SoVote

Decentralized Democracy

House Hansard - 136

44th Parl. 1st Sess.
November 28, 2022 11:00AM
Context: House Hansard - 136 - Nov/28/22
Ms. Elizabeth May
  • Nov/28/22 5:37:03 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I thank my colleague for his question. As he said so well, recent examples of fraud show that we must address these issues. We must protect the privacy rights of Canadians and Quebeckers. We must do more with this bill.
42 words
  • Hear!
  • Rabble!
  • star_border
Ms. Leah Gazan (Winnipeg Centre, NDP)
  • Nov/28/22 5:37:37 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, my hon. colleague spoke about rights, and I agree with her that privacy rights are an important part of the digital age. Like other rights, we must be clear where we stand on them. I am wondering if the member agrees with me in questioning whether making it easier for the Facebooks and the Googles of the world to use Canadians' personal information in ways that have nothing to do with their services in the guise of helping small business is the right place to stand. That is certainly one of concerns I have.
96 words
  • Hear!
  • Rabble!
  • star_border
Ms. Elizabeth May
  • Nov/28/22 5:38:10 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I think history will look back at the Googles and Facebooks of this world and put them in a category with evil flesh merchants of times gone by. They are appalling, and they get away with murder. They get away with stealing our privacy for their profit. All of these so-called platforms should be treated as publishers so that common law could deal with them, and they could not be anonymously destroying people's lives. People would know who said what. The publisher would be held to account and could be sued for abuses, which are spread, and for disinformation.
103 words
  • Hear!
  • Rabble!
  • star_border
Mr. Luc Desilets (Rivière-des-Mille-Îles, BQ)
  • Nov/28/22 5:38:55 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I will be sharing my time with my hon. colleague from Abitibi—Témiscamingue, whom I commend for his hard work. Today, I am pleased to speak to a bill that is as necessary as it is complex. As written, the bill has some grey areas, some things the Bloc Québécois has reservations about, but we do think it has a lot of potential. Bill C‑27 enacts the consumer privacy protection act. Sponsored by the Minister of Innovation, Science and Industry, the member for Saint-Maurice—Champlain, the bill is at second reading. It would create three different acts: the consumer privacy protection act, the personal information and data protection tribunal act, and the artificial intelligence and data act. That last one is very interesting. In essence, Bill C‑27 seeks to strengthen the protection of anonymity and privacy. Now that digital technology is omnipresent in our lives, it is harder than ever to make sure our privacy and personal information are protected. Until now, organizations of every kind have taken advantage of the absence of a legal consumer protection framework. In Canada, personal information is a commodity without a legal owner. Just look at the Cambridge Analytica scandal during the 2016 U.S. election. Bill C‑27 aims to change this sorry state of affairs, which is threatening our democracy, our privacy and social peace. The bill not only limits and restricts the excessive freedom enjoyed by organizations that collect and share our data, but it also gives them responsibilities. In short, it puts the individual and the idea of consent back at the centre of reflections on digital exchanges, and that is significant. The Bloc Québécois supports this bill because it partially fills a legal void in Canada. I say “in Canada” because the Quebec National Assembly passed Law 25 on the protection of personal information way back in September 2021. It is a well-written law. Bill C‑27 is actually largely modelled after it, and we are very proud of that. Given that the protection of personal information is a shared jurisdiction, it is vital to the Bloc Québécois that Bill C‑27 not take precedence over Quebec law. This does not seem to be the case at this time, but it will be up to the committee to verify this and ensure that it does not. Speaking of the committee stage, many grey areas still need to be clarified. According to Daniel Therrien, a former privacy commissioner of Canada, Bill C-27 is too timid in its current form. I myself have thought of something that could be studied at the committee stage, and that is image copyright. Since we are speaking about consent, the protection of anonymity, personal data and the need to adapt our legal framework to the digital era, I believe that it would be highly relevant to address this subject. Just like the digital world, the world of photography has changed a great deal over the past 20 years. Thanks to smartphones, and the fact that just about everybody owns one, or even two, more and more photos are being taken. According to some estimates, more than three billion photographs are taken every day around the world. An image is a form of personal information. The use and sharing of images are intrinsically linked to the principle of consent. If no consent is obtained, that is a breach of privacy. I believe that our current interpretation of image copyright is too strict, and this is detrimental to street photography and photojournalism. My father, Antoine Desilets, a photojournalist, was also a street photographer in his own way. Street photography is generally defined as photography done outdoors whose main