome.
    Consequently, one of our recommendations would be that the CRTC create an advisory committee comprised of representatives from marketing, compliance, and consumer representatives; in short, people who represent the various stakeholders. Their role would not be to determine the interpretation, but they could play an advisory role to the CRTC to help it to interpret the provisions well. Such a committee could accelerate the CRTC's interpretation process. It is not normal that after three years only three small rules have been explained, while all the rest are still vague and we have no idea where we are headed.
    We have another suggestion to make concerning the CRTC. Currently there is a discretionary fine model. The CRTC examines the penalty amount in light of its criteria — I won't say it tosses a coin — up to a maximum of $10 million. When an SME learns that it could be liable for a $10-million fine for missent emails, it is incredulous. The figure is so gigantic that the deterrent effect is lost. In addition, I expect that the CRTC, in order to be able to justify imposing a fine of $200,000 or $300,000, must compile quite an extensive investigation file. Since it takes a long time to do that, it processes very few files.
    We recommend that there be a guideline for the fines, including a maximum and a minimum. According to this scale, a first breach that seems to have been an error, committed in good faith, would be liable to a fine of $5,000 or $10,000, for instance. In the case of a large business, the fine for a first offence resulting from an error made in good faith would be more on the order of $50,000. For someone who reoffends, the amount would be higher. If you see that it was not an error committed in good faith, but that the company intended to break the law, then the penalty would be higher. If a scale of that type were brought in, the CRTC's burden of proof and substantiation would be lightened, and this would allow it to process more files. This would also send businesses the message that everyone must respect the law. I believe this would have a much stronger deterrent effect.
(1210)
    Thank you very much.
    Mr. Bernier, you have the floor for five minutes.
    Thank you, Mr. Chair
    My first questions will be for you, Mr. Le Roux. You wrote recently that the committee had not heard the witnesses that could really give it the perspective of small businesses on this act.
    Could you tell us more about that?
    The presentations I heard from people who spoke on behalf of small businesses were essentially from the Canadian Federation of Independent Business, the CFIB, and the Canadian Chamber of Commerce. As members of the CFIB, we receive its emails. I also heard representatives from the Retail Council of Quebec. These organizations are dinosaurs with regard to digital marketing. I apologize for saying that, but people who know me know that I am a person of integrity. The Retail Council of Quebec contributed to the fact that the retail industry fell behind in e-trade. It spent years saying that it was not important; then all of a sudden it realized that it was important and it changed its tune, but the ship had already sailed, and Quebec's retailers were already behind in all this. I regularly receive the CFIB newsletters and emails, and their electronic marketing is not effective. It must not obtain very good results. There may even be complaints regarding compliance with the law.
    These organizations do not represent reality of SMEs. We were talking about new businesses earlier, start-ups. They were created in this digital universe. In today's world, the last thing you want to do is displease a client or a potential client by sending him information that does not interest him, while letting him know that he can delete the email if he does not want it. That is harmful to its brand and reputation.
    What other organizations or witnesses should we hear to get a more accurate pulse of what is happening in the industry with regard to SMEs?
    Frankly, here is what I recommend. In fact, one of the blog posts we wrote recently had the following subtitle: “Is there a marketer in the room?” That is the role I try to play. I would say that you should talk to people who are SME email marketing specialists. There are enterprises that do a lot of work in this area. Those people will be able to tell you what really needs to be done and what the practices are.
    I hear a lot about theoretical cases and hypotheses in the testimony. The comments were abstract and theoretical. That is normal on the part of lawyers who are not marketing specialists, because this is not their trade and this is not what is expected of them. However, we have been doing email marketing for 20 years; some things work and others don't. We have data. I could show you graphs that show how 10 times fewer subscribers can generate twice as many clients. A good message sent to 1,000 people generates more sales than a moderately effective message sent to several thousand people.
    Fine.
    In your presentation, you talked about motivating SMEs to comply with the law. You speak to SMEs about your services in order to help them comply with the law. According to what you implied earlier, some companies feel that it is not worth their while to go to all that trouble, and they continue their practices because the odds of being sued are quite minimal.
    Is that really the case? Do some SMEs disregard the law because the cost of compliance is too high, because it is too complicated, or because they know that the risk of getting caught is minimal?
    What could we do to further encourage these companies to comply with the law?
(1215)
    With regard to the data, there were three studies done on SMEs in 2017. This is recent; I won't go back to 2014. We did a survey in February of about one hundred SMEs in Quebec, in all sectors. The Insurance and Investment Journal, a magazine published by the insurance industry, conducted a study involving 500 Quebec insurance companies in March. Fasken Martineau and the Direct Marketing Association of Canada surveyed 200 or 300 Canadian enterprises. If you extrapolate the data collected from these surveys, they show that between 5% and 15% of Canadian businesses may be in compliance with CRTC requirements. That means that 85% to 95% of businesses absolutely do not comply with the law at this time.
    As to motivation, the issue is that in Quebec, there is only one organization that talks about compliance programs, and that is Certimail. The CRTC has never come to Quebec to talk about compliance programs. Mr. Harroun told you that he was very proud to have raised the awareness of 1,200 businesses during his conference tour in Toronto this spring. The Insurance and Investment Journal contacted the CRTC in the spring to invite one of the members of Mr. Harroun's team to do a presentation on Canada's Anti-Spam Act at an insurance industry seminar. The CRTC only responded in September, and declined the invitation. The seminar was cancelled. Four hundred enterprises were going to participate. Those 400 enterprises still have not been given the information.
    So, in order to ensure that businesses are complying with the act, we should abolish the act.
    Voices: Oh, oh!
    That would work with the highway traffic act as well. Oh, oh!
    Thank you.
    Mr. Jowhari now has the floor.
    You have five minutes.

