SoVote

Context: House Hansard - 136 - Nov/28/22

The Assistant Deputy Speaker (Mrs. Alexandra Mendès)

Nov/28/22 4:56:12 p.m.
Watch

Before we proceed to questions and comments, it is my duty pursuant to Standing Order 38 to inform the House that the questions to be raised tonight at the time of adjournment are as follows: the hon. member for Leeds—Grenville—Thousand Islands and Rideau Lakes, Public Safety; the hon. member for Saanich—Gulf Islands, Climate Change; and the hon. member for Nanaimo—Ladysmith, Fisheries and Oceans.

71 words

Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)

Nov/28/22 4:56:43 p.m.
Watch
Re: Bill C-27

Madam Speaker, I note that the last time we had any real changes to the privacy legislation of this magnitude was a couple of decades ago. We did not even have iPhones 20 years ago, so I would ultimately argue that there is a need for change. Tim Hortons aside, I believe the legislation we are talking about provides a good balance between consumer rights, the issue of privacy and the whole digital market out there. No doubt, it would be nice to see the legislation go before committee and, ideally, for that to take place sometime before the end of the year. Given the urgency of the issue itself and the fact that we have not seen anything for 20 years, would the member agree that it would be nice to see the legislation pass before the end of this year?

142 words

Mr. James Bezan

Nov/28/22 4:57:48 p.m.
Watch
Re: Bill C-27

Madam Speaker, the Liberals have been in government for the last seven years, and they have not brought forward this legislation with any urgency, it seems. It has been on the docket and off the docket a number of times. The member talks about consumers rather than Canadians. Let us stop looking at people as commodities. Let us look at them as individuals and their rights. One thing the Liberals could put into the bill, as recommended by the Standing Committee on Access to Information, Privacy and Ethics, is details on how Canadians can opt out of being surveilled and on how their data is collected. Why is that not in here? We have a national do not call list, and we can sign up for it so we are not getting bothered all the time by telemarketers. Why would we not have a national opt-out clause for Canadians' data collection, whether for government interests or commercial interests, so they have the ability to say no because they want their privacy rights to be respected?

176 words

Mrs. Julie Vignola (Beauport—Limoilou, BQ)

Nov/28/22 4:58:47 p.m.
Watch
Re: Bill C-27

Madam Speaker, my colleague from Selkirk—Interlake—Eastman mentioned some things that are not covered by Bill C-27. The law they have in Europe right now requires businesses to have two ways to identify individuals, but the trend is moving toward having three. Does my colleague think that Bill C-27 should also legislate on the number of methods of identification that businesses should be required to use? It does not do so right now, which is why we need to carefully study it in committee.

91 words

Mr. James Bezan

Nov/28/22 4:59:30 p.m.
Watch
Re: Bill C-27

Madam Speaker, I do not believe that the bill lives up to the gold standard of European Union law. The European Parliament has been very good at having general data protection regulation. That is the gold standard. The bill does not provide the types of safeguards that protect the interests of Canadians. We need an ongoing discussion on how the personal information of Canadians is protected. Bill C-27 does not provide all the guardrails required for the protection of individual Canadians. A task should be given to the industry committee or the ethics committee to dive deeper to make sure we have an opportunity to hear from more witnesses and to provide the amendments that are so desperately needed to the bill. I think it actually needs to go back to be redrafted.

134 words

Ms. Elizabeth May (Saanich—Gulf Islands, GP)

Nov/28/22 5:00:33 p.m.
Watch
Re: Bill C-27

Madam Speaker, I want to the thank the hon. member for Selkirk—Interlake—Eastman for a very thoughtful speech. As a member of Parliament grappling with Bill C-27, I have to say that I am grateful that his party assigned him to this area of work sometime in the past, because this is enormously complicated. The bill is three acts in one, and I would ask the member what we should do at this point. The Speaker has now given a ruling that says we will be able to vote separately on the AI piece of the bill, but I do not think that is good enough. I do not know if the committee will be able to set aside witnesses and only look at the AI piece in a concentrated fashion. I would support anything we could do as opposition members of Parliament to make sure the bill is not rushed and to make sure that the artificial intelligence pieces are treated as separately as possible so that we have a good amount of time for amendments and understanding while not rushing it through.

188 words

Mr. James Bezan

Nov/28/22 5:01:31 p.m.
Watch
Re: Bill C-27

Madam Speaker, I agree with the member. We want to get this right. This should not be rushed. It is not about getting this done by Christmas because we have a legislative agenda to hammer through, as the member for Winnipeg North continues to cheerlead. What we need is to take our time. We can split the bill into three ways and assign them to committees other than the industry committee. We can give the bill over to public safety to look at the use of the legislation from the standpoint of policing. We can shuffle off the piece on artificial intelligence to the ethics committee, making sure that it has the time to dive deep into it and hear from witnesses about how we can improve upon the bill. Ultimately, what we could do is defeat the bill at second reading, send the government back to the drawing board and have it do a broader consultation on how this bill should be written so that it addresses the needs of the industry but protects the rights of Canadians.

179 words

Mr. Pat Kelly (Calgary Rocky Ridge, CPC)

Nov/28/22 5:02:41 p.m.
Watch
Re: Bill C-27

Madam Speaker, I would bring to the member's attention the studies we undertook at the ethics committee, where it was reported that agencies of the federal government, including the RCMP and PHAC, did not follow the existing Treasury Board guidelines on the adoption of new technology. I think all parties agree that we need updated legislation, but the government is not even following the rules that it already has. Does there need to be more than just new regulation and protection for Canadians' privacy? Is it not also important that the government actually follow the rules that it creates, which it has not done with respect to Canadians' privacy?

110 words

Mr. James Bezan

Nov/28/22 5:03:28 p.m.
Watch
Re: Bill C-27

Madam Speaker, I want to thank the member for his time as chair of the ethics committee and for the great job he did. We heard from a lot of experts, and the committee found over and over again that the government was not following its own rules, including those in the Privacy Act and PIPEDA, which is antiquated, as the member for Winnipeg North pointed out. It does not even follow the guidelines that the Treasury Board has. If the government cannot even follow the rules as they are currently, it leaves us feeling hopeless that it is going to follow the rules of any new legislation we bring in. However, I would hope that a future Conservative government would make sure legislation provides that privacy rights and the charter's freedom of expression and freedom of speech are solely protected in legislation for Internet use. That has to be the guiding light in all documentation and legislation we provide.

161 words

Mr. Brian Masse (Windsor West, NDP)

Nov/28/22 5:04:41 p.m.
Watch
Re: Bill C-27

Madam Speaker, given the issues of the bill and the complexity of it, I was really grateful for the intervention by the member for New Westminster—Burnaby about the NDP request to separate the votes. We cannot actually separate the bill so that it goes to different committees. We are stuck with having a separate vote on artificial intelligence. I know the parliamentary secretary wants to rush the bill through by Christmas, so would it not have made more sense to have three separate bills because there are three extensive pieces of legislation? If the Liberals want to move the bill quicker, perhaps they would be willing to actually separate the bill for separate studies in the House of Commons. It requires them to do this, unfortunately, not the opposition.

131 words

Mr. James Bezan

Nov/28/22 5:05:28 p.m.
Watch
Re: Bill C-27

Madam Speaker, I agree that we should be dealing with this in a more focused way. Instead of having one big omnibus bill, this should be split into smaller bills so we can have a more fruitful debate and have a chance for more expert input. Then we would have more parliamentarians engaged in drafting any potential amendments to any legislation. As it is right now, the bill will be referred to only a couple of committees, and we have a timeline, which seems to be pushed by the government, that does not work. The Privacy Commissioner, Daniel Therrien, notes that “most Canadians whose data was used did not know their data was used. The parties, both the government and the private sector, could have done more to inform users that their data was used for these purposes.” That was the data collection done through PHAC. He also said, “the second issue is whether it is good legislative policy that de-identified information falls outside the reach of privacy laws.” The Liberals are trying to correct that through legislation. However, as David Lyon said, “high-level studies from various places, one from Imperial College London and the university in Leuven, show that 99.8% of Americans could be reidentified in a dataset that used 15 demographic attributes.” That is disconcerting, and that is why this legislation falls short.

234 words

Mr. Andy Fillmore (Parliamentary Secretary to the Minister of Innovation, Science and Industry, Lib.)

Nov/28/22 5:07:10 p.m.
Watch
Re: Bill C-27

Mr. Speaker, I will be splitting my time with the member for Saanich—Gulf Islands. I am very pleased to be here to discuss Bill C-27, the digital charter implementation act of 2022. The bill would implement a new world-class regime for the protection of consumers and to ensure that Canadians have confidence that businesses are handling their personal data responsibly and are developing and deploying new technologies in a responsible and ethical way. The bill also includes important changes that would support responsible innovation in an increasingly digital and data-driven marketplace. It would modernize Canada's regulatory framework for privacy protection in the private sector in a manner that supports innovation and is interoperable with the data protection laws of Canada's major trading partners. The bill would also reinforce Canada's commitment to responsible artificial intelligence development, or AI development. As parliamentary secretary to the Minister of Innovation, Science and Industry, and indeed as the MP for Halifax, with its burgeoning tech sector, I can tell members from first-hand experience that Canada is a world leader in AI, with top talent and innovative companies. In a world that is increasingly reliant on digital technologies, the bill would build on Canada's advantage by creating a foundation of trust and ensuring that companies meet the highest standards of responsibility when developing and deploying AI. We need to ensure that Canadians’ personal information is protected, but there is also a need to support Canadian businesses so that they can grow, prosper and innovate in this increasingly digital world. We recognize that technology is growing rapidly and providing companies with large amounts of personal information. This information fuels business decisions. It informs the creation of new products and services for customers. This innovation is critical, but we absolutely have to ensure that this innovation happens in a responsible way. Therefore, in my limited time today, I am going to focus my comments on the first and third parts of the act, with a focus on enabling and supporting responsible innovation. I will begin with the first part. The proposed new Consumer Privacy Protection Act, or CPPA, retains the principles-based approach of our current private sector privacy law in order to continue harnessing the success of a flexible and adaptable privacy law. We know circumstances are changing all the time. To better reflect advances in digital technologies, the emergence of AI and other new technologies, the CPPA contains a number of provisions to support industry innovation without compromising the protections Canadians depend on. First, the CPPA includes a new exception to consent, to cover specified business activities, and it introduces the concept of legitimate interests into Canada’s privacy framework, with updates that take into consideration what we have heard from stakeholders on the previous proposal that came before Parliament in 2020, back when I was parliamentary secretary to the then minister of heritage and we were considering this. The objective is to help reduce the administrative burden on businesses and on individuals in situations in which seeking consent is not meaningful, for example, the use of personal information for the shipping of goods that have been requested by the individual. In these situations, the customer clearly anticipates receiving a shipment, and the company should be able to undertake this shipment without the law adding an extra burden to provide this service. Importantly, this exception may not be used in situations in which the organization intends to influence the individual’s behaviour or decisions. Moreover, given the need to consider interests and potential impacts on individuals, the organization will be required to assess the potential impacts on individuals, implement measures to eliminate or mitigate such impacts, and comply with any prescribed requirements. The Privacy Commissioner may review such assessments on request. All in all, the inclusion of a targeted legitimate interest exception aligns the CPPA with international best practices, including those of the EU. Second, the CPPA defines and clarifies how businesses should handle de-identified personal information, in other words, personal information that has been modified to reduce the risk that an individual could be recognized or identified. This framework takes into account the feedback we heard from the previous proposal. The bill also defines anonymized information and confirms that information that has no risk of identifying an individual falls outside the scope of the act. The bill before us today would incentivize organizations to de-identify personal information before