OTTAWA-GATINEAU – Spam, spam, spam, and deceptive toggling strategies used to be a wonderfully effective combination for businesses to flood unsuspecting consumers with their ads, but not anymore warns the CRTC. It issued two bulletins today (Guidelines on the interpretation of the Electronic Commerce Protection Regulations) and (Guidelines on the use of toggling to obtaining consent) that detail how the use of deceptive “toggling strategies” will be banned. Toggling strategies describe the deceptive practice of sending consumers a consent form that has a check-mark already ticked that confirms the recipient agrees to receive communications unless they uncheck it.
Going forward, for a business to obtain expressed consent from a person it must obtain a “positive or explicit indication of consent” and express consent “cannot be obtained through opt-out consent mechanisms” says the CRTC.
The bulletins outline how businesses must get consumers to physically approve receiving their commercial messages on PCs, tablets and smart phones or they will be considered illegal spam. The guidelines have been released so businesses have sufficient time to comply with the implementation of Canada's anti-spam legislation, and more guidelines will follow. The CRTC expects the legislation to come into force in 2013.
"We are committed to protecting Canadians from the harm caused by spam and other electronic threats," said Andrea Rosen, the CRTC's Chief Compliance and Enforcement Officer. "Canadian businesses, both large and small, are strongly encouraged to familiarize themselves with the law, the regulations and the information bulletins. Even though the law is not yet in force, businesses should start preparing now by updating their practices and developing compliance procedures."
Canada's anti-spam legislation received royal assent on December 15, 2010. The goal of the law is to protect Canadians from spam, malware, including phishing and spyware, and other electronic threats.
The CRTC will be one of three government agencies responsible for enforcing the law once it comes into force, along with the Office of the Privacy Commissioner and the Competition Bureau. The CRTC will have primary enforcement responsibility and will be able to investigate, take action and set monetary penalties against those who violate the law by sending unwanted spam, installing malware and altering transmission data. These activities, among others, will promote trust and confidence in the electronic marketplace.
