SoVote

Context: House Hansard - 136 - Nov/28/22

Nov/28/22 5:03:28 p.m.
Watch
Re: Bill C-27

Madam Speaker, I want to thank the member for his time as chair of the ethics committee and for the great job he did. We heard from a lot of experts, and the committee found over and over again that the government was not following its own rules, including those in the Privacy Act and PIPEDA, which is antiquated, as the member for Winnipeg North pointed out. It does not even follow the guidelines that the Treasury Board has. If the government cannot even follow the rules as they are currently, it leaves us feeling hopeless that it is going to follow the rules of any new legislation we bring in. However, I would hope that a future Conservative government would make sure legislation provides that privacy rights and the charter's freedom of expression and freedom of speech are solely protected in legislation for Internet use. That has to be the guiding light in all documentation and legislation we provide.

161 words

Mr. Brian Masse (Windsor West, NDP)

Nov/28/22 5:04:41 p.m.
Watch
Re: Bill C-27

Madam Speaker, given the issues of the bill and the complexity of it, I was really grateful for the intervention by the member for New Westminster—Burnaby about the NDP request to separate the votes. We cannot actually separate the bill so that it goes to different committees. We are stuck with having a separate vote on artificial intelligence. I know the parliamentary secretary wants to rush the bill through by Christmas, so would it not have made more sense to have three separate bills because there are three extensive pieces of legislation? If the Liberals want to move the bill quicker, perhaps they would be willing to actually separate the bill for separate studies in the House of Commons. It requires them to do this, unfortunately, not the opposition.

131 words

Mr. James Bezan

Nov/28/22 5:05:28 p.m.
Watch
Re: Bill C-27

Madam Speaker, I agree that we should be dealing with this in a more focused way. Instead of having one big omnibus bill, this should be split into smaller bills so we can have a more fruitful debate and have a chance for more expert input. Then we would have more parliamentarians engaged in drafting any potential amendments to any legislation. As it is right now, the bill will be referred to only a couple of committees, and we have a timeline, which seems to be pushed by the government, that does not work. The Privacy Commissioner, Daniel Therrien, notes that “most Canadians whose data was used did not know their data was used. The parties, both the government and the private sector, could have done more to inform users that their data was used for these purposes.” That was the data collection done through PHAC. He also said, “the second issue is whether it is good legislative policy that de-identified information falls outside the reach of privacy laws.” The Liberals are trying to correct that through legislation. However, as David Lyon said, “high-level studies from various places, one from Imperial College London and the university in Leuven, show that 99.8% of Americans could be reidentified in a dataset that used 15 demographic attributes.” That is disconcerting, and that is why this legislation falls short.

234 words

Mr. Andy Fillmore (Parliamentary Secretary to the Minister of Innovation, Science and Industry, Lib.)