subjects are people in spontaneous situations and in public places such as streets, parks, beaches and protests. A good example of this kind of photography is the famous photograph The Kiss by the Hôtel de Ville, taken by the renowned French photographer Robert Doisneau. That shot has actually been the subject of multiple lawsuits, with every Dick and Jane claiming to be one of the two main figures in the picture. Let me tell a little story from closer to home. In 1987, a Quebec photographer and friend by the name of Gilbert Duclos took a picture of a woman in the street. After the photograph was published in a magazine, the woman decided to sue Gilbert Duclos. She claimed that she was being mocked by her friends and felt that she had been wronged. After a two-year legal saga that reached the Supreme Court, the woman won. For more than three decades, that decision, known as the Duclos decision, has been a precedent. The debate was recently reignited by the case of a veiled woman and her husband who were photographed at a flea market in Sainte‑Foy. Since the photograph had been published without their consent, the photographer was forced to pay $3,500 to each of the two people in the photograph, even though the individuals were veiled. There is no doubt that the Duclos decision was used to bolster the plaintiffs' case. Today, it is very easy to take a photographer to court and win. This means that many photojournalists and street photographers get sued, so unfortunately, they have to practise a form of self-censorship to protect themselves and the newspapers they work for. I believe this self-censorship has grave consequences for the arts, journalism and archive building. As it happens, on October 1, a group of 12 street photographers, led by the esteemed Jean Lauzon, published a book entitled Le droit à l'image as a commentary on this very issue. The Bloc Québécois believes that the committee that will study Bill C-27 will have to take its time and question all the experts it needs to consult in order to come up with an ironclad law. I have a suggestion. Since we are discussing consent, privacy, the right to anonymity and personal data in the digital age, why not invite experts such as Jean Lauzon to help us understand how to modernize image copyright? Also, when does an image of an individual taken in a public space become private? Once again, there is the need for oral or written consent on the one hand, and perhaps the definition of the concept of a subject on the other. There is a whole host of factors to consider. For the rest, I am in favour of Bill C‑27 because it gives hope that we are going to begin to plug the gaping hole that our data is currently circulating in, allowing it to be sold and exploited. It will be especially important to ensure that the Quebec legislation takes precedence over the Canadian legislation, as is customary in matters of shared jurisdiction.
1176 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)
  • Nov/28/22 5:47:47 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, the member raises a fascinating issue, which is the capturing of images and how one would protect the privacy of the individual, especially when it is in a public setting. I think that could be applied in many different ways. It would be interesting to see how that sort of a discussion would, in fact, take place at a standing committee. The member is right in the sense that the legislation is not that far off. I do not know all of the details of it, obviously, but I am led to believe that Quebec has done some fabulous work on this issue. I wonder if he could provide any insights into how the Quebec legislature dealt with the capturing of images and the public versus privacy issue.
130 words
  • Hear!
  • Rabble!
  • star_border
Mr. Luc Desilets
  • Nov/28/22 5:48:49 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, that is a very important question. The Quebec legislation does not go quite that far, but the issue remains. The jurisprudence dates back to 1987, after all. When my colleague refers to photos taken in public, the definition of the words “public” and “private” is not clear. I might be in the street kissing my mistress. That is my private life, but at a location that, within the meaning of the current federal legislation, is a public place. There is a host of concepts of the kind that ought to be delineated and more precisely defined in order to bring some much-needed clarity to the whole issue. It is really too bad that Mr. Duclos is still burdened by this jurisprudence.
128 words
  • Hear!
  • Rabble!
  • star_border
Ms. Leah Gazan (Winnipeg Centre, NDP)
  • Nov/28/22 5:49:48 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, would the member agree that the creation of two new categories of data exempt from privacy measures is a worrisome gesture by the Liberals and could be a gift to the very technology giants to which they have such close ties?
43 words
  • Hear!
  • Rabble!
  • star_border
Mr. Luc Desilets
  • Nov/28/22 5:50:16 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, our colleague is always full of surprises. Basically, I think this bill is relevant. Overall, it is relevant. In this day and age and in light of the current context, this bill is pretty much a necessity. I am concerned about how the bill will be dealt with in committee. When it comes to bills like this one, the committee has an extremely important role to play. Beyond the wording of the bill, it is the work that is done in committee that will be critical for the future.
91 words
  • Hear!
  • Rabble!
  • star_border
Mr. Arnold Viersen (Peace River—Westlock, CPC)
  • Nov/28/22 5:50:56 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I would like to call the attention of the House and the member to subclause 15(6) of the bill, which states, “It is not appropriate to rely on an individual’s implied consent if their personal information is collected or used for an activity described in subsection 18(2) or (3).” If we look at clause 18, it states that one can use a person's implied consent when collecting information. It is fascinating to me that this bill says, on the one hand, that one cannot use implied consent, but then the exemptions part says one can rely on implied consent. What are we trying to do with this bill? It is really muddying the waters for me, and I am wondering if my hon. colleague has a comment about that.
138 words
  • Hear!
  • Rabble!
  • star_border
Mr. Luc Desilets
  • Nov/28/22 5:51:51 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, there will be more to come on that. In the case of photographs, it is not easy to define what implied consent involves. In some situations, implied consent from the subject may be a look that says that they consent. It may also involve asking the subject if they agree to be photographed. In other cases, it may involve written consent. That is why I think it is extremely important and relevant for the committee to do an exemplary job, and not just with regard to photography, which is part of who I am. In order to do that, the committee needs to invite all kinds of experts.
110 words
  • Hear!
  • Rabble!
  • star_border
Mr. Sébastien Lemire (Abitibi—Témiscamingue, BQ)
  • Nov/28/22 5:52:41 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I am pleased to speak to this bill after my colleague from Rivière‑des‑Mille‑Îles, whom I would like to congratulate. I am also pleased to be following my colleague from Trois‑Rivières, an ethics expert who enlightened us on the potential impact of this bill and the dangers involved. Unfortunately, very few people are interested in this type of bill, and yet, in the digital age, we cannot afford not to regulate the use of personal information. We cannot deny the fact that the digital shift has exploded in Quebec and elsewhere over the last decade, and it has greatly changed our lifestyles. It is impressive to see which path companies have chosen during the pandemic, and I think it is a timely discussion to have today. However, I would like to draw attention to the new part of the bill that deals with artificial intelligence. I think it deserves serious consideration. Part 3 of the bill raises many questions, and opinions from experts in the field of artificial intelligence are mixed. The use of artificial intelligence is a rapidly growing field that risks expanding beyond our control and jurisdiction if we do not begin to regulate the practice and define certain concepts. Recent developments in AI in general and deep learning in particular have led to the creation of autonomous intelligent agents, which are essentially robots capable of deciding what to do without third-party intervention. These agents' autonomy raises new questions about civil liability, so we have to think about criminal provisions that would apply if someone were put in a dangerous situation, for example. How should we approach this, and what legal status are we granting them? What legislative framework is the best fit for these autonomous agents? At this point, we think some important definitions are missing. The law clerks who are examining the bill's provisions from a legal standpoint told us that again today. What is a high-risk intelligence system? What is a high-impact system? The algorithms produced in applications that use artificial intelligence enable artificial beings to create goods or services or to generate predictions or results. If we compare them to human beings and use the existing framework, how will we interpret the notions of independence and unpredictability attributable to these artificial beings? The experts will help us understand all that. Quite a few goods already exist that have a layer of artificial intelligence built into them, and 90% of those goods should not pose a problem. Experts at Meta have even said that this technology has reached its limits, because the data to train an algorithm is insufficient in quantity and lacks depth. Let us get back to the main problem we have with Bill C‑27. Until the department clarifies its thinking on what constitutes a high-impact system, it will be difficult to assess the scope of part 3. Let us assume that everything can be considered high risk. This would mean that many companies would be accountable. If we had greater accountability, the Googles of this world might be the only ones that could risk using artificial intelligence. The bill does not need to cover everything a machine can do for us or everything software can do once it is developed and generates predictions and results like a calculator. If we compare it to the European legislation, we note that the latter is currently targeting employment discrimination systems, systems that would determine whether or not a permit to study there can be granted. That is essentially the limit of what the machine can do in our place. Although the law in this document concerning artificial intelligence is far from being exhaustive, I believe it is important that we start somewhere. By starting here, with a framework, we can lay the groundwork for a more comprehensive law. My speech this evening will help my colleagues better understand what needs to be clarified as soon as possible so we can have an important discussion about how to regulate the applications that use artificial intelligence and how to process these systems' data. First, we will have to implement regulations for international