Slashdot Mirror
Canadian Privacy Law v. E-Mail Harvesting
sbowles writes "Canada's Privacy Commisioner has ruled that a business e-mail address is personal information protected under the federal privacy legislation (PIPEDA). Law professor Michael Geist (a leading e-commerce and privacy law expert) received an unsolicited request to buy seasons tickets from the local football team. His e-mail address had been harvested from a University website. The ruling indicated that 'You are allowed to collect and use publicly available information, but the use has to be directly related to the purpose for which the information appears in a directory or notice.'"
Support Celiac Disease Research
...to send email to.
Great so can I post my email address for the purpose of having potential vendors contact me with the stipulation that they must also pay me royalties for the use of my address?
Could this be SPAM where the spammer pays you.
Oh Canada oh Canada, why can't we have ye common sense in USA?
No, it's to have pertinent sent to. My email address appears above this post -- if you want to discuss it with me, fine, if you want to attempt to sell me V1AGRA, then kindly fuck off.
My phone number's in the book, that doesn't mean I want you to ring me and see if I'm interested in double glazing.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Too bad canadian law only applies in Canada...
I should be able to post my email on the net without fear of some shameless spammer harvesting it. I finnaly posted my personal address on just a few forums and now I receive at least 50 spam a day. I never consented for it to be mailed to (use a hotmail account for web sign-ins) so only a damn bot could have gotten it.
I know I shouldn't take the bait, but...
So you won't mind if I send tons of unwanted email to you and swamp you with spam on AIM and MSN? You have both your email address and your AIM/MSN usernames available for everyone to see (on your livejournal profile), after all...
quidquid latine dictum sit altum videtur.
So, it appears that Canada again is the first one who has made a reasonable* approach to fight against spamming?
*Reasonable from a legal POW, none that it would change anything.
I tried using a new hotmail account to get rid of spam...didn't work.
Here is the professors university home page , from where i guess the email id was harvested. Looks like the spammers should have read his biography and field of speciallization before having sent that mail :-)
He even hosts this site regarding privacy issues
I could have seen much further had it not been for the giants standing on my shoulders
My wife does consulting and sometimes she contacts sites (partner@somesite.com) to explore possible partnerships. Well, it has happened now twice that she was reported as a spammer. The first time, our ISP (city-run cable company) immediately disconnected us with no explanation. When I finally contacted them, they were unapologetic and threatening at first. Needless to say, we switched ISPs.
The bottom line is, I hate spam, too, but sometimes people are far too trigger happy to report legitimate business inquiries as spam.
Canada becomes a more appealing place to move to. The fact there is an actual government post to protect citizens' privacy... it boggles my American mind. Someone actually tries to protect privacy, and they work for the government?
I think this makes an excellent assertion that placing an email in a specific location should limit it to the purpose it was placed there for. If I own a business and provide customers and interested parties with contact info on the company webpage, that address should not be spammed with penis growth ads and I should be legally entitled to damages for having to install spam filters and pay admins to further maintain them.
No penguins were harmed in the making of this post.
Au contraire; Canadian privacy laws have actually helped businesses, as individuals (customers, etc) are able to trust that their personal data is safe and proceed to do business. This was even discussed on /. a while back; I'll try to see if I can find the sources later on.
People say I'm crazy, I got diamonds on the soles of my shoes...
If you don't want to deal with it, don't put it out in the first place.
"Hi! My name's Bernard. I'd give you out my e-mail, but i can't give it out in public. Please contact me in person or send me a post card to the following PO Box, so i can answer you back. Good day!"
Moral of the story: e-mail was meant for private communication, not for marketing purposes. Allowing spammers to harvest e-mail, is going against the very reason why e-mail was invented.
There is a law suit between Canada's two major airlines. Air Canada alleges that Westjet harvested flight information from its web site. They are also arguing that, although the information was publicly available, the way it was harvested amounted to a misuse.
l
It's a little more complex than that but the two cases sound similar. Also, as far as I know, the Privacy Commissioner doesn't have the powers of a judge. Having said that, I wonder if the e-mail case has revealed something about Canadian law that will be important in the Westjet case.
news.airwise.com/stories/2004/12/1103829066.htm
There are several places where you HAVE TO send your e-mail address and some government organizations put this information on the web. At least in Hungary: E.g. If You are a lawyer, you'll get into the index of lawyers and you have to send personal/business related information to the government, e.g. your e-mail address.