Nov/28/22 5:07:10 p.m.
Watch
Re: Bill C-27

Mr. Speaker, I will be splitting my time with the member for Saanich—Gulf Islands. I am very pleased to be here to discuss Bill C-27, the digital charter implementation act of 2022. The bill would implement a new world-class regime for the protection of consumers and to ensure that Canadians have confidence that businesses are handling their personal data responsibly and are developing and deploying new technologies in a responsible and ethical way. The bill also includes important changes that would support responsible innovation in an increasingly digital and data-driven marketplace. It would modernize Canada's regulatory framework for privacy protection in the private sector in a manner that supports innovation and is interoperable with the data protection laws of Canada's major trading partners. The bill would also reinforce Canada's commitment to responsible artificial intelligence development, or AI development. As parliamentary secretary to the Minister of Innovation, Science and Industry, and indeed as the MP for Halifax, with its burgeoning tech sector, I can tell members from first-hand experience that Canada is a world leader in AI, with top talent and innovative companies. In a world that is increasingly reliant on digital technologies, the bill would build on Canada's advantage by creating a foundation of trust and ensuring that companies meet the highest standards of responsibility when developing and deploying AI. We need to ensure that Canadians’ personal information is protected, but there is also a need to support Canadian businesses so that they can grow, prosper and innovate in this increasingly digital world. We recognize that technology is growing rapidly and providing companies with large amounts of personal information. This information fuels business decisions. It informs the creation of new products and services for customers. This innovation is critical, but we absolutely have to ensure that this innovation happens in a responsible way. Therefore, in my limited time today, I am going to focus my comments on the first and third parts of the act, with a focus on enabling and supporting responsible innovation. I will begin with the first part. The proposed new Consumer Privacy Protection Act, or CPPA, retains the principles-based approach of our current private sector privacy law in order to continue harnessing the success of a flexible and adaptable privacy law. We know circumstances are changing all the time. To better reflect advances in digital technologies, the emergence of AI and other new technologies, the CPPA contains a number of provisions to support industry innovation without compromising the protections Canadians depend on. First, the CPPA includes a new exception to consent, to cover specified business activities, and it introduces the concept of legitimate interests into Canada’s privacy framework, with updates that take into consideration what we have heard from stakeholders on the previous proposal that came before Parliament in 2020, back when I was parliamentary secretary to the then minister of heritage and we were considering this. The objective is to help reduce the administrative burden on businesses and on individuals in situations in which seeking consent is not meaningful, for example, the use of personal information for the shipping of goods that have been requested by the individual. In these situations, the customer clearly anticipates receiving a shipment, and the company should be able to undertake this shipment without the law adding an extra burden to provide this service. Importantly, this exception may not be used in situations in which the organization intends to influence the individual’s behaviour or decisions. Moreover, given the need to consider interests and potential impacts on individuals, the organization will be required to assess the potential impacts on individuals, implement measures to eliminate or mitigate such impacts, and comply with any prescribed requirements. The Privacy Commissioner may review such assessments on request. All in all, the inclusion of a targeted legitimate interest exception aligns the CPPA with international best practices, including those of the EU. Second, the CPPA defines and clarifies how businesses should handle de-identified personal information, in other words, personal information that has been modified to reduce the risk that an individual could be recognized or identified. This framework takes into account the feedback we heard from the previous proposal. The bill also defines anonymized information and confirms that information that has no risk of identifying an individual falls outside the scope of the act. The bill before us today would incentivize organizations to de-identify personal information before using it for research, development and analysis purposes, further protecting Canadians’ privacy. We know businesses need to invest in R and D to improve their products, which benefits customers by providing them with new and innovative products and services. This provision would allow businesses the flexibility to use de-identified data for R and D, adding value for both customers and firms. However, the CPPA confirms that this information would still stay within the protection of the act and under the oversight of the Privacy Commissioner of Canada, as one would expect. Recent years have also shown the critical role data plays in developing evidence-based policies and responding to public crises. Whether it is to respond to public health needs or the now-present challenges from climate change, or even planning a city, data is needed to help us rise to these challenges, but it must be used responsibly and in keeping with our values. That is why the CPPA introduces a framework that would allow for the use of data in ways that would benefit the public good. It would do this by allowing companies to disclose de-identified data to specified public entities, such as hospitals, universities and libraries. These disclosures would be permitted only where specific criteria are satisfied. That is, the personal information must not identify an individual, and there must be a socially beneficial purpose, like those related to health, public infrastructure or environmental protections. This would ensure that the privacy of individuals is protected, while making sure we would be using everything at our disposal to respond to increasingly challenging global issues. Third, the CPPA introduces a new framework for codes of practice and certification systems that would enable businesses to proactively demonstrate their compliance with the law. For example, companies that are engaged in a particular business activity could collaborate on the development of a code of practice that outlines how they comply with the specific provisions of the law. With the approval of that code by the Privacy Commissioner, organizations would have greater certainty that they are meeting their obligations. Similarly, the bill provides a scheme for recognizing certification systems that demonstrate compliance with the law. Organizations that choose to participate in approved certification schemes would benefit from a reduced risk of enforcement actions under the act. This would be especially helpful for small- and medium-sized entities that do not necessarily have extensive legal resources at their fingertips. These new frameworks for recognized codes and certifications would make it easier for businesses to demonstrate their compliance with the law to customers, to business partners and to the Privacy Commissioner of Canada. I would like to move now to the third part of the legislation, the proposed artificial intelligence and data act, or AIDA, which would support responsible innovation by giving businesses a clear framework to guide the design, development and deployment of artificial intelligence systems, or AI systems. AI systems have many benefits and operate across national and provincial boundaries. As I mentioned, Canada has become a global leader in artificial intelligence through the pan-Canadian AI strategy. However, as the technology has matured, risks associated with AI systems have also come to light, including with respect to health, safety and bias. In order for Canadian innovators to maintain this status, common standards are needed for international and interprovincial trade in AI systems. The bill would guide innovation by building confidence in the technology and protecting Canadians against the harms such systems can cause. Specifically, AIDA would ensure that entities responsible for high-impact AI systems identify and mitigate potential harms, including bias. By aligning with internationally recognized standards, this would ensure market access for Canadian innovations. Lastly, an artificial intelligence and data commissioner would be created, with the dual role of support the minister in administering the act and playing a supportive role in helping businesses understand their responsibilities and how to comply. We believe the government is paving the way for Canada to be a world leader in innovation by providing Canadians with clear rules on how it may be developed and used. I believe it is imperative the House move to pass this bill. The digital charter implementation act would not only protect the personal information of Canadians and lay the ground rules for the responsible design, development, deployment and operation of AI systems in Canada, but also enable the responsible innovation that will promote a strong Canadian economy. With this bill, the government is sending a clear message that responsible innovation is critical for Canada’s future economic success and competitiveness.

