44th Parl. 1st Sess.
March 7, 2023 10:00AM
Madam Speaker, while it is true that this bill contains the provision for substantial fines, who is going to be fined? Who would it apply to?
Will the tech giants, with their armies of lobbyists and lawyers, figure out the loopholes within all the ambiguity in this law? For a small business owner, who is not in the business of harvesting data but nevertheless must collect information to complete a transaction, will this just give more red tape and more potential liability while letting off the tech giants?
I do not know the answer to that question, and it should be clearer in this bill.
105 words
- Hear!
- Rabble!
- add
- star_border
- share
- Mar/7/23 12:38:59 p.m.
- Watch
There appears to be a problem with the interpretation.
We will take a moment to fix the problem.
18 words
- Hear!
- Rabble!
- add
- star_border
- share
- Mar/7/23 12:41:19 p.m.
- Watch
Things seem to have been fixed.
The hon. member for Trois-Rivières.
14 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I just want to put a question to my hon. colleague from Calgary Rocky Ridge, with whom I worked on the ethics committee and who is knowledgeable about situations concerning access to information. It is a question that the people of Trois‑Rivières asked me when I was out in the community.
With the arrival of ChatGPT, is it not true that a large part of this bill will have to be rewritten because it has become obsolete due to this important change in the reality of access to information?
95 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, that is an interesting question, and the member may well be right. The bill certainly has a lot to catch up with. It has been, as has been pointed out, a long time since the existing law was updated. It seems to me that so many questions remain unanswered about problems that have been well identified by all sides in this chamber, yet they are not clearly and definitively solved by the bill. The emergence of new technologies, while we are not even coping with some that have existed for years, is a problem. We are in the third decade of the Internet age. A lot of this stuff is not new, and we are still catching up with decades of issues around privacy.
126 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I am a little concerned with the Conservative position of not sending the bill to the industry committee as a co-operative approach to trying to fix problems in bills, which we are currently doing. I would like to know from the Conservatives exactly what it would take to at least move it to committee.
I have a lot of concerns about the bill. There are many issues that we have raised and spoken to. It is a fairly unfortunate position that we are going to leave it to Google and the Internet giants to basically rule over Canada, unobstructed, for the next couple of years, if we do not at least try to fix some of the problems that have been well identified.
126 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, if I was convinced the bill would do no harm, at a minimum, perhaps I would be inclined to send it to committee. I am not sure of that. If we send a bill that has this many holes in it and this many items that need to be fixed, I am not sure that can be done at committee. I am disappointed the government did not table a better bill.
73 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I rise today to address the House with respect to Bill C-27, the digital charter implementation act, 2022. It is just a year or so behind.
Thirty-four years ago, the Supreme Court of Canada recognized that privacy was at the heart of liberty. Much has changed since 1989 and little more drastically than the continuous transfer of the private information of Canadians to other organizations. The questions we need to ask are these: What are the costs of and what are the benefits of the availability of Canadians' private information for the use of others?
Many organizations see themselves as supplying useful value to Canadians by being provided, whether by contract or by capture, private information that is not knowingly provided by citizens. Examples include service companies that recognize when a consumer might be able to save a percentage of their fees by bundling certain services. In such a case, the benefit of this information availability is shared by the consumer and the service provider.
Let us make no mistake. What drives the action by the service provider is profit, which is known as the greater share of wallet. Nevertheless, in such cases, the consumer sees the benefit of being included in the information sharing, whether they know it has occurred or they do not.
This apparently benign approach to gathering information has now stretched to our daily lives, where our computers, our phones and our in-home private intelligent assistants, like Siri and Alexa, are gathering information on us. When my sons are at their homes and use Siri, they say, “Siri, turn on”. They have figured out that Siri was listening the whole time. A lot of information is being culled. Do we know that our information, in that case, when we have not actually disclosed it willingly, is being used in a benign or creditable way? Which of that has become public information to be monetized by somebody else? That is what is occurring.
Large corporations are gathering data that is being sold to others for their own purposes. That supposedly benign relationship is now being passed to another organization, in that case, that is paying the information gatherer, and so on. There is no accountability mechanism to the individual for the benefit of the supply of one's information to flow.
There is only one measurement at play, and that is profit. One need only look at the incredible financial returns associated with these technological information-gathering companies, including the Googles, the Metas, the Amazons, etc. None of those are Canadian, by the way, and realize that the value-extraction industry is lopsided in their favour. At no time in human history have start-up companies, many without a tangible product, achieved such lofty valuations so quickly. Billionaires are created out of computer code, which provides what, exactly. It provides our information.
Value is created and destroyed in commercial markets. That is the economic engine that has led the western world to prosperity, but value is only traded in financial markets. Let us ask this: Is the culling and selling of private information, however obtained, creating value or transferring value?