The government publishes Your e-mail address WITH THE GOAL that someone can CLEARLY IDENTIFY valid lawyers in the state.
You, and the spammers are not allowed to use this data except from the previously mentioned goal.
So how to avoid spams if you have to enter valid information into such mandatory database?
No, because the business is giving you the e-mail address, it is still their property. They cannot monitor you personal (home) e-mail at your home, but it is debatable as to whether or not the can monitor it if you check your home e-mail at work (provision of bandwidth purchased by company making it their e-mail because you used their bandwidth). when in doubt, leave home stuff at home, don't use work address for personal e-mail...
I mean it's all well and good to have LAWS that Protect PEOPLE, but that's lesbo potsmoking terrorist homosexual communism. And that's what we're fighting against, isn't it people? Or do you HATE freedomlibertylibertyfreedomfreedom and Jesus?
Now get in line and leave your luggage on the platform. You're only being relocated to the east.
> It's a public domain, anyone who chooses to can contact you wether or not it's against the law.
Sorry buddy, thats exactly what the law is against. You have a certain amount of privacy, including your information.
>If you don't want to deal with it, don't put it out in the first place.
OR can you make a law so you can put it out there. Some laws protect corporations more, some laws protect individuals more. This falls into the later.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Completely agree. Common sense has to enter the equation at some point. Email is obviously a very useful tool for allowing customers or potential customers to contact your business.
But the use of that tool shouldn't open you up to having to sort through thousands of mass-mailed advertisements that you could care less about.
Armchairgenius.com - Where everyone is a genius.
And we'd like to keep it that way. But with the US making laws that say any of our data passing through a US company is subject to the conditions of PATRIOT act.
I'd like to see India or some other location which routinely handles US data decree those US citizens whose data passes through are subjected to local laws. That kind of extra-teritorial grab bugs me.
Here's hoping we keep a sane climate on privacy here in Canada and the rest of the world.
Lost at C:>. Found at C.
Like the American version with bigger fields, less downs, and players slightly less talented.
Hungarian regulation is similar to the one in Canada. E-mail address is personal information if You can bind the information to a specific person (e.g. info@something might not be a personal information, but rocco.s@private is a personal information)
In Hungary, You are not allowed to deal with personal data (store, collect, sell, use, anything) except with the prior permission of the owner.
If somebody violates the law, you can push it to the Ombudsman ("Parliamentary Commissioner for Data Protection and Freedom of Information"), who has right to do much, like personally check the workflow of the violator, but generally he just sends a letter to the violator to stop storing my email address. He generally does not say to stop collecting ANY email address and to destroy all the database collected.
The other problem is with law enforcment. Beside the Ombudsman you can go to the court to enforce the law and stop the violator. You won't reach to much, the court will say: you are not allowed to that, please stop it, it won't set a fine or something. The only thing you can reach is that the violator will pay the bill (price) of the court, e.g $300. But if it happens once, tha violator can fear the people of setting thousands of cases at the court and thus getting thousand times the cost of $300... In Hungary a typical court case takes 2-3 years (!)...
The only problem with all that stuff, that it DOES NOT WORK.
There was not a single case of spamming / e-mail address harvesting at the hungarian courts, and the legislation was introduced for about 3 year!
Not a single lawyer got enought courage to do something (pro-bono) for such a important goal as privacy...
So, good luck in other countries.
>Common sense has to enter the equation at some point
I think thats what the law is about. If I don't want it, leave me alone.
Just because you think that I may be a customer doesn't mean that you have the right to disrupt me.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Hi, I saw your name on Unversity of YYY's website and would like to know more about the law degree program there.
On a side note, would you like to buy some football tickets?
Thanks!
60 percent of the time, my comments are right everytime.
~on the good professor's side~
:) If it's that important to me that the red button remain unpushed, I won't put it in reach of the toddler.
Spam is evil. I hate receiving it and hate to be pestered for stuff I never wanted in the first place. This professor may have no interest in football and I respect the fact that he did not only not want to buy season tickets, he didn't want to have to turn down the offer TWICE. There are plenty of offers I have to turn down that I wish had never happened, most of them by email and crude or gross or annoying. I maintain my email account, however, because it is worth the price I pay in inconvenient SPAM.