1515 words

All Topics

Mrs. Cheryl Gallant (Renfrew—Nipissing—Pembroke, CPC)

Nov/28/22 5:16:47 p.m.
Watch
Re: Bill C-27

Madam Speaker, former Liberal bagman David MacNaughton, who was subsequently appointed to be the ambassador for Canada to the United States, went on to become the president of Palantir. It is the Dyson of data scooping and meta tag recombination. His first order of business was to attempt to secure a contract with the Canadian federal government, but he had violated the cooling-off period for being a public servant. What assurances do Canadians have that this will be secure enough and that we will be protected from this legislation's being used as political weaponry on the taxpayer's dollar?

101 words

Mr. Andy Fillmore

Nov/28/22 5:17:41 p.m.
Watch
Re: Bill C-27

Madam Speaker, I begin by pointing out that Canadians have never been more reliant on digital data. In fact, a previous hon. member of this House, Scott Brison, famously quipped that we have Blockbuster legislation. We have Blockbuster law in a Netflix world. It is clear we need to update this. To the member's question about enforcement and making sure there are repercussions for the misuse of data or for violating the proposed act, the act would create the data commissioner. It would give the commissioner powers to impose administrative monetary penalties. In contrast to today's legislative landscape, I think the proposed act would address the member's concerns.

111 words

Mr. Sébastien Lemire (Abitibi—Témiscamingue, BQ)

Nov/28/22 5:18:40 p.m.
Watch
Re: Bill C-27

Madam Speaker, I would like to thank my colleague from Halifax for his speech. I am sure he will work hard in committee to defend the integrity of this bill. He can count on the Bloc Québécois's support for the principle of the bill. The Chair delivered a ruling earlier this afternoon about how Bill C-27 should be divided into two parts. I would like to hear his comments on that. What impact will that have on the bill? Does he think that will jeopardize certain aspects of Bill C-27? What will be the consequences?

104 words

The Assistant Deputy Speaker (Mrs. Alexandra Mendès)

Nov/28/22 5:19:12 p.m.
Watch
Re: Bill C-27

For clarification, I would point out that Bill C-27 has not been divided and only the vote will be done separately. The hon. parliamentary secretary.

26 words

Mr. Andy Fillmore

Nov/28/22 5:19:22 p.m.
Watch
Re: Bill C-27

Madam Speaker, I want to thank my colleague for his excellent work on the industry committee. We accomplish good things there together, and there are many more to come. This ruling was handed down today by the Speaker. We are going to figure out what it means. In terms of process, there may be some implications. Whatever the process implications are, I do not think it impacts the content and the imperative that we move ahead with updating our digital privacy laws in Canada. I look forward to working with him and all members of the industry committee to get this across the finish line.