and interprovincial exchanges for artificial intelligence systems by establishing Canada-wide requirements for the design, development and use of AI systems. Next, we must prohibit certain uses of AI that may adversely affect individuals. The legislation is very clear on many other aspects, including on the fact that there would be a requirement to name a person responsible for artificial intelligence within organizations that use this technology. The responsibilities are fairly extensive. In addition to the artificial intelligence and data act, which is in part 3, Bill C‑27 also includes, in part 1, the consumer privacy protection act, as well as the amendments to the former legislation. Part 2 of the bill enacts the personal information and data protection tribunal act, while part 4 includes the coming into force provisions of the bill. As my colleagues explained, the other sections of the bill contain a lot of useful elements, such as the creation of a tribunal and penalties. One of the acts enacted by Bill C‑27 establishes a tribunal to process complaints under litigation when it comes to the use of private data. In case of non-compliance, the legislation provides for heavy penalties of up to 3% of a multinational's gross global revenue. There are provisions that are more in favour of citizens when a company misuses digital data. Yes, this bill does have its weaknesses. I believe those weaknesses can be addressed in committee, but they may require the introduction of new legislative measures. Public services, however, are not covered by this bill. Data in the public sector requires a greater degree of protection; this bill covers only the private sector. Take, for example, CERB fraud and the CRA. In 2020, hackers fraudulently claimed $2,000 monthly payments and altered the direct deposit information for nearly 13,000 accounts. The government can do more to tackle fraud. Unfortunately, this bill offers no relief or recourse to those whose information has already been compromised. There are digital records of nearly every important detail about our lives—financial, medical and education information, for example—all of which are easy targets for those who want to take advantage. It has been this way for a while, and it is only going to get worse when quantum computers arrive in the very near future. This means that we must find and develop better means of online identity verification. We must have more rigorous methods, whether we are changing our requirements for passwords, for biometrics or for voice recognition. Recently, at the sectoral committee, we heard about how easy it is for fraudsters to call telecommunication centres and pass themselves off as someone else to access their information. We must improve identity verification methods, and we must find a way to help those who are already victims of fraud. We must do so by amending Bill C-27 or introducing an additional legislative measure. Since this is a fairly complex bill, it will be referred to the Standing Committee on Industry and Technology, where we will have the opportunity to hear from experts in the field. At this step, I would like to recognize the leadership of the Minister of Innovation, Science and Industry and his team. We have been reassured by the answers we have received. Since Quebec already has data protection legislation—Bill 64, which became law 25—we want to understand when the federal act will apply and whether the changes we requested to Bill C-11, introduced in the previous Parliament, were incorporated into this bill. I want to say that we are satisfied with the answers we have received so far. We will do our due diligence because this bill includes a number of amendments. Obviously, the devil is in the details. During the technical briefings held by the department since Bill C-27 was published, we asked how much time businesses would have to adjust their ways of doing things and comply with the legislation. We expect that there will be a significant transition period between the time when Bill C-27 is passed and when it comes into force. Since the bill provides for a lot more penalties, the government will likely hold consultations and hearings to get input from stakeholders. In closing, I would like to say that I have just come back from Tokyo, where I accompanied the Minister of Innovation, Science and Industry to the Global Partnership on Artificial Intelligence Summit, where Quebec and France took the lead. The first summit was held in 2020. I would like to list some important values that were mentioned at this summit that deserve consideration and action: responsible development, ethics, the fight against misinformation and propaganda, trust, education, control, consent, transparency, portability, interoperability, strict enforcement and accountability. These are all values that must accompany open data and ecosystems.
1524 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)
  • Nov/28/22 6:02:51 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I would concur with the member and the many others who are, in essence, saying that Bill C-27 is a substantive piece of legislation that is ultimately designed to ensure privacy for Canadians. As I made reference to earlier, I think we could look at how effective the legislation of the Quebec legislation has been, which was passed just over a year ago, and what the response has been to it. I understand that was what the member was saying. Taking into consideration AI, the tribunal, digital and just how much the digital economy has grown, 20 years ago is the last time we have seen any sort of substantive changes to our privacy legislation. I am wondering if the member could provide his thoughts in regard to why it is important that we update and modernize. After all, 20 years ago, we did not even have iPhones.
151 words
  • Hear!
  • Rabble!