In that respect, the intent of this bill is good. It is designed to modernize the protection of Canadians' digital privacy rights. It is past due, and it is important. It cannot be delayed by another prorogued Parliament or another unnecessary election call, as happened to the prior bill that was introduced to advance this issue in the last Parliament. The aim of this bill is good. The execution, I would say, is way off. I see a bureaucratic solution, designed by bureaucrats, for use by bureaucrats, with what would be a minor effect for the Canadian population in general. As we say, if you are a hammer, everything looks like a nail.
The design outcomes of this bill are increasing bureaucratic oversight. The personal information and data protection tribunal act would have six members and would be put together in a tribunal, three of whom would have experience in information and privacy law. Only three out of six, which is half, are going to have experience in the very laws that they would be overseeing.
This is going to be responsible for determining the severity of financial penalties. It would have a staff of 20 with a budget, along with a larger budget for the Privacy Commissioner, which already exists. Does anybody see any redundancy in this solution?
There is a litany of financial penalties listed through this bill and a host of requirements of all businesses, even small businesses, which are going to find the requirements of this bill onerous in the extreme. Joe's Garage is going to be treated with the same expectations as the Royal Bank and face the same potential penalties.
I will read from this legislation something that would scare any small-business person. This is about privacy management programs, as required under the legislation. It states that, “Every organization must implement...a privacy management program that includes the [organization's] policies, practices and procedures....”
It further states that, “...the organization must take into account the volume and sensitivity of the personal information under its control.” What does that mean, and how do we interpret that?
It also states, “...the organization must ensure, by contract or otherwise, that the service provider provides [substantially the same] protection....” Therefore, a businessman is going to need to ensure that something nebulous is not being provided by their service provider when forwarding information. Clearly, no one involved in this bill's design has even considered what this means for Canada's small-business community.
Here is the issue for Canadians. Who has the most information on Canadians? Governments, first of all. Who is likely to get information hacked? Those same governments.
This bill shows a complete lack of accountability by the government regarding how it might misplace or misuse Canadians' data. Is the government going to fine itself in such an instance? I doubt it. That would be a round-trip anyway, at that point in time.
Banks, secondly, have a lot of information about Canadians, and they use that information to increase their returns. They have large bureaucracies, large legal departments and government relations departments to stick-handle these fines. I should note, in this legislation, many exemptions are included. Therefore, we are building more bureaucracy. That is just what Canadians have elected us to do, I say very sarcastically.
On top of the 30% increase in federal government employees over the past six years, we are going to build more bureaucracy. What this bill should be doing is trying to strike a balance between business use of data and the fundamental protection of our privacy.
Let us quickly discuss some of the nefarious uses of digital information gathering. Let us go back to the pandemic, when CERB payments were given out to Canadians, and how many criminal organizations misused that government information to pilfer the pockets of Canadian taxpayers and get undeserved CERB payments into the wrong accounts. This is what happens when government information is pilfered, and this is the main problem with the privacy of Canadians' information.
My advice to the government is to get this bill moving. It is way behind other jurisdictions on this very important issue. Look at how the absence of privacy protection has affected Canadians, and take a look at where the value of Canadians' information has gone: to all the large American tech companies.
The government must listen to that input and the alternatives that are going to be put before it when it puts together this bill. Hopefully, the government amends this bill so it actually addresses the privacy of Canadians in a more complete manner. Listen to that input and to those alternatives. As the Supreme Court of Canada reiterated 34 years ago, Canada needs to recognize privacy as a right, so let us get to work in providing an outcome that actually safeguards Canadian's privacy.
1348 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I wanted to relate to the hon. member an experience I had back in 2014 or 2015. I saw something on Facebook that said it was Stephen Harper's birthday and to wish him a happy birthday, so I did. What the heck. I am a Liberal, and I know he is a Conservative. I disagree with what Mr. Harper did, but a birthday is a birthday.
Imagine my surprise when, after that, I saw posts online that put me down as a supporter of Stephen Harper. That did raise some questions among my family and others. That is an example of something that also needs to be paid attention to. How many times, for instance, have we been asked to fill out a personality test, or whatever, not knowing that we are giving all this information that could be used against us? I am wondering if the hon. member could reflect on that.
156 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is a very good question. Often, we differ on policies in the House, but it is still good to wish others here a happy birthday, no matter whether we differ in our policy positions one way or another. Cordiality, of course, is very common here. When we are saying happy birthday to somebody, I think it is recognizable that when we are on that website and filling out a form, people are culling that information. They are using it and they are actually interpreting it as something that we may not necessarily intend.
That is exactly what is happening in the world right now. How this bill addresses that concern is beyond me at this point in time, because we have actively given that information, and that is going to continue to happen. We have probably filled out the form or checked off the box that says that we agree to supply the information, and it is probably 60 pages long, about how to actually access that going forward.
This is something this bill needs to address. It is something it needs to address in a legitimate and concise fashion so that small businesses and individuals understand what that relationship is and how it transpires.
208 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague for his speech.
I will repeat the comments I made earlier for another one of his colleagues concerning the very delicate line between the need to protect the personal information of each user on digital platforms and and digital services in every business and economic sector. There is also the issue of security and how to protect people who may be more vulnerable or more likely to be targeted by online attacks, or cyberviolence. We spoke about this yesterday during an interesting meeting with the two spokespersons for the StopCyberviolence campaign, who directed the film Backlash: Misogyny in the Digital Age.
I would like to know if my colleague believes that we are going to have to do some work to be able to identify and intercept cyber-attackers and to legislate against cyberviolence, while at the same time protecting the personal information of users of online services.
154 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, obviously the victims of artificial intelligence crimes are usually seniors. The victims of this type of violence are primarily seniors in our community.
We need to protect people who do not realize they are sharing such personal information with service providers. As a society, we need to protect people who are not really aware of the relationship between service providers and the value of personal information.
68 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I was hoping the hon. member could just elaborate a bit on some of the concerns around the personal information and data protection tribunal. It seems there is no justification for this tribunal. No privacy regime in the world has this tribunal. It introduces unprecedented levels of complexity, potential delays and uncertainty, so I am curious about the member's thoughts on this.
65 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, never in all my speeches have the questions been so astute as this. That is exactly the case. We have a tribunal now being created, with a whole bunch of people, six people, three of whom are going to have to know something about what they are talking about, which is ridiculous, quite frankly. It is actually six new people, when we already have a Privacy Commissioner who can do all of this work and, supposedly, accomplish something.
In addition, all the details of this are going to be in the regulations. There is nothing we are looking at here in Parliament that deals with the details, which are very important for us to look at, as well.
120 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I rise today to speak about Bill C-27. I will focus on the artificial intelligence and data act, but before that, I would like to briefly talk about the overall digital charter implementation act.
Canadians have never been more reliant on the digital economy, yet the current privacy law was last updated over 20 years ago, before iPhones or Facebook even existed. In the new digital economy, enhanced privacy would not only benefit consumers but allow companies to innovate, compete and thrive. We are now at a juncture where, over the next few years, the rules of the road for digital privacy and AI are being written and entrenched. That is why it is crucial to have clear rules when it comes to this sector. For Canadians to prosper and benefit from the digital economy, they need to have confidence that their data is safe and trust that their privacy is being respected.
That is why the government has introduced this legislation, which would ensure that Canada has critical protections in place. Bill C-27 would ensure that Canadians have first-class privacy and data protection and that companies that break the rules face severe consequences, some of the steepest fines in the world. It would also hold organizations to a higher standard, in particular when it comes to protecting the personal information of minors by giving them and their parents more power over their information, including the ability to have it deleted. With Bill C-27, we are moving beyond traditional privacy protection to ensuring data control for all Canadians. Canadians can be reassured that we will never compromise on the trust and safety of their privacy.
Over the last decade, artificial intelligence technologies have been expanding rapidly and have been benefiting Canadians in a variety of ways. These technologies are evolving rapidly and with that, there is an increase in risk and harms due to the use of AI systems, whether intentional or unintentional. The artificial intelligence and data act, or AIDA, would establish rules to promote the responsible use of AI and the related governance practices. The framework would ensure that the development of AI systems has to include plans to mitigate bias and harm and that organizations are accountable for their practices.
The AIDA seeks to regulate international and interprovincial trade and commerce in artificial intelligence systems by requiring that certain persons adopt measures to mitigate risks of harm and biased output related to high-impact artificial intelligence systems. The act would provide for public reporting and would authorize the minister to order the production of records related to artificial intelligence systems. The act would also establish prohibitions related to the possession or use of illegally obtained personal information for the purpose of designing, developing, using or making available for use an artificial intelligence system in an intentional or reckless way that causes material harm to individuals. This would ensure that Canadians have strong privacy protections and clear rules of the road for business, as well as guardrails to govern the responsible use of artificial intelligence.
This bill would provide Canada with adequacy within the European Union's GDPR framework and international interoperability on privacy. Further, it would enable Canada to remain on the cutting edge of artificial intelligence development. This bill would help us to build a Canada where citizens have confidence that their data is safe and their privacy is respected, while unlocking innovation that promotes a strong economy.
The University of Toronto’s Schwartz Reisman Institute for Technology and Society studied this bill, and I would like to quote from an article written by policy researcher Maggie Arai:
As technology continues to advance and permeate almost all aspects of modern life, it has become necessary for regulators to grapple with how to best regulate it. New ways of collecting and processing personal information necessitate new regulations to protect those whose information is being collected, analyzed, and sold—often whenever they visit a new website or sign up to a new app like Facebook or TikTok. Advances in artificial intelligence (AI) are also top of mind for many regulators, posing unique risks and challenges that must be addressed. The recently tabled Bill C-27 represents Canadian regulators’ efforts on both fronts.
She goes on to say:
The Artificial Intelligence and Data Act (AIDA) is the federal government’s first attempt to comprehensively regulate artificial intelligence. Canada is not alone in this: AIDA comes in the wake of similar initial attempts at AI regulation by other governments around the world, such as the European Union’s 2021 AI Act and the United States’ 2022 Algorithmic Accountability Act. AIDA, like the EU’s AI Act, takes a risk-based approach to regulating AI. However, it is worth noting that Canada proposes categorizing AI based on whether it is “high-impact,” while the EU uses the language of “high-risk.” AIDA is also far less prescriptive than the EU AI Act. The draft Act is quite short, with much room left for the enactment of provincial AI laws as well as further federal regulation....
She continues:
A person becomes a “person responsible” for an AI system if they design, develop, make available for use, or manage the operation of an AI system in the course of international or interprovincial trade and commerce.
The major requirements contained in AIDA for “persons responsible” for AI systems include ensuring the anonymization of data, conducting assessments to determine whether an AI system is “high-impact,” establishing measures related to risks, monitoring and keeping records on risk mitigation, and requirements for organizations to publish a plain-language description of all high-impact AI systems on a public website. If at any time the Minister has reasonable grounds to believe that a person may be in contravention of these requirements, the Minister may order that person to conduct an audit into the possible contravention, or engage an independent auditor to conduct the audit.
She goes on to say:
The tabling of Bill C-27 represents an exciting step forward for Canada as it attempts to forge a path towards regulating AI that will promote innovation of this advanced technology, while simultaneously offering consumers assurance and protection from the unique risks this new technology...poses.
She also states:
There are also sections of C-27 that could be improved, including areas where policymakers could benefit from the insights of researchers with domain expertise in areas such as data privacy, trusted computing, platform governance, and the social impacts of new technologies.
She goes on to say:
To ensure that the powerful new technologies that shape our world today benefit everyone, it’s essential that our policies are well-informed—especially when it comes to how technical systems work, how they interact with our legal infrastructure, and how they impact society. As we approach the implementation of this landmark regulation, it’s critical that Canadians are engaged and informed on these topics and ready to make their voices heard.
I will now quote from an article written by the law firm of McCarthy Tetrault, which states:
Bill C-27, if adopted into law, is set to have a significant impact on businesses by creating new requirements for those who make, use, or work with AI. The bill imposes several new obligations on the AI sector which are backed by serious penalties for non-compliance.
1251 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I listened intently to the speech from the member for Nepean. I note that at the beginning, the member talked about the issue of children, and the minister went on about that in his opening speech. However, the bill is 124 pages, and do members know how many times minors are mentioned? It is once, and it does not define what a minor is. It says that a minor's information is “sensitive”, but it does not define what “sensitive” is.
Perhaps a member of the Liberal government could define for the House what a “minor” is under this proposed law and what “sensitive information” is, as it would say in the definitions section.
124 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, there are two things to note here.
One is the definition of “minor”. There is well-recognized legislation that has been adopted by various authorities and institutions on who a minor is, and I think that would be applicable here.
On the definition of “sensitive” and “sensitiveness” and other definitions related to these technologies, my view is that we should not cast in iron in the legislation the definitions of various things that are involved here, but leave it to the government and the regulators going forward to have the flexibility to define the various terms that are used in this legislation.
110 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague. I would simply like him to answer the following question.
Since Quebec already has its own privacy legislation and it works very well, does my colleague not think that Bill C‑27 should clearly state that it will not contravene Quebec's legislation?
This should be stated in the bill.
57 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, the member is right that Quebec has an existing law, but this proposed law in no way would impede Quebec's ability to promote and act on its own law. In fact, this legislation would enable Quebec and other provinces to move forward with any changes they may need to make to improve their own laws to protect the privacy of people.
64 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, as the member knows, the bill is actually three pieces of legislation stuck together. I would like to get the his rationale as to why the Liberals chose that path, especially given that the first two pieces of legislation had some time in the House. After the NDP's question to the Speaker about the bill, we separated it into two different votes, because the artificial intelligence part in particular is new and requires different processes.
I think it is unfortunate that the Liberals could not find a proper way to bring this bill forward, and I would like his reflection on that, because it appears the Conservatives will not even support bringing it to committee. It appears as well that the Liberals seem intent on perhaps sabotaging efforts where there seems to be some consensus.
138 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
