To avoid over-regulation, it is always important to consider the aims of specific legislation first, so you can later evaluate whether the legislation is efficient, i.e. fulfills its purpose, or not.

Because we know the final regulations of CASL now, it is a good time to analyse them with reference to the aims of the legislation.

What are the aims of CASL?

1. We have a look of the name of the act and find:
“…promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities…”
(source: http://laws-lois.justice.gc.ca/eng/acts/E-1.6/page-1.html)

2. We look at the explanatory note of the government:
“To bring into force legislation that is intended to deter spam and other damaging and deceptive electronic threats such as identity theft, phishing and spyware from occurring in Canada and to help drive spammers out of Canada, in a way that phases in the violations and enforcement mechanisms over a three year period.”
(source: http://fightspam.gc.ca/eic/site/030.nsf/eng/00270.html)

What are the results to be expected of CASL?

Let’s start with the second citation: “damaging and deceptive threats such as identity theft, phishing, spyware…..”
In my opinion, this aim is totally redundant, because these classic spam activities are already criminal acts which would be prosecuted under the already existing laws anyway.

“…to deter spam …” – here comes the big question: What else is spam (besides these obviously spammy activities mentioned above)?
Is it spam:
– if a business sends an email to potential business partners, whom it does not know yet?
– if a business sends emails to potential customers without an easy opportunity to opt out?
– if a business sends emails to potential customers with an opt-out-link?
CASL says, this all is spam.
Is it spam:
– if a charity sends emails to potential donors with an opt-out-link?
– if a political candidate asking for donations or votes sends emails to potential donators?
CASL says, these both are not spam.

But, these questions are also answered differently by many countries and also by many people. Some say
it depends on the consent (opt-in) of the recipient, others say
it depends if the sender offers an opt-out-link, and others say
it depends who the sender is (e.g. a business, a charity, or a political organisation)

Insofar as the aim of CASL is not clear, in my opinion, it is impossible to make one final decision which suits everybody. But the good thing is: This one final overall decision is not needed because the “invisible hand of the market”, to put it as Adam Smith would, solves this problem already!

All major email providers have spam filters and will direct emails, which are unwanted by the consumer, to the spam folder anyway . And each consumer can even decide on his/her own if he or she wants a stricter or a not-so-strict spam filter. So obviously, there are already measures at the individual level which prevent spam. This seems to me much more efficient than a regulator’s rule, which aims to fit everybody’s needs.

Especially, as a too-restrictive regulation has a negative influence on businesses (international competitiveness and cost structure). For example, if you enforce a double-opt-in vs. a single-opt-in, costs for subscribers approximately double.

Conclusion: CASL – a regulative measure which nobody needs

My conclusion is: CASL is not needed. The really bad spam (phishing, nigeria connection, etc.) is illegal anyway, because it is fraud.
For anything else, it is really hard to get a common understanding of spam which suits everybody and does not have too-negative results for the competitiveness of businesses. But it is also not needed because this task is already fulfilled by spam filters of mail providers and email software.
And this already existing fulfillment is much better than the regulator can ever do, because it defines spam as each person needs it.