[English]

     Thank you, Mr. Chair, and hopefully it's a generous five minutes as well.
    Mr. Le Roux, I'm going to start with you and ask for some clarifying data, and then I'm going to move to Mr. Osborne and ask for some specific recommendations.
    The focus is going to remain on the small business. By way of preamble, I'd like to give you the makeup of my riding, the riding of Richmond Hill. Based on 2011 data, we have roughly 8,000 small businesses. Eighty per cent of those are small businesses that have between one and four employees. Another 10% have between five and 10 employees. They use digital marketing to communicate either with their customers or with other small businesses.
    I'll start with Mr. Le Roux.
    You mentioned that the cost for small businesses with one or two employees is about $699, and for those with between two and 10 it's about $1,294. This is the cost that your company charges, or that the small business incurs, to be able to understand how to be compliant with CASL. Is that correct?

[Translation]

    In fact, the goal is to have them comply with the law. At the end of the process, they have completed their compliance program; they have the documents required by the CRTC.

[English]

     Exactly. This is where I wanted to go.
     Question number one: this cost is a one-time cost and applies for a certain period of time—true or false?

[Translation]

    It is a one-time cost. You only pay the fee once.

[English]

    Great.

[Translation]

    Our certification is valid for one year, however. We provide one year of support and regulatory monitoring.

[English]

    Perfect.

[Translation]

    The following year, if they want to renew their certification, it will cost them between $100 and $300 a year.

[English]

    Thank you.
    I want to now move to the businesses. For businesses, based on the assessments you've done, what type of human capital and cost do they have to incur to maintain their compliance with CASL on an ongoing basis? Do they have to hire one person? Is it 0.5 FTE? Is it a dollar per transaction? Do you have any data?
(1220)

[Translation]

    This is done through automated systems nowadays, most of which are free for small business. If you have a 50,000 client data base, there will be costs, but it will generally cost between $100 and $300 a month, and if you have 50,000 clients in your data base, that is not a problem.
    I thank you for the question on the solutions that make this easy to manage, because I wanted to raise that topic.
    There are technological solutions designed in Canada that help companies comply with CRTC requirements. There aren't enough of them, because the CRTC does not communicate enough, but there are some. Most of these solutions offer free versions to very small businesses. So there really aren't additional labour costs or any other costs.

[English]

    Great.
    I want to go quickly now to the challenges. Based on all the work you've done so far to help small businesses comply, what were the top two or three challenges those companies faced in implementing and complying with CASL?

[Translation]

    As I said earlier, the CRTC's lack of clarity as to the interpretation of the act forces us to impose excessive measures on companies so that they comply with the law, but they have to be ready for anything. That is a big problem.
    Another problem involves the synchronization of consents. Earlier there was a debate about individual emails and group emails. Currently, when someone unsubscribes from a newsletter, the CRTC considers that that individual has unsubscribed from the entire company. That means that an employee can no longer send an Outlook email to that person because he unsubscribed from the newsletter. The fact that the withdrawal of consent applies to the entire company is a problem.
    Consequently, we ask that the request for consent and the withdrawal of consent be circumscribed. The withdrawal of consent should be limited to the consent request.

[English]

    Would the technical solution that you're talking about help with that?

[Translation]

    The problem is that the CRTC asks us to go beyond the technology and see to it that two unrelated technologies communicate. It can be done, but it is complicated, because the CRTC did not inform the tech businesses about this, and so they did not think to manage that aspect.

[English]

    Thank you.
    I want to move to Mr. Osborne.
     We've heard the good, the bad, and the ugly, so now I want some recommendations. Perhaps you can give me two or three recommendations in any of the areas—specifically on small businesses, specifically on the cost side, and specifically on compliance—so that we can make it easier for businesses. What would be your recommendation? What should change in CASL to make it easier for businesses to comply?
    Assuming you're not with me on moving from opt-in to opt-out—I suspect that ship has sailed—what I'd suggest is this.
     Number one, find a better way of carving out those one-off emails that are written by a real person.
     Monsieur Le Roux was right that there are often exemptions that we can rely on, but there are uncertainties around them. For example, if you read the definition of “personal relationship”, it's a nightmare. It's just impossible. I have no idea what it means, and I'm a lawyer with nearly 20 years' experience.
    So the first one is to exclude one-off emails.
    Correct.
     What's the second one?
    I don't mean the automated ones that Monsieur Le Roux was talking about but real one-off emails. The second one is to clean up the definitions. There is a lot of discussion around subsection 6(6) of the law. Here's the problem. You have a definition of a commercial electronic message that's basically—
    That's fine. Good. Clean up the definition in subsection 6(6). We'll go back, because you already touched on that.
    What's the third one?
    The third one.... Sorry, I lost my train of thought.
    I have only a little time, and I want to be very focused on—
    You have no time left.
    I've no time left. That wasn't a generous five minutes. No, I'm joking.
    Thank you very much, but if you could submit a number of recommendations to the clerk, we would really appreciate it.
    Thank you, sir.
    Thank you, Chair.
    You're good? We can take over now? All right, great.
    That brings us to the conclusion of our testimony today. I'd like to thank our witnesses for presenting today. Again, we've had another great session of Q and A. I think we leave this with a lot of stuff to consider.
    We are going to suspend for a couple of minutes. Everybody will leave the room and then we're going to come back in camera and discuss some committee business.
    Thank you.
    Merci beaucoup.
    [Proceedings continue in camera]
Publication Explorer
Publication Explorer
ParlVU