Those of us who work for charities are probably as accustomed as anyone to getting unsolicited emails asking for funding or other support. Even in the occasional cases where these requests are genuine, rather than scams or trickery, the sender often hasn’t taken the time to even check if what’s being sought is within the charity’s purview (thus the email in most cases ends up in the recycle bin). And charities are as subject as everyone else to computer viruses, malignant software and malware.
So undoubtedly lots of people in the charitable sector – and many charities themselves – welcome federal government efforts to crack down on unwanted electronic messages.
The mechanism chosen by the government to deal with such messages and other troublesome computer communications is Bill 28 – also known as the anti-spam legislation – and the general thrust of its provisions is to prohibit commercial electronic contact with individuals or entities with which the sender does not have an existing relationship or prior consent.
The legislation, however, is problematic for charities and non-profit organizations. Specifically, it creates grey areas with respect to certain activities undertaken by charities and non-profit organizations. For those communications that it covers, it also imposes a higher obligation to gain consent to be contacted than was generally the norm under past privacy legislation. Engaging in or permitting breaches of the legislation can result in heavy sanctions.
Included in the provisions is the following definition of “commercial activity”:
‘commercial activity’ means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit….
Leaving aside a limited number of narrow exemptions that are spelled out in the statute and in regulations, the requirement that there need not be an expectation of profit potentially brings a host of activities undertaken by charities and/or non-profit organizations, particularly revenue-generating initiatives, within the ambit of the legislation. The extent to which it might also apply to activities not considered revenue-generating ones is unclear.
The legislation does carve out certain exceptions, one of which focuses on an existing membership, donor or volunteer relationship, as the basis for allowing communications. To trigger the exemption the membership, donor or volunteer relationship must have occurred within a two-year period immediately prior to the message being sent.
Unlike the Personal Information Protection and Electronic Documents Act (PIPEDA), which draws a distinction between personal and business information, the new statute does not distinguish between personal and business contexts. There is, however, an exception for commercial electronic messages “sent to a person who is engaged in a commercial activity and consists solely of an inquiry or application related to that activity”.
This suggests that work-related communications are permissible, and depending on how “commercial” is interpreted could arguably cover contacts concerning the operational matters of a charity or non-profit organization. This potentially provides a safe harbour if the work a charity and/ or non-profit organization undertakes is considered under the regulatory regime to be commercial.
Notwithstanding these carve outs, charities and non-profit organization face tremendous uncertainty as to what messages they send will be subject to scrutiny. That means that to avoid potential non-compliance, groups will have to seek consent for those communications.
Like PIPEDA, the regulatory regime makes use of the concepts of express or implied consent. But while in many cases under PIPEDA, reliance could be made on implied (passive) consent, the new law contemplates only limited use of implied consent and the expectation is that express (requiring a positive action by the consentee) consent will often need to be obtained if the communication is subject to the legislation. A transition period is provided and is intended to allow time for express consents to be collected.
Even where it is possible to obtain consent, charities’ administrative costs and the burden of doing so is likely to be significant. And it is particularly ironic to impose this additional obligation when many charities are moving toward electronic transactions as a way to reduce office supply and clerical costs.
In cases of non-compliance, the legislation features measures that potentially make charities and non-profit organizations liable to significant monetary and other penalties if they engage in or are associated with illegal communications. Specifically, the provisions contemplate liability for those that “permit” as well as those that send false or misleading electronic messages or telemarketing. The contemplated sanctions are heavy, and non-compliant persons or entities could face penalties in the six- or seven-figure range.
Although the legislation does provide for due diligence and other common law defences, it is uncertain under what circumstances they will apply.
Given the severity of potential penalties under the legislation, risk management may lead some charities and non-profits to take steps – such as, implementing costly measures to obtain consent from those it is planning to send messages to, or eliminating some of their “cold call” communication vehicles – to reduce their possible exposure to sanctions. This is even though, owing to the vagueness of the provisions, they may be addressing behaviour that is not actually covered by the legislation.
It is possible under the legislation to exempt categories or types of messages. Section 6(5)(c) provides exceptions from aspects of the regulatory regime for any commercial electronic message “that is of a class, or is sent in circumstances, specified in the regulations” and Section 6(6)(g) provides a similar exception if the message “communicates for a purpose specified in the regulations”.
It should be noted, however, that a Section 6(5)(c) or 6(6)(g) exception through regulations could be taken as implicitly characterising the activity as commercial. Charities and/or non-profit organization may prefer to take the position that their messages are not commercial in nature.
The Regulatory Impact Analysis Statement released with the draft Regulations also suggests the possibility of the federal government “exploring the use of interpretational guidelines and other guidance material to provide clarity where appropriate”.
Though not binding at law, such guidelines could provide greater clarity as to what activities are within the scope of the legislation and thereby reduce the administrative burden on charities and non-profit organizations without the need for the sector to concede that these communications qualify as “commercial electronic messages”.
Whatever the outcome, let’s hope that a solution can be found that is less wasteful in time and money than the problems it is designed to eliminate.