using it for research, development and analysis purposes, further protecting Canadians’ privacy. We know businesses need to invest in R and D to improve their products, which benefits customers by providing them with new and innovative products and services. This provision would allow businesses the flexibility to use de-identified data for R and D, adding value for both customers and firms. However, the CPPA confirms that this information would still stay within the protection of the act and under the oversight of the Privacy Commissioner of Canada, as one would expect. Recent years have also shown the critical role data plays in developing evidence-based policies and responding to public crises. Whether it is to respond to public health needs or the now-present challenges from climate change, or even planning a city, data is needed to help us rise to these challenges, but it must be used responsibly and in keeping with our values. That is why the CPPA introduces a framework that would allow for the use of data in ways that would benefit the public good. It would do this by allowing companies to disclose de-identified data to specified public entities, such as hospitals, universities and libraries. These disclosures would be permitted only where specific criteria are satisfied. That is, the personal information must not identify an individual, and there must be a socially beneficial purpose, like those related to health, public infrastructure or environmental protections. This would ensure that the privacy of individuals is protected, while making sure we would be using everything at our disposal to respond to increasingly challenging global issues. Third, the CPPA introduces a new framework for codes of practice and certification systems that would enable businesses to proactively demonstrate their compliance with the law. For example, companies that are engaged in a particular business activity could collaborate on the development of a code of practice that outlines how they comply with the specific provisions of the law. With the approval of that code by the Privacy Commissioner, organizations would have greater certainty that they are meeting their obligations. Similarly, the bill provides a scheme for recognizing certification systems that demonstrate compliance with the law. Organizations that choose to participate in approved certification schemes would benefit from a reduced risk of enforcement actions under the act. This would be especially helpful for small- and medium-sized entities that do not necessarily have extensive legal resources at their fingertips. These new frameworks for recognized codes and certifications would make it easier for businesses to demonstrate their compliance with the law to customers, to business partners and to the Privacy Commissioner of Canada. I would like to move now to the third part of the legislation, the proposed artificial intelligence and data act, or AIDA, which would support responsible innovation by giving businesses a clear framework to guide the design, development and deployment of artificial intelligence systems, or AI systems. AI systems have many benefits and operate across national and provincial boundaries. As I mentioned, Canada has become a global leader in artificial intelligence through the pan-Canadian AI strategy. However, as the technology has matured, risks associated with AI systems have also come to light, including with respect to health, safety and bias. In order for Canadian innovators to maintain this status, common standards are needed for international and interprovincial trade in AI systems. The bill would guide innovation by building confidence in the technology and protecting Canadians against the harms such systems can cause. Specifically, AIDA would ensure that entities responsible for high-impact AI systems identify and mitigate potential harms, including bias. By aligning with internationally recognized standards, this would ensure market access for Canadian innovations. Lastly, an artificial intelligence and data commissioner would be created, with the dual role of support the minister in administering the act and playing a supportive role in helping businesses understand their responsibilities and how to comply. We believe the government is paving the way for Canada to be a world leader in innovation by providing Canadians with clear rules on how it may be developed and used. I believe it is imperative the House move to pass this bill. The digital charter implementation act would not only protect the personal information of Canadians and lay the ground rules for the responsible design, development, deployment and operation of AI systems in Canada, but also enable the responsible innovation that will promote a strong Canadian economy. With this bill, the government is sending a clear message that responsible innovation is critical for Canada’s future economic success and competitiveness.

1515 words

All Topics

Mrs. Cheryl Gallant (Renfrew—Nipissing—Pembroke, CPC)

Nov/28/22 5:16:47 p.m.
Watch
Re: Bill C-27

Madam Speaker, former Liberal bagman David MacNaughton, who was subsequently appointed to be the ambassador for Canada to the United States, went on to become the president of Palantir. It is the Dyson of data scooping and meta tag recombination. His first order of business was to attempt to secure a contract with the Canadian federal government, but he had violated the cooling-off period for being a public servant. What assurances do Canadians have that this will be secure enough and that we will be protected from this legislation's being used as political weaponry on the taxpayer's dollar?

101 words

Mr. Andy Fillmore

Nov/28/22 5:17:41 p.m.
Watch
Re: Bill C-27

Madam Speaker, I begin by pointing out that Canadians have never been more reliant on digital data. In fact, a previous hon. member of this House, Scott Brison, famously quipped that we have Blockbuster legislation. We have Blockbuster law in a Netflix world. It is clear we need to update this. To the member's question about enforcement and making sure there are repercussions for the misuse of data or for violating the proposed act, the act would create the data commissioner. It would give the commissioner powers to impose administrative monetary penalties. In contrast to today's legislative landscape, I think the proposed act would address the member's concerns.

111 words

Mr. Sébastien Lemire (Abitibi—Témiscamingue, BQ)

Nov/28/22 5:18:40 p.m.
Watch
Re: Bill C-27

Madam Speaker, I would like to thank my colleague from Halifax for his speech. I am sure he will work hard in committee to defend the integrity of this bill. He can count on the Bloc Québécois's support for the principle of the bill. The Chair delivered a ruling earlier this afternoon about how Bill C-27 should be divided into two parts. I would like to hear his comments on that. What impact will that have on the bill? Does he think that will jeopardize certain aspects of Bill C-27? What will be the consequences?

104 words

The Assistant Deputy Speaker (Mrs. Alexandra Mendès)

Nov/28/22 5:19:12 p.m.
Watch
Re: Bill C-27

For clarification, I would point out that Bill C-27 has not been divided and only the vote will be done separately. The hon. parliamentary secretary.

26 words

Mr. Andy Fillmore

Nov/28/22 5:19:22 p.m.
Watch
Re: Bill C-27

Madam Speaker, I want to thank my colleague for his excellent work on the industry committee. We accomplish good things there together, and there are many more to come. This ruling was handed down today by the Speaker. We are going to figure out what it means. In terms of process, there may be some implications. Whatever the process implications are, I do not think it impacts the content and the imperative that we move ahead with updating our digital privacy laws in Canada. I look forward to working with him and all members of the industry committee to get this across the finish line.

105 words

Ms. Leah Gazan (Winnipeg Centre, NDP)

Nov/28/22 5:20:00 p.m.
Watch
Re: Bill C-27

Madam Speaker, Bill C-27 does not explicitly apply to political parties, and in the past we have seen the possibility of privacy breaches and misuse in the political arena. Should the bill be amended to specifically include political parties?

40 words

Mr. Andy Fillmore

Nov/28/22 5:20:28 p.m.
Watch
Re: Bill C-27

Madam Speaker, as I mentioned in my remarks, the content of the bill has been driven by past consultations on its previous iteration in 2020. It has been driven by discussions with industry partners and with social and civil society groups. We are very confident that the contents of the bill, as it stands now, will address the gaps and how out of date it is. I believe the concerns around political parties are covered under the Elections Modernization Act, which we passed in the previous Parliament.

87 words

Mr. Ryan Williams (Bay of Quinte, CPC)

Nov/28/22 5:21:18 p.m.
Watch
Re: Bill C-27

Madam Speaker, I know it is very important, when we look at different aspects of the bill, for it to be balanced, as the member has mentioned, between business, ethics and consumer protection. We believe in privacy as a fundamental human right. One of the definitions he talked about was de-identification versus anonymization. De-identification was used in ethics. We studied the Telus data for good program, whereby data was just given from Telus to consumers to the government during COVID. De-identification means that the risk of the individual being identified remains, whereas anonymization means that information is scrapped. Can the member comment on whether he sees anonymization being used more than de-identification?

116 words