~to these red-blooded football players' defense~
They are university affiliates, after all. Would the professor rather they stop by his office in person or stop him in the hallway? But seriously...the effort required to sidestep spam (click it into your junk box) is actually far slighter than the effort required to sidestep a solicitor's phone call or turn away a caller in the flesh. If a salesman is going to bug me, please let him (oh, please) send me an email instead of telephoning me at home!
There are folks in the world who do not want to be contacted at all, and they are entitled to have unlisted phone numbers (or no phone), never check email, never answer the doorbell, employ secretaries and security to interface between them and the world, perhaps wear a disguise every time they go outside. Celebrities have to resort to these measures; so do CEOs, public officials, jurors, and recluse writers like Thomas Pynchon. The rest of us, however, want a more moderate balance between privacy and availability to those who need to contact us. I suggest that the price of posting a public email address is that it will be used.
I'm all in favor of posting polite messages along with the email address like "please contact me only on business relating to ___" and robot-defeating formats like "me-AT-domain-dot-com" but legal action ought to be reserved for the flagrant abuse, not intra-mural etiquette breaches. Otherwise it's a bit like making a big, beautiful red button, showing it to a two-year-old, and saying "Don't press this or you'll be spanked!" (Sorry, any spammers out there reading this who take umbrage at the comparison to two-year-olds!
If the professor really wants people at the university not directly connected to his affairs not to contact him, he shouldn't give them his email address. The web is a very public place.
This kind of anti-corporate behavior reflects poorly on the entire country
This behaviour isn't anti-corporate. It's pro-corporate. What happens when Amazon decides that the purpose of their listings is only to buy stuff from Amazon, and that all other uses of that scraped information is illegal? Allowing spam harvesters is IMO a small price to pay for the rest of us being allowed to use the contents of websites for purposes unintended by their owners.
Peter
Too bad canadian law only applies in Canada...
... um, everywhere.
As opposed to US law which applies
I think Monty Python put it well: "I favor a tax on all foreigners living abroad."
-kgj
-kgj
Found this amusing rant on the nature of Canada recently.
. html
http://kfmonkey.blogspot.com/2005/02/oh-oh-canada
This is what defines Canada's virtue to me. Canada does not convert. Canada heals. Canada leads. First among the nations, creating the Peacekeepers. Pushing the Land Mine ban. Still not perfect, but doing their best at reconciling issues with the aboriginal peoples even as other nations such as Australia choke on their responsibility. Allowing Quebec its poetic, myopic thrashings. I'm always a little dismayed at native Canadians who whinny about Canada's missing identity. I, as an adopted son, know damn well what Canada is. "Come, have a pint, I don't mind your odd accent -- mine's a bit dodgy too. Your business is your business, we can all be friends as long as you buy the next round."
Most of the states hate us, half of the population of Ontartio is here right now anyway. The RV parks fly both US and Canadien flags in the winter. For the love of god...make us Canada's official tropical vacation! I love the laws, hate the cold.
You squeal "privacy!" as if it's a dirty word, yet you hide behind an anonymous account...
And tomorrow the stock exchange will be the human race
The nasty bots are still quite capable of understanding NO and SPAM, so it's more effective to have some other armoring, like my old favorite: "blahdeblah@dirty.balls.org, castrate to email (remove the .balls)"
-mkb
Is your phone number in the phone book? Great! Then you won't mind if I phone you 300 times a day to sell you penis enlargement pills.
You shouldn't have to hide information that is useful for others to legitimately contact you so that it won't be abused by advertisers and sleazy marketers.
As usual, the Canadians are way ahead of America in this democracy experiment. The "directly related" and "right to reproduce personal info" factors of these controls are essential. The really effective legal construct is to apply copyright to personal info: the personal info is sent to a recipient to complete a specific transaction. The copyright is not transferred, and the copy itself is permitted to be retained only for the duration of the transaction, which expires in a short time appropriate to that kind of transcation. No further copying is permitted. Canada's privacy laws are already consistent with that application of copyright to info other than corporate media and software. If Canada can put copyright teeth into these privacy laws, we could harness all the corporate copyright agression to protect humans as much as we protect corporations. And maybe they'd even be a good influence on these United States - which badly needs it.
--
make install -not war
Here it is: old slashdot story
People say I'm crazy, I got diamonds on the soles of my shoes...