105 words

Ms. Leah Gazan (Winnipeg Centre, NDP)

Nov/28/22 5:20:00 p.m.
Watch
Re: Bill C-27

Madam Speaker, Bill C-27 does not explicitly apply to political parties, and in the past we have seen the possibility of privacy breaches and misuse in the political arena. Should the bill be amended to specifically include political parties?

40 words

Mr. Andy Fillmore

Nov/28/22 5:20:28 p.m.
Watch
Re: Bill C-27

Madam Speaker, as I mentioned in my remarks, the content of the bill has been driven by past consultations on its previous iteration in 2020. It has been driven by discussions with industry partners and with social and civil society groups. We are very confident that the contents of the bill, as it stands now, will address the gaps and how out of date it is. I believe the concerns around political parties are covered under the Elections Modernization Act, which we passed in the previous Parliament.

87 words

Mr. Ryan Williams (Bay of Quinte, CPC)

Nov/28/22 5:21:18 p.m.
Watch
Re: Bill C-27

Madam Speaker, I know it is very important, when we look at different aspects of the bill, for it to be balanced, as the member has mentioned, between business, ethics and consumer protection. We believe in privacy as a fundamental human right. One of the definitions he talked about was de-identification versus anonymization. De-identification was used in ethics. We studied the Telus data for good program, whereby data was just given from Telus to consumers to the government during COVID. De-identification means that the risk of the individual being identified remains, whereas anonymization means that information is scrapped. Can the member comment on whether he sees anonymization being used more than de-identification?

116 words

Mr. Andy Fillmore

Nov/28/22 5:22:09 p.m.
Watch
Re: Bill C-27

Madam Speaker, my view on this is that we need to give Canadian creators and innovators every advantage we can to innovate and keep Canada in a competitive position, while at the same time protecting the privacy of Canadians and individuals. There is absolutely a balance there, and we have to find where that line is. I look forward to the good work ahead on the industry committee, where we can help to find that balance.

76 words

Ms. Elizabeth May (Saanich—Gulf Islands, GP)