  • star_border
Mr. Sébastien Lemire
  • Nov/28/22 6:03:59 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I thank my colleague from Winnipeg North for his remarks. Indeed, I think such a bill was urgently needed. I commend the government's leadership and congratulate it on having understood the errors in Bill C-11 and making some improvements. I met with the Minister of Innovation, Science and Industry in January, when it was time to think about developing this bill. I emphasized the importance of the Quebec legislation and of ensuring its primacy. I thank him for listening to me and for the respect evident in Bill C-27. With respect to the urgent need to take action, Europe is putting a lot of pressure on us. Indeed, Europe has set guidelines and is currently threatening to withdraw its confidence in our artificial intelligence systems in Canada, particularly in the banking sector. It was necessary to act; better late than never. I hope the principle will be adopted quickly, but more importantly, I hope that the committee work will be thorough and that the experts will be heard. This will be more than welcome.
179 words
  • Hear!
  • Rabble!
  • star_border
Mrs. Cathay Wagantall (Yorkton—Melville, CPC)
  • Nov/28/22 6:04:57 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I have concerns around the fact that we are expecting the government to do a good job. The member mentioned CERB, which was, in many ways, abused. We are aware that the government, in an effort to roll it out quickly, removed all the checks and balances on the system. How does that build confidence for him and other Canadians to put their trust in its ability to do this correctly?
73 words
  • Hear!
  • Rabble!
  • star_border
Mr. Sébastien Lemire
  • Nov/28/22 6:05:33 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, trust is a major issue. Far too often, we are negligent. How many times do we just click “I accept” in an app without reading the consequences of what we are accepting? Our data is being sent all over the world. Artificial intelligence is something that scares me, truth be told. A guest speaker came to Parliament, to a room in the House of Commons, and this is what he told us. What does AI say is the fastest way to get to Toronto? Just simulate an accident or a speed trap so that people get off the road. That will allow us—
108 words
  • Hear!
  • Rabble!
  • star_border
The Deputy Speaker
  • Nov/28/22 6:06:12 p.m.
  • Watch
Order. I believe there is no interpretation. It is working now. The hon. member for Abitibi—Témiscamingue can restart his answer.
24 words
  • Hear!
  • Rabble!
  • star_border
Mr. Sébastien Lemire
  • Nov/28/22 6:06:33 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, it is not easy. What I was talking about was trust. Artificial intelligence is something that scares me, on the whole. A guest speaker came to a meeting held on Parliament Hill, and he told us about the risks. Say we want to drive to Toronto and there is a lot of traffic. What can we do? We can ask AI to tell us the fastest way to get to Toronto. One option is to simulate an accident, which will ensure that the road is cleared. Another is to say that police have set up a speed trap or something. AI can be used to generate very realistic photos, such as a Parliament building on fire. Fighting disinformation is a major challenge. Everyone has an individual responsibility. All too often, when using an app, we quickly click “accept” rather than doing our due diligence. That has consequences. As I was saying earlier, we send a lot of data abroad. With the arrival of quantum computing, we may suffer the consequences of sending all this data to the cloud. I do not think it is too late to have a law that sets out a framework, to improve the legislation and especially to ask experts to tell us how this bill can be improved. I am thinking about the people at the International Centre of Expertise in Montréal on Artificial Intelligence, those at the Quebec Artificial Intelligence Institute, or Mila, and those at the University of Montreal. These people work in this field every day and have a contribution to make. I look forward to hearing from them at the Standing Committee on Industry and Technology.
281 words
  • Hear!
  • Rabble!
  • star_border
Ms. Lisa Marie Barron (Nanaimo—Ladysmith, NDP)
  • Nov/28/22 6:08:07 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I want to thank my colleague. Bill C‑27 does not explicitly apply to political parties. As we have seen in the past, the potential for invasion of privacy and misuse exists in the political arena. I was wondering if my colleague would agree that the bill should be amended to specifically include political parties.
58 words
  • Hear!
  • Rabble!
  • star_border
Mr. Sébastien Lemire
  • Nov/28/22 6:08:46 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, I thank my colleague from Nanaimo—Ladysmith for her question. Indeed, political parties have responsibilities. They have people's personal data. We need to act. If we can include it in the bill, I am all for it. We have a responsibility as parliamentarians.
47 words
  • Hear!
  • Rabble!
  • star_border
Mrs. Tracy Gray (Kelowna—Lake Country, CPC)
  • Nov/28/22 6:09:04 p.m.