One of those countries is Italy (where I am from), and italian law has worked well (since September 2003) so far to deter spammers. Fines go up to 90.000 Euro or 3 years of jail.
It's only a pity that *all* the spam I get origins in the USA (sent through various open relays scattered around the world), is in english language and targetted to US-citizens. So there's no way for me to get one of those mortgages... :-(
ms
I just happen to be researching and writing something on PIPEDA...it sounds like this principle (3rd of 10) was violated:
Obtain Consent - Every organization is responsible for getting consent from the person whose information will be collected, used and/or disclosed. Consent is defined as voluntary agreement with what is being done and may be implied or expressed. In addition, the individual must be told the details of why, how and when the information is being collected, used or disclosed.
One man's Funny is another man's Offtopic.
The government publishes Your e-mail address WITH THE GOAL that someone can CLEARLY IDENTIFY valid lawyers in the state.
Well, it does help us to approximate the size of wall we'll need when the revolution comes...
require "something.clever";
I should be able to post my email on the net without fear of some shameless spammer harvesting it.
Yes, and I should be able to walk around all parts of a major metropolitan area without fear of getting mugged. Guess what? That is just not true. One must be cognizant of surroundings and protect oneself appropriately, which brings us to the next item...
I finnaly posted my personal address on just a few forums and now I receive at least 50 spam a day.
In all seriousness, what did you expect? The practice of address harvesting from newsgroups, etc. has been well known for ages.
I never consented for it to be mailed to
Not to put too fine a point on it, but where on earth did you get the idea that your consent had anything to do with people sending you email?
I want to drag this out as long as possible. Bring me my protractor.
Prof. Geist came and gave a presentation to my graduating class specifically on PIPEDA just after this had occured.
He told us the whole scenario, and clearly pointed out that after receiving the first spam, he responded, specifically asking that they no longer use his email address for promotional matters.
They ignored his request and sent him a second round of spam. That's when he filed the complaint against them. And won.
It's not only a matter of spam. It's a clear-cut case of ignoring removal requests can be bad for you.
AFAIK this is more or less true in all of Europe. It has certainly been true in France for a long time, I can't remember when I last saw some French Spam. Actually Ican't remember when I last saw some European based spam either.
All of my spam is also US centric apart from the odd thing in chinese every now and then (about 1 in a few thousands). At least that's what I gather from the glances I take in my spam folder every now and then before I delete it.
May contain traces of nut.
Made from the freshest electrons.
We are pretty far down the line in Peacekeeping, in foreign aid, and we've let our military suffer serious rust-out so they've withrdrawn from many of our former UN observer missions.
We still think of ourselves as people who do the right things on the international stage, but our charitable donations per capita don't rank very high either.
In the last 10-15 years, we've become a people who cling to a certain set of values but don't pay for them in blood, sweat or dollars. As a consequence, about all we have is the 'belief' that we're a goo people doing all of these things. A simple look at our downsizing of involvement with the UN and our abysmal charitable contribution rates per capita pretty much tells the real story.
It's a nice theory. Maybe we should actually live up to it.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
In Canada, there are rules from the CRTC specifically banning ADAD (Auto-Dialing and Answering Devices) from being used for advertising and solicitation purposes including charities.
To me, bulk-mailing is similar to such phone directory brute-forcing. It is intrusive, wasteful and annoying.
The CRTC allows ADADs for appointment confirmations and public safety announcements, both legitimate, reasonable and pertinent reasons. This law simply brings these CRTC rules to eMail. For the record, even though CRTC stands for "Canadian Radio and Telecomunication Commitee", Internet is considered an "Information service" which is not (yet) under its jurisdiction.
I think this is a matter of how you view "public" release. If I put an email address on my web site, so that users of my site can send let me know if there are brokern links, incorrect information, etc. Why should I suddenly be deluged with advertisements for fake Viagra? That is not why that email address is there, and that intention should be fairly obvious. A mailto link, with the words, "If you find any broken links, or have any questions about this site, please contact me here", in no way implies that I want ads for anything.
I like this ruling, and wish we had a similar law in the US. If my work place lists my email address in a public directory, with the intent that people who need to contact me about subjects relating to my work can easily do so, I should not have to contend with people sending advertisments to that email address. It is fairly obvious that the intention of that directory is not so that I can be advertised at.
Unfortunatly, the US seems to be stuck on this idea that you have no privacy in a public place. This is a wonderful idea if your intention is to live in a surveillance society, bad if you hope to live in a free one. Privacy, even in a public space should be the default, I shouldn't have to hide in my home if I wish to keep anything about me private.
Necessity is the mother of invention.
Laziness is the father.
Unfortunatly, the US seems to be stuck on this idea that you have no privacy in a public place. This is a wonderful idea if your intention is to live in a surveillance society, bad if you hope to live in a free one.
:)
I'm intrigued and confused. There are two freedoms: the freedom from being pestered by someone selling something, and the freedom to sell something. Which takes precedence?
The bit about a surveillance society loses me...how would such a society alleviate the spam problem? (Incidentally, I for one do not want to live in a surveillance society
Wouldn't the question then become:
How would they know you wanted it if they didn't ask you?
To wit, most people would respond:
I'll let you know when I need it.
Which they will then respond:
How do you know you need it if you don't know about it?
And so on...
Which, to me, is sort of like a cat/dog chasing its tail. It didn't know it was there until it looked and then the elusive tail is hard to catch. But round and round they go until at last they are either exhausted from trying or they've managed to catch it. Whereupon they usually find out the hard way that the tail is actually attached to themselves. Which is similar to this situation.
The problem is that people want to know about things and then be given a chance to poke and prod at whatever (or kick the tires so to speak). While sales people want to just show you the item and immediately make a sale. The reason things are like this so much is because if the sales people do not meet their sales quota each month it is highly likely that they will be fired and replaced by someone else who will try harder to meet that sales quota. These sales quotas are in place because many businesses have embraced these bean counter methodologies (ie: ISO1960 or whatever they are called - we have them here as well). These bean counter technologies are really demented. They work like this:
Year #1: You set everything up to start counting.
Year #2: You count everything.
Year #3: You look at what the numbers say while counting everything again.
Year #4: If Year #2 was worse than Year #3 you are doing well. If Year #2 was better than Year #3 you are doing worse. If things remained at about the same level look around for ways to cut costs and improve output. (This usually means layoffs, more work for those left behind, and higher levels of output production.)
Year #5: Repeat Year #4.
The idiotic outcome of this methodology is the diametrically opposed views of one or two workers and unrealistict output. What it usually causes is more sick leave, worker burnout, and yes - higher output. I can not name names, nor point fingers, but I have known others who have left because of this bean counting.
To bring this back on track though, it is the above kind of mentality that causes many of the companies to at least try mass marketing through e-mail. Because it requires very few people, doesn't cost more than a few pennies to send each missive (so low overhead), and they do get responses (improved output).
I actually was asked to work at one such company. I refused. I was to be their internet person to grab people's e-mail addresses and to put them onto a list for e-mails to be sent out to. As I said - I refused. I tried to get them to set up a website where people could come to view their products instead (like Amazon.com or maybe eBay does it) but they didn't want to work it that way. I can not see helping such an endeavor, and took a different job.
In any event, if your e-mail address is made publicly available in any of the mediums, then you can rest assured that you will probably get junk/spam mail. Not that you want it, not that I want it, but you will probably get it. I applaud the Canadian Government's attempts to curb this problem as I applaud any government which tries to make laws which favor their citizens more than their corporations or companies.
Later.
Someone put a black hole in my pocket and now I'm broke.
this is taken from smarty.php.net javascript encrypting function
// address text extra
.= '%' . bin2hex($string[$x]); }
e .'\'))</script>';
basically it means that a client whose not running js on every script on the page will not even know that he's missing content.
but thos who do, don't don't feel any adverse effects (like having to remove the EEEWE from the middle of the domain or something) !!
a challange for perl wizards, transform the code into one concise line.
----
function emailto($params)
{
$extra = '';
extract($params);
if (empty($text)) { $text = $address; }
$string = 'document.write(\'<a href="mailto:'.$address.'" '.$extra.'>'.$text.'</a>\');';
for ($x=0; $x < strlen($string); $x++) { $js_encode
return '<script type="text/javascript" language="javascript">eval(unescape(\''.$js_encod
}
----
actualy, i used to include a commented out fake random generated address, that is not encrypted to satisfy the harvesting bots.
-- Avishalom is usually vish