Editor’s note: This article first appeared in the Financial Post on August 16, 2016.

Jeopardy! wouldn’t have reached consent, nor could it apply any of the exceptions, to send any commercial electronic messages at all.

In February, the Ottawa Citizen published a story about Jeopardy! temporarily banning Canadians from participating on its show.

Some hypothesized Canadians were banned because they are “way too smart,” others asserted it was due to Canada’s overly burdensome privacy laws. tbk Creative decided to reach out to Jeopardy! and ask what happened. It replied: “Canadians were never banned from the show. There was a problem in satisfying Canadian laws governing how information is gathered on the Internet. Changes have been instituted and we expect to see an online test hosted in late summer/early fall.”

According to two Canadian lawyers, Jeopardy!’s producers and lawyers could be concerned about two federal laws – the Canadian Anti-Spam Legislation (CASL) and the Personal Information Protection and Electronics Documents Act (PIPEDA).

CASL, as it pertains to electronic messages, is a doozy. The government may have created the electronic messages sections of the act with good intentions – to protect citizens from unwanted or fraudulent electronic commercial communications – but the drafting went overboard. If a commercial electronic message is sent without consent, or doesn’t meet an exception within the act, a person could face a fine up to $1 million and a company up to $10 million. For example, as reported by CRTC, Rogers, Porter Airlines, and Plenty of Fish, after allegedly violating CASL have either been outright fined or reached a settlement. Most notable is the $1.1 million fine against Quebec-based Compu-Finder.

Many are confident that Canada’s regulatory bodies generally show discretion on whom they target and the size of such penalties. However, the waters will soon become even more dangerous for Canadian businesses. As of July 1, 2017, CASL’s Private Right of Action provisions commence, allowing recipients of alleged violations to lodge lawsuits — and not just for damages. Under section 51 of the act, applicants can be awarded up to $1,000,000 “on each day in which a contravention occurred.”

The following is a technical example of CASL that could be nervously rattling around the minds of Jeopardy!’s legal team. A Canadian applies for the show via the online method. The participant is unable to provide express consent because, as CRTC has stated, someone must make an active, voluntary action to indicate express consent. Simply stating in the terms and conditions or a privacy policy that commercial electronic messages will be sent isn’t sufficient to gain express consent. Moreover, providing a check box won’t work either because 100 per cent of the applicants may not check the box. As a result, people signing up for the show aren’t providing express consent; not to mention, providing implied consent under section 10(10) is unlikely as contestants aren’t inquiring about buying products or services. Jeopardy! can’t lean on any of the exceptions stated in the regulations either. For instance, every person registering likely doesn’t have a personal or family relationship with Jeopardy!

So what this could boil down to is Jeopardy!’s legal team may have asked themselves: “What if one of the electronic messages sent out to applicants is deemed commercial in nature?”

If that were the case, based on the information above, Jeopardy! may be in violation of CASL. Jeopardy! wouldn’t have reached consent, nor could it apply any of the exceptions, to send any commercial electronic messages at all.

David Canton, a business lawyer at Harrison Pensa LLP who specializes in Canadian privacy laws, proposed that this situation with Jeopardy! may be a case of “litigation chill.” It’s “when people are so afraid of doing something because they are afraid of getting sued.”

Now, let’s discuss PIPEDA and its amendments as per the Digital Privacy Act. Last year, section 6 of PIPEDA’s consent provisions underwent a modification: the amended section, as per the Digital Privacy Act, requires businesses to obtain “valid consent” while the prior version required businesses to obtain only “consent.”

According to Katherine Serniwka, a business lawyer at Lerners LLP commenting on the new requirement, “that consent is only valid if the individual to whom the organization’s activities are directed would actually be able to understand the nature, purpose, and consequences of that collection, use, or disclosure of personal information.”

PIPEDA’s new provisions around valid consent are in the best interests of consumer protection – which is good – but more resources would gladly be welcomed by businesses to ensure they are in compliance with these amorphous new rules.

When it comes to CASL, resources and further education will not be enough. This legislation’s good intentions is undeniable but the legislation should be amended in such a way that consumers are still protected but Canadian businesses can easily comply.

Many Canadians appeared to be discouraged or upset by the idea of not being allowed to apply to be on Jeopardy! This feeling of unfairness is something many of our Canadian businesses have felt over the growing complexities of complying with Canada’s privacy laws – especially the Canadian Anti-Spam Legislation. The only difference is our businesses aren’t looking at it as a game but, instead, as something that strikes at the heart of their financial livelihood.

Andrew Schiestel is president, tbk Creative, and a co-founder at AODA Online.  @AndrewSchiestel.