Call today! 1 866 3 NYMITY
Username: Password:
Nymity News
Nymity logo
Home About Us

Interview with Michael Geist

Michael Geist

May 2008

 

Interviewee: Michael Geist, Canada Research Chair in Internet and E-commerce Law

 


Subject:  iOptout.ca

 

 

Nymity: What is iOptout.ca and why was it created?
 

Geist:  iOptout.ca is a site that enables Canadians to more efficiently express their privacy preferences to multiple organizations.  The site allows users to withdraw consent (or "opt-out") of telephone and/or email marketing from dozens of organizations across the country with a few easy steps.

 

The site was established as a response to the creation of a do-not-call list.  The legislation for the DNC includes exemptions for many organizations on the condition that each maintain a private do-not-call list.  iOptOut.ca builds on that legislative compromise by allowing users to notify multiple organizations of their desire to be placed on the private do-not-call list.

 

Nymity: What can subscribers opt out of?  What kinds of organizations are on the list and how many?

 

Geist:  The organizations are primarily those that are exempted under the DNC and thus required to maintain private DNCs.  These include some businesses, charities, polling companies, political parties, and newspapers.

 

Nymity:  When was it launched and how many individuals have registered?

 

Geist:  iOptout.ca was launched in late March 2008.  Tens of thousands of Canadians have used the service to send millions of opt-out requests.

 

CMA Positon / Member Action

 

It is the view of the Association that members need not honour do-not-call requests that originate from the organization in question.  It is also important to note that CMA does not provide legal opinions and that members should act upon the advice they receive from their legal counsel.

Nymity:  Which laws do you believe create legal obligations on organizations to comply with iOptout.ca requests?

 

Geist:  We identify at least two.  Under national privacy legislation (PIPEDA), many organizations may required to comply with the opt-out requests.  This is particularly true where the organization has obtained the individuals number from a source other than the "white pages" or the number is an unlisted number.  While there are some organizations exempt from PIPEDA (ie. political parties), many on the iOptout list are not.  Moreover, email addresses have been treated as personal information under the Act and are subject to the law.  Where applicable, provincial privacy laws may apply.

 

Once the DNC is operational this fall, all organizations will be required to comply with iOptout.ca requests.  While some organizations may take the position that they need not comply until then, I would hope that most would respect the clear request of Canadians to be removed from their lists.

 

Nymity:  Are organization honouring iOptout.ca generated request?

 

Geist:  Hard to know.  Those subject to PIPEDA have several months to comply and it is too early to tell.  Tests and possible complaints are possible later this spring.

 

Nymity: Will you file complaints with privacy commissioners across Canada if an organizations does not honour iOptout.ca requests?

 

Geist:  We will be providing a full guideline that will enable users to file complaints this spring.

 

Nymity:  Is iOptout.ca subject to any of the federal or provincial private or public sector privacy laws?

 

Geist:  This is a non-commercial activity, but any data collected or used is subject to the privacy policy on the site.

 

Nymity:  Is there an authentication process for individuals subscribing to iOptout?

 

Geist:  No.  There is no requirement for an authentication procedure under the law.  The likelihood that someone will falsely enter someone else's phone number seems rather minimal.  Other opt-out lists - including the U.S. FTC's Do-Not-Call list and the CMA's do-not-market list do not authenticate the link between the user and the registered phone numbers.

 

Nymity:  Do organizations have an obligation to authenticate requests to ensure the individual is the one who made the opt out request?

 

Geist:  No.  There is no such requirement under the law.

 

Nymity:  How does iOptout ensure the correct contact at each of the organizations on your list?

 

Geist:  We have worked hard to identify the correct contact information and would be happy to update where needed.

 

Nymity:  What security measures are in place for the personal information you collect?

 

Geist:  The site uses SSL encryption for data entry.  Once entered, users have two choices.  They can either request that all their information be deleted within 24 hours of entry.  In such instances, their opt-out requests will be sent and their personal information deleted.  

 

Alternatively, they can have the site retain their personal information, thereby enabling future updates.  In such instances, all 
personal information is taken offline to a separate server.

 

Nymity: In closing, what suggestions do you have for organizations that are on the iOptout.ca list?

 

Geist:  I suggest that the organizations honour the requests.  For those that are struggling with the large volume of requests, we are willing to work to find solutions ease the burden on affected organizations.

  

 

 

 

 

 

 

 

 


Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY