SoVote

Decentralized Democracy

House Hansard - 165

44th Parl. 1st Sess.
March 7, 2023 10:00AM
Context: House Hansard - 165 - Mar/7/23
Mr. Matthew Green (Hamilton Centre, NDP)
  • Mar/7/23 10:07:11 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I will be sharing my time with the wonderful member forRosemont—La Petite-Patrie. I am grateful for the opportunity to rise today on Bill C-27, which is an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act, and to make consequential and related amendments. The amendments are what I am particularly interested in today. As New Democrats, we will be supporting this at second reading. We support the need to modernize Canada's privacy laws and establishing rules around data governance and empowering the Office of the Privacy Commissioner to bring enforcement actions to protect consumers and citizens. This bill takes some of those steps. However, there is a need to ensure that reforms are robust and effective. In my opinion, a long list of amendments will certainly be required to achieve these goals. I am going to be referencing two important works that have been presented. One is from the Centre for Digital Rights, entitled “Not Fit For Purpose - Canada Deserves Much Better”. From the title, we can note that there are some concerns with this bill. However, we recognize that this privacy legislation must be amended because there are already glaring shortfalls in PIPEDA, which urgently needs updating. Technology continues to evolve, and data-driven business continues to move away from a service-oriented approach to one that relies on monetizing personal information through mass surveillance of individuals and groups. While these businesses find new ways to expand their surveillance and methods of monetizing our personal information, Canadians' privacy is increasingly put at risk. The GDPR is the bar that is currently considered the adequate level of protection. However, if we were to do a little bit of comparing and contrasting, we would see that this bill tends to fall short of this level in terms of what the European Commission has done. What this means for us is that the ability for personal data to flow to Canada without any further safeguards is at risk. There has also been pressure from industry and advocacy groups, the privacy commissioners of Canada and abroad, and privacy and data governance experts. In fact, in this particular bill, we think that the government side has fallen short in its engagement with people; I will get to that in a moment. When we are in these technological environments, it is an ecosystem that goes well beyond our borders. We are talking about what it is like—
427 words
All Topics
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Alexandra Mendès)
  • Mar/7/23 10:10:05 a.m.
  • Watch
I would ask members who are having conversations to please take them to the lobbies. The hon. member for Hamilton Centre.
21 words
  • Hear!
  • Rabble!
  • star_border
Mr. Matthew Green
  • Mar/7/23 10:10:14 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I am sure the hon. members from the other side are about to take some good notes on the recommendations we put forward. They are probably discussing among themselves how they can improve upon these serious gaps and have some public engagement on this. We are not subject matter experts in this House when it comes to this type of technology. It is not clear whether there has been any public engagement specific to Bill C-27 as it is proposed. There was public engagement around the creation of Canada's digital charter, called the national digital and data consultations, that happened back in 2018. However, as I understand it, only about 30 or so discussions were held. That fell dearly short. The majority of digital leaders were from the private sector, and there were only a couple of universities involved. Therefore, it is unclear who the government is consulting with when it deals with this type of surveillance capitalism and the risks it presents to consumers. Let us get right to the point. What are the gaps that exist in this legislation? How does Bill C-27 compare with the ideal privacy legislation? There are many gaps. Clearly, it does not compare to the GDPR; it also falls short of privacy legislation that is currently being proposed in la belle province of Quebec, in New Zealand and in the state of California. For example, in California, the California Consumer Privacy Act, the California Privacy Rights Act and the Children's Online Privacy Protection Act have all presented more robust solutions to what is before us here today. In addition, there are privacy protections that come into effect under the CCPA that we should be considering. We need to ensure that the protections that come into effect include the rights to know, to delete and to opt out of sale or sharing, as well as the right to non-discrimination. Under that legislation, consumers also have the rights to correct inaccurate personal information and to limit the use and disclosure of sensitive personal information collected about them. There is a lot out there that we should be considering when it comes to amendments. I am going to list examples of gaps within this bill so they are on the record. The bill does not promote the development of data stewardship models. It does not require that organizations take into account the potential consequences to individuals and societies through such measures as privacy impact assessments of a breach of security or safeguards. There is no section in Bill C-27 expressly dedicated to cross-border dataflows. There has been no privacy impact assessment done to address any additional risks, which should be identified, justified, mitigated and documented in such an assessment. There is no assessment of the broader level of privacy rights protections in foreign jurisdictions. This is a very important conversation, particularly this week in the House, that includes how Canadians' privacy rights can be enforced. This bill does not include specific rules that are applicable to data brokers, and these are important third parties who are not service providers. There should be a fiduciary duty to individuals if data processors act as intermediaries between individuals and data collectors. This would ensure that such service providers only use personal information entrusted to them for the purpose intended by the individuals. This bill does not provide the right to disposal with respect to search engines' indexing of personal information where it could cause harm to the individual's privacy or reputation. It does not include the language that was in PIPEDA regarding individual access where it provides an account of third parties to which personal information about an individual or an organization has been disclosed. There should be an attempt that is as specific as possible. This bill does not include the right of individuals to express their points of view to a human who can intervene or to contest decisions. When we look at AI or how algorithms are working in society today, they are inherently flawed. In fact, there is another study that I would reference, titled “AI Oversight, Accountability and Protecting Human Rights”, which has commentary on this. This was authored by a series of subject matter experts who gave a long list of needs for adequate public consultation and proper oversight of AIDI to effectively regulate the AI market in Canada. The commissioner needs to be an independent agent of Parliament. We need to empower an independent tribunal to administer penalties in the event of a contravention, and we need to outline the best practices for auditing and enforcing the law. There are dozens of recommendations contained in both reports that, as New Democrats, we will be presenting to the government at the appropriate time at committee. It is clear, from the body of the preliminary work that has been done, that this bill is inadequate as it stands. It is too big to adequately cover AI and consumer protections. It has always been our belief that those should be split up. That way we can have an investigation to ensure that consumer protections are met, that surveillance capital does not continue to profit off our most personal information and data and that, ultimately, we have safeguards with a robust and very firm platform on which these organizations, businesses, companies, and in some instances foreign countries, are held to account when they violate our rules.
912 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Ms. Lisa Hepfner (Hamilton Mountain, Lib.)
  • Mar/7/23 10:16:39 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I would like to thank my friend from Hamilton Centre. I see him all the time in our town, and we serve together on the Standing Committee for Access to Information, Privacy and Ethics. I would ask whether he thinks there is urgency to this legislation, given the fast pace that this technology develops and that companies are using it to develop what can sometimes be invasive and can violate the privacy of Canadians.
76 words
  • Hear!
  • Rabble!
  • star_border
Mr. Matthew Green
  • Mar/7/23 10:17:10 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, it is clear that Moore's law has extrapolated over the inaction of the Liberal government for the last eight years. We absolutely should have moved on this. However, we need to do it right. It is important that we do not put a piecemeal effort forward to try to keep up with technology that has surpassed our grasps. There are subject matter experts who know this material better than we do. We need to have an engagement with them at committee, and we need to be able to provide independent safeguards so that when violations happen the legislation actually has teeth to address it.
107 words
  • Hear!
  • Rabble!
  • star_border
Mr. Rick Perkins (South Shore—St. Margarets, CPC)
  • Mar/7/23 10:17:50 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I am curious if the member would expand a little more on the artificial intelligence section of this bill. Our reading of the bill is basically that the government has this vague definition of what artificial intelligence is and that it does not really know, but we should trust the government. The minister will define it all in regulation, will enforce the regulation, will investigate if one has broken that regulation and will impose fines on that regulation without ever having to go to Parliament to decide anything. Therefore, he is going to be judge, jury and executioner on artificial intelligence and on something the government has not defined. I wonder if the member would comment on that.
120 words
  • Hear!
  • Rabble!
  • star_border
Mr. Matthew Green
  • Mar/7/23 10:18:33 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, that is an important question. Bill C-27 needs consistent, technologically neutral and future-proof definitions both to the consumer privacy protection act and the AIDA within Bill C-27. It should provide definitions for AI or algorithmic systems that are cohesive across both laws, and the definition for AI ought to be technologically neutral and future-proof. That is the question I just answered for the previous speaker. A potential pathway for regulation is to define algorithmic systems based on their applications, instead of focusing on the various techniques associated with machine learning and AI.
98 words
  • Hear!
  • Rabble!