  • Watch
  • Re: Bill C-27 
Mr. Speaker, it is always a privilege to rise on behalf of the residents of Kelowna—Lake Country. Today we are debating Bill C-27, an act that would enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act. Canadians know we no longer live in the year 2000, but unfortunately much of our digital regulation still does. We have come a long way since Canadians' primary online concern was Y2K. The last time Parliament passed a digital privacy framework was PIPEDA, or the Personal Information Protection and Electronic Documents Act, on April 13, 2000. The most popular website in Canada that month was AOL. When Parliament last wrote these regulations, millions of homes did not have dial-up, let alone Wi-Fi. Cellular phones lacked apps or facial recognition, and people still went continually to libraries to get information, and did not have the Alexas of the world as an alternative. They also called restaurants directly for delivery. Digital advertising amounted to flashing banners and pop-up ads. In only 22 years, we have experienced a paradigm shift in how we treat privacy online. Personal data collection is the main engine driving the digital economy. A Facebook account is now effectively required to use certain types of websites and help those websites; a laptop can create a biometric password for one's bank account, and Canadians are more concerned about privacy than ever before. One of the most common videos I share with residents in my community of Kelowna—Lake Country is one relating to privacy concerns during my questioning at the industry committee in 2020, as many people reached out to me about privacy concerns. It was to a Google Canada representative regarding cellphone tracking. This was in the immediate aftermath of reports of Canadians' cellphone data being used to track people's locations during the pandemic. Cellphone tracking is something I continue to receive correspondence about, and I am sure other members in the House do as well. As traditionally defined, our right to privacy has meant limiting the information others can get about us. The privacy of one's digital life should be no different from the physical right to privacy on one's property. Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data. Privacy as a fundamental right is not stipulated in the legislation we are discussing today, Bill C-27. It is mentioned in the preamble, which is the narrative at the beginning, but that is not binding. It is not in the legislation itself. While the degree to which someone wishes to use this right is ultimately up to the individual, Parliament should still seek to update the rules using detailed definitions and explicit protections. Canadians are anxious to see action on this, and I have many concerns about this legislation, which I will outline here today. As drafted, Bill C-27 offers definitions surrounding consent rules to collect or preserve personal information. It would mandate that when personal information is collected, tech companies must protect the identity of the original user if it is used for research or commercial purposes. The legislation outlines severe penalties for those who do not comply and would provide real powers of investigation and enforcement. It presents Canada's first regulations surrounding the development of artificial intelligence systems. Even though Bill C-27 presents welcome first steps in digital information protection, there is still a long way to go if we are to secure digital rights to the standard of privacy regulation Canadians expect, and most importantly, the protection of personal privacy rights. As is mentioned in Bill C-27, digital privacy rights are in serious need of updating. However, they are not in this legislation. I agree with the purpose of the legislation, but many of my concerns are about inefficient, regulatory bureaucracy being created and the list of exemptions. Also, the artificial intelligence legislation included in this bill has huge gaps and should really be its own legislation. From a purely operational perspective, while the legislation would empower the Privacy Commissioner's office with regard to compliance, it also constructs a parallel bureaucracy in the creation of a digital tribunal. If Bill C-27 is enacted, Canada's Privacy Commissioner can recommend that the tribunal impose a fine after finding that a company has violated our privacy laws. However, the final decision to pursue monetary penalties would ultimately rest with the new tribunal. Will this result in a duplicate investigation undertaken by the tribunal to confirm the commissioner's investigation? As someone who has operated a small business, I am all too aware of the delays and repetitiveness of government bureaucracy. While it is important to have an appeal function, it is evident in this legislation that the Liberals would be creating a costly, bureaucratic, regulatory merry-go-round for decisions. Canadians looking to see privacy offenders held accountable need to see justice done in a reasonable time frame. That is a reasonable expectation. Why not give Canada's Privacy Commissioner more authority? Of course, Canadian courts stand available. The EU, the U.K., New Zealand and Australia do not have similar tribunals to mediate their fines. In addition to concerns about duplications of process, I am worried that we may be leaving the definitions of offending activity too broad. While a fairly clear definition in Bill C-27, which we are debating here today, has the consent requirement for personal data collection, there is also a lengthy list of exemptions from this requirement. Some of these exemptions are also enormously broad. For example, under exemptions for business activities, the legislation states: 18 (1) An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for the purpose of a business activity described in subsection (2) and (b) the personal information is not collected or used for the purpose of influencing the individual’s behaviour or decisions. On plain reading, this exemption deals more with the field of human psychology