Nov/28/22 5:22:38 p.m.
Watch
Re: Bill C-27

Madam Speaker, I acknowledge that I am standing today, as any day that I am on Parliament Hill, on the Algonquin land of the Anishinabe peoples. I say a large meegwetch to them. I am speaking today, as we all are, to Bill C-27, which is really three bills in one. My other parliamentary colleagues have already canvassed the bare outline of this, in that we are looking at three bills: an act to create a consumer privacy protection act; a personal information and data protection tribunal act, which largely replaces some of what there was already in PIPEDA in the past; and a brand new artificial intelligence and data act. I want to start with the artificial intelligence and data act because it is the part with which all of us are least familiar. Much of what we see in this bill was previously before Parliament in last session's Bill C-11. There is a lot to dig into and understand here. As I was reading through the whole concept of what kinds of harms are done by artificial intelligence, I found myself thinking back to a novel that came out in 1949. The kind of technology described in George Orwell's book, famously called 1984, was unthinkable then. The dystopian visions of great writers like George Orwell or Margaret Atwood are hard to imagine. I will never forget the scene in the opening of The Handmaid's Tale, where a woman goes into a store and her debit card is taken from her. At that moment, we did not have debit cards. Margaret Atwood had to describe this futuristic concept of a piece of plastic that gave us access to our banks without using cash. No one had heard of it then. There are words from George Orwell, written in 1949, about the ways in which artificial intelligence and new technologies could really cause harm in a dystopian sense. In 1984, he writes, “It was terribly dangerous to let your thoughts wander when you were in any public place or within range of a telescreen. The smallest thing could give you away.” More recently, there is the song by The Police and written by Sting and others. I will never forget that once I went to a session on rights to privacy being under assault and a British jurist brought with him for his opening of the speech, “Every breath you take, And every move you make, Every bond you break, Every step you take, I'll be watching you.” We live in a time when artificial intelligence can be enormously invasive of our privacy with things like visual recognition systems, as the hon. member for Selkirk—Interlake—Eastman was just speaking to. These are things that, for someone like me born in 1954, are all rather new, but they are new for people born in 1990 too. It is very new technology and bringing in legislation to control it is equally new and challenging for us as parliamentarians. The whole notion that we are going to be able to spot the ways in which artificial intelligence can affect our democracy is something that will take time. We talk about harms from this kind of technology, from capturing algorithms, from invading our spaces. We do not have to look any farther than the way Cambridge Analytica was used by the Brexit forces in the U.K. to harness a public outrage against something based on a pile of disinformation, by targeting individuals and collecting their data. That kind of Cambridge Analytica concern also gets into part 1 and part 2 of this bill. We really do need to figure out how to control the digital tech giants harvesting our information. As an example used earlier today in debate, there is the idea that big digital giants and large corporations can profit from data without the consent of Canadians who may have put a family photo on social media, never knowing that their privacy has been invaded and their personal information and photos have been used for profit without their permission. In this sense, I am going to flag that in the context of the artificial intelligence and data act, I hope we will be taking the time necessary to hear witnesses specifically on this. We have developed a pattern in recent years, which is to say the last decade or so, of having three or four witnesses appear on panels. All of us in this place know that committees are trying to hear from a lot of people and receive a lot of evidence. It will do us a disservice in our dive into the artificial intelligence and data act if we combine panels of people who are experts on PIPEDA and people who are experts on other aspects of this bill, with panels on artificial intelligence and data. The committees that study this bill will control their own process. Committees are the masters of their own process, but I would urge the government, the Liberal legislative managers of this piece of legislation, Bill C-27, to follow the lead of the Speaker's ruling earlier today. If we are going to vote on the artificial intelligence act as a separate piece when we come to vote, we could at least make an effort to ensure that the concentrated effort of committee members and hearing witness testimony is not diluted through several different pieces of legislation and panels with three or four witnesses. Members' questions will inevitably and invariably go to one or two. In this format of panels and pushing witnesses through quickly, we lose a lot of content. Compared with when I worked in government back in the 1980s, which I know seems like the dark ages and no one in this room was on committees in those days, committees would hear from a witness who could speak for 15 minutes and then we would have the rest of an hour to ask that one witness questions. Now that we are into something as complicated as this area, I would urge the committee to give it that kind of attention or to ask the government to send part 3, the artificial intelligence and data act, to a different committee, so that the study can be thorough and we can educate ourselves as to the unintended consequences that will inevitably occur if we go too fast. Turning to the parts of the bill that deal with privacy, I want to put on the record again a question that was raised just moments ago about whether privacy legislation should apply to political parties in Canada. At the moment, it does not. Political parties are exempted from the kinds of privacy protections that other organizations, NGOs and corporations must use to protect the privacy information of their customers, consumers and citizens. The Green Party of Canada believes it is essential that political parties be added to the list of organizations that have an obligation to protect the privacy of Canadians. I will say quickly that I tend to agree with the first analysis of one of the NGOs that are very concerned with privacy information. OpenMedia, in an article by Brian Stewart, says very clearly that this legislation could actually make things worse for some privacy protections. They give the efforts of Bill C-27's consumer privacy protection act and its personal information and data protection tribunal act a grade of D. In other words, it passes but just barely. There will be many witnesses. I can certainly confirm that, as a Green Party member of Parliament in this place, I will be bringing amendments forward, assuming this bill gets through second reading, which I think we can assume, and ends up at committee. In the time remaining, I want to emphasize that Canada is aware that privacy is a fundamental human right. It is part of the UN declaration on the rights of individuals. I echo some of the sentiments from the hon. member for Selkirk—Interlake—Eastman in asking why we are looking at consumer privacy. Maybe we should change that word to Canadians' rights and privacy. I also agree with many members who have spoken today about the problems of subclause 18(3) and the number of exemptions along with the question of what is a “legitimate” reason that people's privacy can be invaded. That should be further clarified. I find “a reasonable person would expect the collection or use for such an activity” to be fine, but the exemptions seem overly broad. If I dive into anything else I will go over my allotted time. This is important legislation. We must protect the privacy of Canadians. I think we will call on all parties in this place to set aside partisanship and make an honest effort to review it. That is not to delay it but to make an honest effort to review the bill before it leaves this place.