  • star_border
Mr. Mike Morrice (Kitchener Centre, GP)
  • Mar/7/23 10:19:17 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I appreciated hearing the member for Hamilton Centre's speech on Bill C-27. I would like to hear more from him, in particular on subclause 18(3). This section talks about a legitimate interest for an organization to collect a person's private information without consent. There have been concerns shared here with respect to how open-ended this legitimate interest could be. I wonder if the member would reflect and share more about his concerns, if any, with the way the bill is currently written.
89 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Matthew Green
  • Mar/7/23 10:19:50 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, that is also an important question, because I think what the member did not reference, which I will reference specifically, are the instances where governments used this information. I think that informed consent is an inherent right to privacy and protection. The AIDA must apply to government institutions, given that the AIDA only currently applies to the federal private sector, as government institutions are explicitly exempt from this. It is imperative that the AIDA's framework be brought in to include government institutions. Let us be very clear. Individuals ought to always have informed consent about where their information and data go. There ought not to be situations, outside of warrants expressed through our legal system, that allow for the collection, maintenance and distribution of personal information online.
130 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mrs. Julie Vignola (Beauport—Limoilou, BQ)
  • Mar/7/23 10:20:49 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, at the beginning of his speech, my colleague talked about the progress Quebec has made with Bill 25. Bill C-27 appears to provide some protection or at least not go against Bill 25, but there is no real guarantee. Does my colleague think that this is one of the changes that should be made to ensure that Bill 25 in Quebec is not hindered by Bill C-27 and that, instead, these laws complement one another?
85 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Matthew Green
  • Mar/7/23 10:21:22 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, while I have a growing appreciation for the Bloc's propensity to be here as representatives of the Quebec legislator, I am not here in that capacity. Any legislation we put forward does have international ramifications that must be met in terms of the international standards related to the protection and collection of data.
56 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Alexandre Boulerice (Rosemont—La Petite-Patrie, NDP)
  • Mar/7/23 10:21:48 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I want to use my speaking time in the House to note that today is the 85th day of the blockade of the Lachin corridor. This blockade has left 120,000 Armenians in Nagorno-Karabakh without access to health care, food and medication. This situation has been denounced by the European Parliament, by Amnesty International and, last week, by the International Court of Justice. I urge the federal government to do more and apply pressure to ensure that these 120,000 Armenians can have access to food and to prevent a humanitarian crisis. I am pleased to rise in the House today to speak to Bill C-27, an act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other acts. This bill includes many things and covers many topics. I want to begin with the part on artificial intelligence. The NDP was a bit concerned by the fact that in the wake of Bill C‑11, this whole new part on the Artificial Intelligence and Data Act was added to Bill C‑27. We think this is a separate issue that needs to be dealt with separately. It is a huge topic in and of itself. We are pleased that the bill is being split so that we can study it in two parts. In my riding, Rosemont—La Petite-Patrie, there is a burgeoning AI hub that provides jobs for hundreds, maybe even thousands, of professionals. I have met people who were a little worried about the federal government being kind of hasty in dealing with an issue as complex as AI. They are particularly worried about the fact that the U.S. and the EU have laws and regulations already. They think we need to take the time to make sure Canada's regulations are compatible with what is being done elsewhere, with our trading partners and our competitors, just so that it will be easier to attract talent down the line and get these professionals to go work in Montreal, Toronto, Vancouver and other places in Quebec and Canada. They want to avoid the kind of incompatibility that could result in unnecessary obstacles. With respect to the protection of personal information, I believe that, sadly, a string of scandals has made people aware of this issue, and they realize that our laws and regulations must be updated and adapted. Consider the personal information and data breaches and the problems this causes for people. I will quickly mention a few examples. The problems with Yahoo, Marriott, and Mouvement Desjardins in Quebec, as well as Facebook, all revealed the need for new measures to help victims who have had data and their personal information stolen in several countries. We need only think of the 2019 settlement in the U.S. for the Equifax data breach. It is quite significant, given that Equifax is one of the largest companies people rely on for their credit score so they can make purchases or borrow money. This is not trivial. Here, in 2019, the Office of the Privacy Commissioner of Canada found that Equifax fell short of its obligations to Canadians and Quebeckers. He then had the company sign a compliance agreement that did not require the payment of any fines or damages for Quebec or Canadian victims. This happened just a few years ago and clearly demonstrates just how outdated Canada's legislation is. That is why the NDP will be supporting Bill C-27 at second reading. We think it is important that the bill be sent to committee, because we see all the cracks and gaps currently in the bill. It is important that the Office of the Privacy Commissioner be strengthened to bolster enforcement measures to protect consumers and Canadians. Bill C-27 needs to be amended to improve things. There are some shortcomings in this bill. There is even some backsliding in relation to Bill C-11, its predecessor in the previous Parliament, before the last election. Privacy concerns everyone. In a digital world where social media and online entities are taking up more and more space, we have to remember that, although it is nice to use them sometimes—and they can be of great service—we are the ones who have become the product. Our personal information is the source of huge profits, and we need to be aware of that. Our information is used to target the advertising we see on our devices when we go to websites. That targeting is based on our personal choices, preferences and searches. Big corporations create profiles and use them to sell advertising. We are the product. These companies make money off the information we give them for free. I have met people who had an interesting suggestion. Maybe these companies should pay us because we are their source of profit. They make money off the targeted advertising they sell, and that is how they plump up their bottom line. We need to modernize our privacy protection laws. We also need to start thinking about the implications of handing over so much information about our consumer behaviour, our travel patterns, our interests and everything we search for online. We have to prompt people to think about that. The bill is interesting because it creates a lot of new regulations and a new tribunal. The NDP thinks that is a good thing, but the bill does not go far enough. For example, the bill sets out a private right of action for individuals, but it does not really make it possible for consumers who have fallen victim to privacy breaches to be compensated, unlike what is being done in the United States. This right comes with various rather ineffective stipulations, so although there are new provisions, like this new tribunal, the bill provides for very little recourse. A few years ago, the NDP published a digital bill of rights for Canadians. In it, we called for new, more effective provisions on consent and the sustainability of data. We called for the government to give the commissioner order powers and to impose larger and more consequential monetary penalties. We also called for transparency with regard to algorithms and more protection against abuse. I think that the government could draw inspiration from the NDP's digital bill of rights to amend, enhance and improve the bill before us today. Once again, I have to say that this bill takes half steps because it proposes half-measures. There are some rather interesting measures in this bill, but they do not go far enough. For example, there is still a significant imbalance between commercial interests and individual rights. Unfortunately, the Liberals are still in the habit of putting commercial interests ahead of the rights of citizens. For example, the new preamble of Bill C‑27 tries to present privacy as an individual interest tied to fundamental rights, but still does not directly recognize that privacy is not just an essential aspect of fundamental rights, but a fundamental right in and of itself. It considers the right to privacy to be part of Canadian norms and values, rather than a fundamental right. I think this part of the preamble of the bill should be changed. There is also some backsliding. Under Bill C‑27, individuals would have less control over the collection, use and disclosure of their personal data, even less than what was proposed in Bill C‑11, which was introduced during the last Parliament. That is really the crux of the matter. If we do not have control over the information we provide or the way it is used or shared, it will be a wild west, total chaos. That is what we are seeing now, in fact. This is a step backwards, and I think that the NDP will be proposing amendments to restore this balance. Under the bill, information that has been de-identified is still personal information, with some exceptions. There are quite a few exceptions, including in clauses 20 and 21, subclauses 22(1) and 39(1), and the list goes on and on. Roughly a dozen clauses contain multiple exceptions, so it gets extremely complex and confusing. It seems to me that this is going to give big corporations and web giants a way out, through loopholes and back doors. They will be able to do whatever they want because of this list of exceptions. We in the NDP will be supporting the bill at second reading, but there is still a lot of work to be done to improve the bill.
1459 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Williams (Bay of Quinte, CPC)
  • Mar/7/23 10:31:41 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, certainly from the Conservative side and from the NDP, it seems like we are on the same page when it comes to looking at privacy, protecting privacy and stating that privacy should be a fundamental right, not only in the preamble but also in the clause statement. The clause statement is very important because that is what the bill is derived from. The definition of privacy and fundamental rights then goes throughout the rest of Bill C-27. One example that came out this week was of our children using a game called Fortnite. There are a lot of other games children spend a lot of time on sometimes, but Fortnite was found to be in breach of error in the U.S. for exploiting our children, taking their data and selling that. Can the member please answer for me how important it is not only to protect our adult fundamental right to freedom, but also our children's fundamental right to freedom?
165 words
  • Hear!
  • Rabble!