than with business regulation. Also in the legislation is this: (3) An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for the purpose of an activity in which the organization has a legitimate interest that outweighs any potential adverse effect on the individual resulting from that collection or use There is also an exemption to consent that would allow an organization to disclose personal information without the individual's knowledge or consent for a “socially beneficial purpose”. This is defined as “a purpose related to health, the provision or improvement of public amenities or infrastructure, the protection of the environment or any other prescribed purpose.” Who determines what constitutes a socially beneficial purpose? This sounds incredibly subjective, and I have a lot of concerns when legislation is this vague. Let me give a very simple example. Suppose a person using a coffee company app occasionally adds flavourings to their coffee while doing a mobile order. That company could recommend a new product with those flavourings already in it while a person is not physically in their business. Is this not personal information that is collected and used for the purpose of influencing an individual's decision, as in this legislation? This example is not hypothetical. In an investigation from actions in 2020, Tim Hortons was caught tracking the locations of consumers who had the app installed on their phones even when they were not using the company's app. Tim Hortons argued that this was for a business activity: targeted advertising. However, the report from the federal Privacy Commissioner found that the company never used it for that purpose. Instead, it was vacuuming up data for an undefined future purpose. Would Tim Hortons have been cleared if the current regulations in Bill C-27 were in place and if it had argued that the data was going to be used for future business activity or for some socially beneficial purpose, which is an exemption in the legislation? While I worry about the loopholes this legislation, Bill C-27, may create for large corporations, I am equally concerned about the potential burden it may place on start-ups as well. This legislation calls for companies to have a privacy watchdog and to maintain a public data storage code of conduct. This is vital for companies like Google, Facebook or Amazon, which have become so integral to our everyday lives and oversee our financial details and private information. Having an officer internally to advocate for the privacy of users is likely long overdue. However, while that requirement would not put much financial burden on these Fortune 500 companies, it could undermine the ability of Canadian digital innovators to get started. Canada has seen a boom in small-scale technology companies for everything from video game and animation studios to wellness or shopping sites for almost every good or service one could imagine. Digital privacy laws should be strong enough to not require a start-up with just a few staff to have to be mandated to have such a position internally. We should ensure that a concept of scale is appropriately applied in regulating the giants of today without crushing the future digital entrepreneurial spirit of tomorrow. I would like to address the presence of Canada's first artificial intelligence, or AI, regulations in this bill. While I do welcome the progress on recognizing this growing innovation need for a regulatory framework, I question whether it is a topic too large to be properly studied and included in this bill. In just the last few months, we have seen the rapid evolution of the ability of AI to create an online demand digital artwork, for example, thanks to the self-evolving abilities of machine learning. The impact of AI on everything from our foreign policies to agriculture production is evident. Computer scientists observed a phenomenon known as Moore's law, which showed that the processing power of a computer would exponentially double every two years, and in the 57 years since this was proposed, this law has apparently not been broken. I am concerned that most of the rules around AI will be in regulation and not in legislation. We have seen the Liberals do this many times. They do not want to do the hard work to put policies into legislation that will be brought to Parliament and committees to be debated and voted on. They prefer to do the work behind closed doors and bring forth whatever regulations they want to impose without transparency and scrutiny. We have seen the Liberals conduct themselves many times in this way. Experts in the field have already made the case that Bill C-27 falls seriously short of the global gold standard, the EU's 2016 General Data Protection Regulation. Canadians deserve nothing less. Though Conservatives agree with the premise of strengthening our digital privacy protection, this bill has many concerns and gaps. Clause 6 outlines that privacy protections do not apply with respect to personal information that has been anonymized. To anonymize is defined in the legislation as “irreversibly and permanently modify personal information, in accordance with generally accepted best practices, to ensure that no individual can be identified from the information, whether directly or indirectly, by any means.” There are a lot of risks around this. Under this legislation, information could be disclosed in numerous ways, and that is very concerning. This goes back to what I mentioned at the beginning of my speech with respect to my questioning of Google Canada early in the pandemic about tracing the locations of people through their phones and sending it to the government. The legislation creates more costly bureaucracy. It does not protect personal privacy as a fundamental right. It has questionable exemptions to protect the privacy of people based on ideologies. It allows the government to create large areas of regulations with no oversight or transparency and it is far from the gold standard that other countries have.
2054 words
All Topics
  • Hear!
  • Rabble!
  • star_border