1511 words

All Topics

Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)

Nov/28/22 5:32:50 p.m.
Watch
Re: Bill C-27

Mr. Speaker, I believe it was in response to a question by the leader of the Green Party that a member of the Conservative Party responded by implying that the best thing we could do would be to defeat the legislation and send it back to the drawing board. I do not believe that would be the position of the leader of the Green Party, but I do have a question for her. I can appreciate there is a fear factor. We want to be cautious as we move forward, and what I suggested before in my question is that it seems to me there is a great deal of interest on all sides of the House to get into the nuts and bolts of the legislation. Given the limited time for debate in the House, would it not be better to see the legislation go before a committee because a committee has a lot more time to get into the details of the legislation? After all, we would still have all of third reading and so forth. That is why I made reference to whether we should be looking at trying to get this legislation through second reading before the end of the year, given the importance of the issue.

211 words

Ms. Elizabeth May

Nov/28/22 5:34:05 p.m.
Watch
Re: Bill C-27

Mr. Speaker, the hon. parliamentary secretary will not be the least bit surprised that I hope his government will not use time allocation again to reduce the time available for debate, and I likewise would urge all parties in this place to ensure everyone who speaks to the legislation has really studied it, knows it well and is prepared to speak to it without notes. I think that would speed along the process of second reading. There are also concerns with the legislation that I have not referenced yet, but I see an hon. colleague in this place who is certainly as concerned as I am about the rights to children's privacy. We have to be very concerned with the invasive use of images and the right of individuals to be able to get what is now called either erasure or the right to be forgotten. However, I agree with the hon. member. I would like to see the bill go to committee. I will vote for it, but I have a lot of concerns.

176 words

Mr. Ted Falk (Provencher, CPC)

Nov/28/22 5:34:59 p.m.
Watch
Re: Bill C-27

Mr. Speaker, I want to thank the member for Saanich—Gulf Islands for her engagement. In light of what we have seen in the last two and a half years with the government engaging in serious violations of Canadians' privacy and personal freedom rights, and given the fact it allowed the Public Health Agency of Canada, without judicial authority or approval, to track Canadians on Canadian soil, does the member think the legislation would prevent future episodes of that kind of thing from happening to Canadian citizens?

88 words

Ms. Elizabeth May

Nov/28/22 5:35:57 p.m.
Watch
Re: Bill C-27

Mr. Speaker, I know that my hon. colleague from Provencher and I disagree on some aspects of the facts around the Public Health Agency, but I know there certainly are concerns. I have agreed in this place before that, if an app is tracking personal information, whether it is a Tim Hortons or, worse, the government, we need to pay close attention to that. I think the legislation would make positive steps forward to prevent that, but I do not think we can say with confidence that the legislation absolutely would ensure it never happens again.

96 words

Mr. Sébastien Lemire (Abitibi—Témiscamingue, BQ)

Nov/28/22 5:36:34 p.m.
Watch
Re: Bill C-27

Mr. Speaker, I thank my colleague from Saanich—Gulf Islands for her speech. She talked about the importance of data protection. This bill is aimed at the private sector, but it does not address the public sector, even though the government itself has failed to protect data, as in the case of CERB fraud. Should the bill also regulate government data to ensure that the public interest is protected? I would like to hear my colleague's comments on this.

81 words

Ms. Elizabeth May

Nov/28/22 5:37:03 p.m.
Watch
Re: Bill C-27

Mr. Speaker, I thank my colleague for his question. As he said so well, recent examples of fraud show that we must address these issues. We must protect the privacy rights of Canadians and Quebeckers. We must do more with this bill.

42 words