  • star_border
Mr. Alexandre Boulerice
  • Mar/7/23 10:32:40 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I thank my colleague for his question, because it is really important. I am not saying that just because I have teenagers at home. We also see the dangers of social media and the fact that young people's privacy or personal information can be exploited. In that regard, once again, Bill C‑27 does not go far enough. Bill C‑27 includes an interpretation clause stating that the personal information of minors is considered to be sensitive information. However, in the current bill, there is no definition or explicit direction as to what constitutes sensitive information. Once again, the work is only half done. What exactly does “sensitive information” mean when we are talking about information on a minor, someone under 18 years of age? We will have to move amendments to make this much clearer.
144 words
  • Hear!
  • Rabble!
  • star_border
Ms. Monique Pauzé (Repentigny, BQ)
  • Mar/7/23 10:33:40 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I thank my colleague from Rosemont—La Petite-Patrie for his speech. This is not a subject I know very well, but I am making progress. I would like to remind everyone, however, that Canada is a digital wild west. There was no legislation that interfered with the commercial interests of these organizations. In essence, Bill C‑27 is a response to European legislation. Without Bill C‑27, Canada would likely not be meeting the European Union's expectations. The financial community is applying pressure because it is under stress. My question is going to cast a much wider net. What does my colleague think about the complacency of successive Canadian governments? I am talking about complacency in all sorts of other areas too, including transportation safety, cybersecurity and the environment. What does my colleague think about that? The Canadian government is always forced to take action when it is pressured by the financial community or other countries.
166 words
  • Hear!
  • Rabble!
  • star_border
Mr. Alexandre Boulerice
  • Mar/7/23 10:34:40 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I thank my colleague from Repentigny for her question, which gives me an opportunity to talk about the laissez-faire approach that has been taken. There were years of neo-liberalism where private corporations reigned. The government let them do pretty much whatever they wanted. I think that the progressive forces and the left, in general, always need to be there to push our governments to do more to have more regulatory frameworks to keep people safe, for example. Today, we are talking about the security of personal data, but we could also talk about rail safety. Think about Lac-Mégantic. The railway companies are inspecting themselves, to see if they meet the standards. I do not think it is responsible for a government or a society to allow these big corporations to supervise themselves, to do their own inspections and then to say that they did everything right, when they tend to cut corners to make a profit.
163 words
  • Hear!
  • Rabble!
  • star_border
Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)
  • Mar/7/23 10:35:45 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, I wonder if the member could provide his thoughts in regard to his critique of the legislation, when he said that there are many things missing. A number of the things the member refers to could easily be done through regulation. The legislation sets in place a very substantial framework, which is there to protect the privacy of Canadians, and a number of things that have been raised already this morning could be done through regulation. In fact, many would argue they might be best done in regulation.
90 words
  • Hear!
  • Rabble!
  • star_border
Mr. Alexandre Boulerice
  • Mar/7/23 10:36:19 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, when we hear that certain things can be done through regulation, that calls for a bit of a leap of faith. The bill needs to have clear guidelines and provide specific direction so that the regulations can then be coherent and consistent. It is not good enough to say that things will be done correctly later through regulation. For instance, the current Bill C‑27 contains no guarantee that when someone asks for their data to be destroyed, it will actually be destroyed and stay that way for any length of time. We will have to work on this to ensure that the regulations really do help Canadians.
111 words
  • Hear!
  • Rabble!
  • star_border
Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)
  • Mar/7/23 10:37:03 a.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, it is a pleasure to rise to speak to Bill C-27 today. As I put forward to my friend in the form of a question, when we think of Bill C-27, I like to think that the government is on the right track in continuing to protect the privacy of Canadians in many different ways. Yesterday we had a debate on Bill C-26 on cybersecurity. If we take a holistic look at what the government has been able to accomplish through legislation and, ultimately, in certain areas in terms of developing the industry through budgetary measures, Canada is indeed in a very good position in comparison to our peer countries around the world. I do not say that lightly, because I know that all members are very concerned about the issue of privacy. That is in good part why we have the legislation today. The last time these changes we are proposing happened was two decades ago. Let us reflect on that time of 20 years ago. We did not have iPhones, and Facebook did not exist. Going back a little further than that to when I was first elected, when one clicked into the Internet, the first thing one heard was a buzzing sound, the dial tone and then clicking. Then one was magically connected to the world. How far we have advanced in a relatively short period of time. Last week, I was on the Internet making a purchase that would be delivered. I never had to go to the store. It involved my doing a little bit of design work on the computer before making the purchase. I was told yesterday that it was delivered to my home. The amount of information out there is absolutely incredible, and it is very hard to imagine the types of data and the risk factors out there. That is why it is so important that, as a government, we bring forward substantive legislation that is going to protect the privacy of Canadians, to ensure companies are held accountable and, in the context of yesterday's debate, to protect them from security threats that are very strong and very viable. It was interesting yesterday listening to the debate for a number of hours. I get the sense that a wide spectrum of support is shaping up today. The NDP is supporting the legislation. My understanding is that the Conservatives are supporting the legislation. The Bloc, in principle, is supporting the legislation. The Province of Quebec has actually made some significant gains on this whole front, so I am not surprised that the Bloc or members from Quebec within the Liberal caucus are very strong about these issues, whether they are cybersecurity issues or the privacy issues of Bill C-27 that we are debating today. I raise this because I believe that it does not matter what side of the House one happens to sit on, as this is legislation worth supporting. As I indicated, it has been 20 years since we have seen substantial changes to the legislation. The expectation is very high that we will not only introduce the legislation but that, with the cooperation of members opposite, we will see it pass through in a timely fashion. Being an optimist, I would like to see the bill pass before the summer, and it is possible. I realize that it would require a great deal of co-operation from opposition parties, but I do believe it is doable, especially after the comments I heard this morning. The legislation is not meant to address every matter that Canadians are having to face in the digital world. That is not what it is designed for. As I indicated, the legislation, whether this one or Bill C-26, goes a long way in establishing a solid base for a framework that would enable the government of the day, which is held accountable by the opposition, to have the opportunity to do a lot of work in an area where we need to see a higher sense of security and protection. One member across the way asked about engagement. There has been a great deal of engagement. I can assure the member that, whether it is from a constituency perspective, a ministerial perspective or, I would even suggest, the member would have to take some credit in terms of an opposition perspective, there has been a great deal of dialogue. This is not a new issue. This issue has been in the making for years now. There have been some factors that are beyond the government's control in terms of the manner in which it can bring forward legislation, for example the worldwide pandemic and the requirement for substantial legislation in order to support Canadians and have their backs. There were issues of that nature, along with numerous other pieces of legislation. I would not want to give a false impression that this is not an important issue for the Government of Canada. At the end of the day, based on comments I have heard on both Bill C-26 and Bill C-27, I believe the legislation would establish a solid footing or framework, whatever terminology we might want to use, and, at the very least, we should see it go to committee. The principles of the legislation are in fact endorsed and supported by all sides of the House, from what I can tell, and please correct me if I am wrong. No doubt we will have other legislation that might be somewhat more controversial, where there is real opposition to the legislation, and this would enable more time for debate on that type of legislation. If we could somehow recognize the value of this legislation, given that there is so much support for its principles, we would allow it to go to committee, where members of Parliament are afforded the opportunity to get into the nuts and bolts, the details, where there is representation from different stakeholders at committee to express their thoughts and opinions on the legislation, and where members can find out directly from the minister what kind of consultation has taken place. The member does not to have to take my word for it, but I can assure him that there has been a great deal of consultation. He would be able to hear that first-hand from departmental officials, the minister and so forth. I believe the government has done its work in bringing the legislation to the point where it is today. We have seen ministers, in their opening remarks and in their response to questions, in co-operation with opposition members. The government has demonstrated very clearly in the past that it is open to amendments that can improve upon legislation for the benefit of Canadians, and if there are ways we can improve this legislation, we will accept those types of amendments. We will support those types of amendments. I believe this is one of the areas where the Prime Minister has been very good in sending that message. It could be because of years in opposition, when the opposition never had amendments accepted by former prime minister Stephen Harper. At the end of the day, if there are ways to do it, we can improve upon this bill. I heard yesterday on Bill C-26, and already today on Bill C-27, that members have genuine concerns. I do not question those concerns, but I do believe that it would be helpful if they can look at those concerns. If they already have ideas that they believe will improve the legislation, nothing prevents members of the opposition or government members from being able to provide those amendments or thoughts in advance to the ministry, which would potentially allow for a deeper look into it to see if, in fact, something is doable. The NDP talked, for example, about digital rights for Canadians. There is a great deal of concern that we need to ensure and recognize them, whether they are consumer rights or privacy rights. These are things we all hold very close to our hearts. We all want to make sure the interests of Canadians are being served. When I took a look at the specifics of the legislation, I highlighted three parts I wanted to make reference to. CPPA would strengthen privacy enforcement and oversight in a manner that is similar to that of certain provinces and some of Canada's foreign trading partners. It is important that we do not just look internally. There are jurisdictions, whether nations or provincial entities, that have already done some fine work in this area. We do not have to reinvent the wheel, and working with or looking at other forms of legislation that are there is a very positive thing. In particular, the CPPA would do so by granting the Privacy Commissioner of Canada order-making powers that can compel organizations to stop certain improper activities or uses of personal information and order organizations to preserve information relevant to an OPC investigation. This is significant. We need to think in terms of the technology that I make reference to. I can remember a number of years back when a pizza store was becoming computerized. As someone called in and made an order, they recorded the telephone number, the name and the address, personal information such as that. I remember talking to the franchise owner, whom I happen to know quite well, explaining how the collection of data, if used appropriately, can not only complement the business, but also complement the consumer, and this was maybe 20 years ago. We can contrast that to an iPhone and looking at some of those applications we see. The one that comes to mind is a true Canadian application and a true Canadian franchise: Tim Hortons. My wife never followed hockey, but nowadays she does because of Tim Hortons. One can win free cups of coffee by picking who is going to score goals or get assists. I am not exactly sure how it works, but Tim Hortons comes up with a program that is actually collecting data from people. It is a program that allows it to send out all kinds of notifications. It could be sales of product. It could be something like NHL standings. It really engages the consumers. An incredible amount of data is actually being collected. Tim Hortons is not alone. One can go to virtually all the major franchises and find the same thing. It is not just the private sector. Yesterday we were talking about cybersecurity, and one can easily understand and appreciate the sensitivity of collecting information, even if one is a Tim Hortons or a Home Depot, but also many government agencies. For example, there is the amount of personal information Manitoba Health has, which is all computerized. There are also doctors' offices. The digital world, in a very real and tangible way, has changed to such a degree that many, including myself, would argue that things like Internet access have become an absolute and essential service nowadays. It is something we all require. The incredible growth of data banks, both in the private sector and in the government, and I would throw in the non-profits and the many other groups that collect data, has been substantive in the last 15 or 20 years. That is the reason why today we have the type of legislation we have before us. Bill C-27 would ensure that we have something in place to provide consequences for offences. To give members a sense of those consequences, the new law would enable administrative monetary penalties for serious contraventions of the law, subject to a maximum penalty of 3% or $10 million of an organization's global revenue, whichever is greater, and fines of up to 5% of revenues or $25 million, whichever is greater, for the most serious offences. I said I wanted to highlight three things, so I will move on to the second point. The personal information and data protection tribunal act would establish a new tribunal, which would be responsible for determining whether to assign administrative monetary penalties that are recommended by the Privacy Commissioner following investigations, determining the amount of penalties and hearing appeals of the Privacy Commissioner's orders and decisions. The tribunal would provide for access to justice and contribute to further development of privacy expertise by providing expeditious reviews of the Privacy Commissioner's orders. The third point is that the AIDA would impose a duty to act responsibly by requiring organizations designing, developing, deploying or operating high-impact artificial intelligence technologies to put in place measures to proactively mitigate risks of harm and bias in the development of these technologies. I have less than a minute left to talk, and I have not even touched on the AI file. I made reference at the very beginning to the financial investments of this government in encouraging the growth of that industry in the different regions of our country. The Government of Canada is not only bringing in the type of securities that are absolutely important for Canadians from a privacy perspective, to encourage continual growth in the area and have these protections in place, but also doing so through budgetary measures to ensure that we continue to enhance the opportunities of Canadians. If we take a look at the digital world today, it is very hard to imagine where it is going to be tomorrow, at least for myself, in witnessing the growth of the digital world over the last 20 or 30 years and how far it has gone. This legislation is a modernization. It is legislation we can all get behind and support. I would encourage members, no matter what party they are from, to support it. Let us see it go to committee, where the committee can do its fine work and see if we can even improve—
2336 words
All Topics
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Alexandra Mendès)
  • Mar/7/23 10:57:07 a.m.
  • Watch
Questions and comments, the hon. member for Saskatoon West.
9 words
  • Hear!
  • Rabble!
  • star_border