In Canada, anyone who sends a commercial electronic message to another person must, among other things, have the consent of the recipient before hitting send. This consent feature of our anti-spam law makes Canada’s attempts to regulate spam quite different from other countries' (notably, the United States' efforts). In the U.S., a message can be sent without consent, so long as other characteristics are included in the message — like a working unsubscribe mechanism.
I think it’s telling that our lawmakers placed such an importance on consent for email marketing. Especially considering that our other private sector privacy laws do not emphasize the need for consent to the same extent. And, I think it’s particularly noteworthy after having read the privacy commissioner’s discussion paper on the role that consent should have in our attempts to protect privacy.
For example, one of the issues the commissioner’s paper raises is whether or not Canada should adopt a more European approach and say that organizations can process personal information so long as it’s in pursuit of a legitimate objective. Maybe we should forget about consent all together and just weigh whether or not an organization has a legitimate reason for collecting, using and disclosing personal information. I guess I have to think about it more, but it sounds like a slippery slope to me.
For sure, we live in a world where obtaining meaningful consent is not always practical. But, are we prepared to turn 180 degrees from where we were when drafting CASL, which is just about email, frankly, and which I would argue is a bit less important than some of the other privacy issues out there? What do you think? Would love to hear your thoughts on the topic!
If you want to comment on this post, you need to login.