regs to riches

Share this post

🏰 CASLs in the sky

www.regs2riches.com

🏰 CASLs in the sky

🇨🇦's 1 simple trick we forgot about

Vass Bednar
Jan 28
11
Share this post

🏰 CASLs in the sky

www.regs2riches.com
Twitter avatar for @jzux
trash jones @jzux
me on january 1: this year is gonna be all about balance me on january 17: maybe if i drink enough coffee i’ll just burst into flames
3:39 PM ∙ Jan 17, 2023
17,566Likes3,056Retweets
Twitter avatar for @bradapalooza
⚜️bradley⚜️ @bradapalooza
First of all DO NOT address me as “Honey” if you’re coming to tell me you just SHRUNK the damn KIDS.
5:34 PM ∙ Jan 12, 2023
63,858Likes6,494Retweets
Twitter avatar for @BigMeanInternet
Malcolm Harris @BigMeanInternet
Hearing good things about this "talking about ideas" activity, gonna look into it more
Image
Image
5:27 PM ∙ Jan 18, 2023
2,140Likes259Retweets

Canada is in the process of reconsidering federal private sector privacy legislation (Bill C-27) and we are also thinking big thoughts about what it means for citizens (“consumers”) to engage in an increasingly digital economy. With weak consumer protection advocacy in the country, progress has been slow (and steady?). 

I’ve written a lot about the work that people need to do to navigate the norms of the internet - we deal with opaque algorithmic pricing, dark patterns that trick us into subscribing and make it difficult to cancel, ‘personalised’ ads we don’t particularly care for, and self-preferencing in online search that isn’t disclosed. There’s probably more that we could do to reduce murkiness in our online lives, like basic labelling of private labels and ‘flanker’ brands. I digress!

It could be that we already have the POWER to *do more,* but have failed to make use of this potential.

In considering what policy people could do to improve our online experiences and give more power back to people, Canada has a strong and simple precedent that we could remix. It’s Canada’s Anti-Spam Legislation (CASL) and it was created in 2014 (the same year that the Apple Watch launched). What I like about CASL is how it balances appropriate consent for receiving commercial electronic messages (CEMs) with the ability to engage with a firm even if you don’t feel like getting electronic communications from them. 

The provisions in CASL basically state that organisations can’t make your consent to their electronic mailing list for marketing a condition of supplying you with their product or service. The legislation is intended to control spam (“unsolicited CEMs”). CEMs are defined as any “electronic messages” - emails, text messages, direct social media messages - that encourage participation in a “commercial activity.” 

In addition to anti-spam provisions, CASL includes provisions to combat: 

  • the unauthorised alteration of transmission data;  ❌

  • the installation of computer programs without consent; ❌

  • false or misleading electronic representations (including websites); ❌

  • the harvesting of addresses (collective and/or using email or other electronic addresses without permission); and ❌

  • the collection of personal information by accessing a computer system or electronic device illegally. ❌

Stretching the intention of CASL - “protecting consumers and businesses from the misuse of digital technology” could significantly enhance consumer protection in online environments by introducing new power for people. The simple ability to say: no, thanks. 

This would mean that, among other things, you could:

  • search without self-preferencing algorithms dictating the order of what you see;  ✔️

  • see prices that aren’t tailored to ‘you;’ ✔️

  • access discounts through loyalty program apps without trading your privacy; and ✔️

  • return to an online store you’ve shopped at without seeing ‘special’ offers based on your browsing or purchase history. ✔️

If the vibe of CASL is a part of our heritage, are we reluctant to use it elsewhere or ready to rumble?

🏰 Turns out, the rule to not require consent as a condition of service ALREADY EXISTS under PIPEDA. So this is an implementation failure, not a design gap - we simply don’t enforce it. As we build CASLs in the sky we need to get serious about how we are going to fund the enforcement of these ambitious laws. Plus, until now, we have not had penalties that were meaningful, so they couldn’t serve a deterrent function. 

Plus, in C-27 (An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts) AKA the Digital Charter Implementation Act, in Section 15 (which is about consent), the proposed legislation clarifies that “an organisation must obtain an individual’s valid consent for the collection, use or disclosure of the individual’s personal information.” Subsection 15(7) (“Consent - provision of a product or service), clarifies that “The organisation must not, as a condition of the provision of a product or service, require an individual to consent to the collection, use or disclosure of their personal information beyond what is necessary to provide the product or service.”

🔎 Let’s zoom in on this language: “beyond what is necessary.” Who decides what is “necessary”?

In the Privacy Commissioner’s investigation into the complaint filed by the CIPPIC against Facebook from 2009, it was found that consent was necessary. Elizabeth Denham, the then Assistant Privacy Commissioner of Canada, “determined that Facebook did not have adequate safeguards in place to prevent unauthorised access by application developers to users’ personal information, and furthermore was not doing enough to ensure that meaningful consent was obtained from individuals for the disclosure of their personal information to application developers.”

Twitter avatar for @jason_kint
Jason Kint @jason_kint
Digging through a court filing in a Meta (Facebook+Instagram+WhatsApp) antitrust lawsuit. Pretty compelling chart to make the point.
Image
11:59 PM ∙ Jan 11, 2023
37Likes21Retweets

But there is a troubling aspect in Denham’s report from ~thirteen years ago. One wonders whether Ms. Denham still shares this view, given her more recent experience dealing with Facebook when she was the UK’s Privacy Commissioner (2016-2021). Here it is: 

131. Facebook has a different business model from organizations we have looked at to date. The site is free to users but not to Facebook, which needs the revenues from advertising in order to provide the service. From that perspective, advertising is essential to the provision of the service, and persons who wish to use the service must be willing to receive a certain amount of advertising.

Canada has a strong precedent for establishing express consent online in CASL and seems ready to extend that to consumers in a range of digital solutions through C-27. We should be able to use an online product or service without consenting to supplementary messaging, special offers, tailored or dynamic pricing and other forced trade-offs that compromise our online experiences. I hope that as the legislation is reviewed, we can obtain the meaningful consent of Canadians to expand (and actually enforce) this principle. 🤞

Leave a comment


☁️ I was thinking we could build a publicly-owned Cloud before it’s too late.

Twitter avatar for @nationalpost
National Post @nationalpost
Vass Bednar: Why Canada needs a publicly owned cloud
financialpost.comVass Bednar: Why Canada needs a publicly owned cloudBig Tech companies have become our data landlords. Find out more.
6:11 PM ∙ Jan 17, 2023
4Likes3Retweets

🎙️ And after all this time, I’m not a broken record (!). For real, I brought new material to the table in this very fun chat with David.

Twitter avatar for @David_Moscrop
David Moscrop: Subscribe to my Substack. It’s fun! @David_Moscrop
On the latest episode of Open to Debate, I talk with @VassB about the state of competition in Canada.
podcasts.apple.com‎Open to Debate with David Moscrop: Will the Canadian marketplace ever be competitive? on Apple Podcasts‎Show Open to Debate with David Moscrop, Ep Will the Canadian marketplace ever be competitive? - Jan 24, 2023
12:18 AM ∙ Jan 27, 2023
2Likes1Retweet

🎶 I wanted to add this song but I can’t stop listening to the new U.S. Girls.

Share this post

🏰 CASLs in the sky

www.regs2riches.com
Previous
Next
Comments
TopNewCommunity

No posts

Ready for more?

Š 2023 Vass Bednar
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing