SoVote

Mar/7/23 1:26:04 p.m.
Watch
Re: Bill C-27

Madam Speaker, what is unfortunate with the Conservatives' position on this is that they have raised some significant problems with the bill, but they want to stop it from going to committee, which is rather ironic. The suggestion is to hand the entire project back to the Liberals, their central party organization and their political infrastructure to start over as opposed to moving it to public debate, witness testimony and expert dialogue, which is necessary. I am not willing to turn this entire project back to the Liberal machine, and that is what is unfortunate here. I can attest that his members in the committee are very good. We have heard speeches from the Conservatives saying that they want amendments. Why will they not bring the bill to committee and get those amendments? That is a better choice than turning it back to the Liberals, whenever that is going to take place.

152 words

Mr. Brad Vis

Mar/7/23 1:27:04 p.m.
Watch
Re: Bill C-27

Madam Speaker, I will note that I am on the industry committee with the member for Windsor West, and he provides a lot of intelligent insight and corporate knowledge to key pieces of legislation like this one. Unfortunately, we are in a situation today where the New Democratic Party has decided to support the Government of Canada on all key pieces of legislation. Therefore, even if the member for Windsor West has a problem with a key aspect of the bill, I am not confident the supply agreement between those two parties will result in good legislation. That is why the Conservatives are calling on the Government of Canada to go back to the drawing board. At the end of the day, the New Democrats do not have enough money to fund a federal election. That is why they are supporting the Liberals, despite the poor legislation.

147 words

Ms. Lisa Hepfner (Hamilton Mountain, Lib.)

Mar/7/23 1:28:00 p.m.
Watch
Re: Bill C-27

Madam Speaker, I am so pleased to rise today to speak to the digital charter implementation act, 2022. With Bill C-27, our government is showing leadership in a new digital world. Privacy is important to the residents of my riding of Hamilton Mountain. It is important to all Canadians. This legislation would not only benefit consumers, it would allow companies to innovate, compete and thrive. The world I grew up in is significantly different from the world in which my son is growing up. This bill gives me confidence that we will be able to take advantage of the latest technologies, while at the same time be assured that our personal information is safe and secure. I want to specifically talk about the consumer privacy protection act and how it sets out a balanced approach to compliance and enforcement. Canadians clearly want their personal information to be handled responsibly, and they want meaningful consequences for organizations that break rules to gain some advantage. Canadians want fair punishment for truly bad actors. According to a survey published by the Office of the Privacy Commissioner, 71% of Canadians have refused to provide their personal information to an organization because of privacy concerns. In an earlier survey, this same percentage of Canadians said that their willingness to share their personal information would increase if they knew the organization would face financial consequences should their information be mishandled. Such consequences are clearly an important tool for enhancing privacy protection for Canadians and also for helping organizations comply with the law right from the start. The consumer privacy protection act, or CPPA, will assist companies to get privacy right and the escalating enforcement approach will correct problems as they arise. The new privacy law incentivizes organizations to step up and improve their privacy practices at the outset. The CPPA will also provide the Privacy Commissioner with a key role in helping them do so. Under the CPPA, businesses will be able to ask the Privacy Commissioner to review the policies and practices that make up their privacy management program, which will assist them in complying with the law. The commissioner can also ask to review such programs. This is a very important step in the early detection and serves to correct problems at the outset. Privacy management programs cover a wide range of privacy considerations: how companies manage service providers; how they respond to breaches; when to undertake privacy risk assessment; employee training; complaint handling; and so on. Under the CPPA, the Privacy Commissioner will be able to examine these policies and practices outside of an investigation. The goal is for the commissioner to give advice and make recommendations. The CPPA will prevent the commissioner from using what he or she has learned in these reviews in any enforcement action unless the organization willfully disregards recommendations. We think this would be very rare, but if it happens, action can be taken. The approach provides an appropriate space in which the commissioner can provide advice and companies can take proper action. At the same time, the commissioner will be able to gain insights on how the law is implemented in real-world situations, thereby being able to better advise organizations on the challenges they may face in the privacy space. Essentially this approach builds on the Office of the Privacy Commissioner's current business advisory function, which has proven successful in encouraging compliance through engagement rather than enforcement. By allowing for the review of privacy management programs, the CPPA provides businesses with a safe place to seek and obtain advice and implement compliance solutions at the onset. We believe this will help prevent privacy issues before they have an impact on individuals. We know Canadian companies will be very interested in this part of the new law, particularly smaller companies and start-ups, and I can probably think of a few in Hamilton Mountain. The CPPA recognizes that a one-size-fits-all approach does not work for privacy. Some organizations deal with minimal amounts of personal information; for others, it is central to their business model. That is why the CPPA allows organizations to develop their privacy management programs according to the volume and sensitivity of the personal information that they handle, and why the commissioner must also take this and a company's revenues into consideration during the exercise of the role under the law. Another important protection under the new act is the ability of the Privacy Commissioner to review the risk assessments and mitigation measures that organizations must do if they rely on a brand new exception to consent for activities in which they have legitimate interest. Under the CPPA, the Privacy Commissioner will continue to undertake research and publish guidance. It is a long-standing role and important in helping organizations meet their compliance obligations. It is a role that we wholeheartedly support. The bill would ensure that organizations build privacy considerations into their products and services from the beginning. Working with organizations, giving guidance, this is a fundamental role of the Privacy Commissioner. We want to be proactive here. We want to prevent problems before they have a harmful impact on individuals. However, there will be organizations that do not have the right practices. There will be others that have the right practices but still make mistakes. This law provides individuals with the right to complain about an organization's privacy policies when they appear to be offside with the law. The right to complain is considered to be a fundamental principle in all privacy statutes. Under the CPPA, like PIPEDA, the Privacy Commissioner also retains the ability to initiate a complaint investigation when there are reasonable grounds to do so. This is an important role because filing a formal complaint is not always obvious. Maybe some people will not know there is a problem; maybe they do not have time to make a complaint. This is where the Privacy Commissioner should be able to take action when intelligence gathering from media reports and their own research indicate that there could be potential trouble. CPPA encourages the early resolution of problems and provides for dispute resolution. Over the years, through its active early resolution approach, the Office of the Privacy Commissioner has successfully been able to resolve many complaints with limited formality. The CPPA maintains such tools for the commissioner. For example, compliance agreements, introduced relatively recently under PIPEDA, remain in the CPPA. Pursuing these agreements allows companies to work out an acceptable resolution with the commissioner, without the commissioner resorting to more formal measures, like orders. However, resolution will not always be possible or desirable. Sometimes the commissioner will need or want to consider stronger measures. Under CPPA, the commissioner will have the power to issue orders to compel an organization to take necessary actions to bring the organization into compliance. This is a new power and a key improvement over PIPEDA. Prior to issuing such orders and to ensure fairness, the Privacy Commissioner's office will need to go through a new process, called an inquiry. Once the inquiry is completed, the commissioner will issue findings and a decision, and will make orders as necessary to an organization to change its privacy practices. As part of this process, the Privacy Commissioner may also recommend administrative monetary penalties to a new tribunal for certain contraventions of the law. The possibility of significant fines for non-compliant organizations, fines of up to 5% of global revenue or $25 million, whichever is greater, for the most serious offences, is another key improvement over PIPEDA. A key part of the new enforcement regime, the personal information and data protection tribunal is being established to hear appeals of the commissioner's decisions. If required, it will also decide whether to issue a monetary penalty and, if so, the amount. Industry stakeholders say that we need impartiality in enforcement decisions, given the different roles of the Privacy Commissioner. This was particularly the case for any proposals involving monetary penalties, which have the potential to significantly affect an organization. The new privacy law will support additional due diligence in decisions to impose monetary penalties by introducing an inquiry phase before issuing orders, and by separating the imposition of penalties from the commissioner's other responsibilities. We know that some organizations will challenge the commissioner's orders and recommendations, and we do not want to burden the courts. This is another reason for introducing a new tribunal. It is intended to be more accessible than the courts. It will ease access to justice for the individual and the organization. After the previous version of this bill was tabled, stakeholders told us it needed more privacy expertise. We listened and this version of the CPPA has the necessary privacy expertise to ensure credibility.

1467 words

Mr. Rick Perkins (South Shore—St. Margarets, CPC)

Mar/7/23 1:38:13 p.m.
Watch
Re: Bill C-27

Madam Speaker, I appreciate that the member has been participating in the debate today. One of the questions that I have is, if this is really about protecting the personal privacy of individuals, why this bill has so many exemptions for businesses. It allows, in subsection 18(3), the legitimate interests of businesses to override the interests of an individual. In subsection 15(5), it allows businesses to use implied consent, not real consent, to override the interests of personal privacy. Why is it that personal privacy is not part of the purpose of the bill as a fundamental right?

100 words

Ms. Lisa Hepfner

Mar/7/23 1:38:58 p.m.
Watch
Re: Bill C-27

Madam Speaker, this legislation needs to be flexible. As I mentioned in my speech, it applies not only to big corporations but to smaller companies and companies that use a lot of personal data as well as companies that use very little personal data. It has to be flexible. It has to be able to work in different situations. It has to be able to work in the future because, as we have seen, technology advances very quickly. We need legislation to be able to adapt regardless of the changes in technology that are happening before we can change the laws to accommodate.

103 words

Mr. Martin Champoux (Drummond, BQ)

Mar/7/23 1:39:42 p.m.
Watch
Re: Bill C-27

Madam Speaker, I think my question will resonate with my colleague. Personal information protection and security are very important to me. I myself was recently a victim of credit card fraud. I bought a nice couch that I did not even shop for myself. Handy, right? Anyway, as much as I recognize the importance of protecting personal information, I also recognize the importance of protecting victims of cyberviolence. We will be studying an online hate bill soon. My colleague and I may have to work on a way to identify offenders, individuals who attack people online and hide behind anonymity. Does my colleague think the legislative measures in Bill C‑27 could make it harder for us to adequately legislate online hate?

123 words

Ms. Lisa Hepfner

Mar/7/23 1:40:46 p.m.
Watch
Re: Bill C-27

Madam Speaker, I do not think this bill is going to create any issues for the other bill that we are going to look at in committee. I think there are a number of measures that need to be put in place to deal with the problems of the digital world that we face today.

55 words

Mr. Bob Zimmer (Prince George—Peace River—Northern Rockies, CPC)

Mar/7/23 1:41:28 p.m.
Watch
Re: Bill C-27

Madam Speaker, I just have a question for the member. She brought up Google before, but I will quote Jim Balsillie again. I want your response to his statement that “Canada’s federal government has repeatedly failed to take privacy seriously and construct a legal and regulatory framework that protects the rights of Canadians in the digital age.” How do you respond to that?

67 words

The Assistant Deputy Speaker (Mrs. Carol Hughes)

Mar/7/23 1:41:50 p.m.
Watch

I am not going to let him know how I am going to respond to it, but I will ask the member to respond to it. The hon. member for Hamilton Mountain.

32 words

Ms. Lisa Hepfner

Mar/7/23 1:42:02 p.m.
Watch

Madam Speaker, I have forgotten the question.

7 words

Forgotten

Mr. Bob Zimmer

Mar/7/23 1:42:19 p.m.
Watch

Madam Speaker, the member across the way talked about Google. We have always known that there is a close relationship between Google, the Prime Minister and the Liberals. However, a question comes up from Jim Balsillie's statement that “Canada’s federal government has repeatedly failed to take privacy seriously and construct a legal and regulatory framework that protects the rights of Canadians in the digital age.” Would the member please respond to that?

77 words

Ms. Lisa Hepfner

Mar/7/23 1:42:47 p.m.
Watch
Re: Bill C-27

Madam Speaker, I think this government takes privacy very seriously. That is why we have been working on this legislation since the last government and why we have improved this legislation, bringing it before the government a second time to include things like artificial intelligence and improve security for the privacy of young people on the Internet.

57 words

Mr. Garnett Genuis (Sherwood Park—Fort Saskatchewan, CPC)

Mar/7/23 1:43:13 p.m.
Watch
Re: Bill C-27

Madam Speaker, it is a pleasure for me to speak to Bill C-27 in the House today, a bill that deals with issues related to privacy, as well as the way that the government interacts with large corporations to protect, or not, the privacy of Canadians. I want to say at the outset that I am deeply concerned by the fact that the government has clearly been captured by certain corporate interests. It is important to distinguish in this discussion between corporate interests and the idea of a free market. As Conservatives, we believe very much in the importance and value of a free market and a competitive market, a market that is legitimately a challenging and competitive place for businesses that have to compete with each other to have the best products, where some businesses come in to challenge and steal market share away from other businesses and so forth, where there are not gatekeepers preventing new entrants coming into business. We celebrate free markets and the competitive aspect of free markets rather than a situation in which a small group of large corporations is able to dominate and exercise undue and inappropriate power. In this House, different parties have different dispositions when it comes to corporations. We have the NDP that generally takes kind of an anti-business approach in general, we have my party that champions the free competitive market and we have a government that is, sadly, captured by specific corporate interests, often at the expense of the free market, as well as at the expense of individual well-being. Paradoxically, the NDP, while it criticizes the government for that, is fundamentally complicit with the government in, on the one hand, criticizing its agenda as it relates to defending corporate interests, but, on the other hand, supporting the government and providing it with the supply it needs to continue in its misguided approach. What we see in terms of the government's relationship with large corporate interests at the expense of the free market and individual well-being is clear across a broad range of cases. We could talk, for instance, about the government's fondness for specific companies in terms of outsourcing and procurement, how it has repeatedly gone back to McKinsey to do work that in fact could have and should have been done within the public service, despite McKinsey's track record in so many different areas. We can talk about the fact that while the public service has grown, outsourcing under the government has expanded dramatically. We can talk about how it has pushed companies to implement forms of political discrimination, such as freezing people's bank accounts. We can talk about a number of the violations of individual privacy and liberty that happen through the government's close relationship with corporations. I will say, in general, there is this emerging concept of woke capitalism or stakeholder capitalism that I think we need to be thoughtfully critical of, this idea that large corporations should be making definitive determinations and forcing those implementations on the country using their power and that governments can push corporations to push woke ideas or particular views of the common good that arise not through free democratic deliberation, but that come about because of pressure from corporate interests. We see the government's fondness for this kind of woke corporatism approach, where it tries to pressure companies to align with and push its views on various issues. Again, Conservatives are very supportive of competitive marketplaces where businesses are doing business, not assuming a preferential position in social values debates, where businesses have to compete to survive, where new businesses are able to compete with old businesses and where we support the development of new small businesses so that we do not have a concentration of corporate power, but, rather, a well-functioning, effective market economy. That is the vision that Conservatives are defending. Let me talk specifically about the issue of privacy and how we see the working out of the government's kind of approach to and relationship with big corporations in terms of their approach to privacy. I am very pleased the Conservative Party uses and has a member-driven policy document. On issues like this, if one would like to know where Conservatives stand, it is not just a matter of Conservative caucus discussion but it is also a matter of drawing from the work that hundreds of thousands of Conservative Party members do, deliberating at the riding level, having discussions, proposing ideas and bringing those to a convention that then leads to a standing policy document that helps to define and frame the values that Conservatives stand for. I know our Conservative Party is deeply committed to the idea of grassroots democracy and the role our members play in all aspects of decision-making. That is very important, and in this particular context, we see that playing out in the area of the policy declaration. Our policy declaration recognizes the fundamental right people have to privacy. As a Conservative caucus, we are supportive in advancing and bringing to the House that view about fundamental rights, a fundamental right to data privacy that has come to us through the involvement of our members but that also reflects the widely held perspectives of Canadians beyond our membership, a fundamental right around the protection of data. This bill, Bill C-27, could have mirrored the language from the Conservative Party policy declaration. It does not. It does not recognize the fundamental nature of rights around data privacy. Rather, it talks about kind of striking a balance between people wanting to have their privacy protected but also the fact there are certain corporate interests. There are interests of corporations the government is close to that might be negatively affected if we recognize the fundamental right to privacy of Canadians, so it effectively seeks to say there should be some balance between the idea of protecting people's rights and the fact there may be certain large corporations whose interests would be negatively affected by recognizing the privacy rights of Canadians. In particular, although the bill speaks about a balance at a general level, it is so, to borrow a word from the member opposite, “flexible” that it creates space one could effectively drive a truck through, with so many different exceptions and exemptions that it is not really effectively protecting the privacy rights of Canadians. A member opposite, in a speech just given, said that this is a flexible framework, that the bill is flexible. Well, flexibility is not always a virtue. In particular, it is flexible for who? Who is doing the flexing? Who is the one who is able to bend the bill back and forth to their own will and interests? I would suggest the flexing is not being done by the individual who is supposed to own their own data, the flexing is being done by these corporate interests the government is close to. Even if one believes this should be a balanced approach, it is not a balanced approach. It is a highly “flexible” approach in which the bending and twisting is done by the particular interests the government has been and always I suspect will be close to until we are able to have a new government in this country that respects fundamental rights, respects privacy and believes in a free competitive market in which businesses compete instead of where particular corporate friends of the government are protected. I want to draw the attention of members to specific sections in here that identify broad exceptions in the legislation. Subclause 18(3) would allow the organization or business to use a person's information if they have a legitimate reason for doing so. That is pretty flexible. If one wants flexible, we are going to say this data cannot be used in a certain way unless there is a reason to do so. I would submit most people who do things think they have a legitimate reason for them. Others might not think they have a legitimate reason, but to say people's data can be used as an exception if there is a legitimate reason, there likely could be no broader conceivable exception than that one. However, there are more exceptions even, if that one were not enough. The legislation, for instance, in subclause 15(5), refers to “implied consent”, so apparently in the case of privacy legislation, consent is not so sacrosanct, because companies can interpret an implied consent in this context. There are clear problems with this legislation in terms of the particulars, but we can understand broader than the particulars the motivation or the value set that is behind this bill, which is that the government is once again trying to defend corporate interests instead of defending privacy and a genuinely competitive free market.

1492 words

Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)

Mar/7/23 1:53:19 p.m.
Watch
Re: Bill C-27

Madam Speaker, it is disappointing listening to Conservative after Conservative stand and say they do not like this. Now that member referred to some sort of concern of policy platform. We do not know, really, because we often question the lack of any sort of plan coming from the Conservative Party. What we know is that we have substantial legislation that would set the framework, protect the privacy of Canadians and enable penalties and fines to ensure there is a consequence when a company breaks its trust with Canadians. What do the Conservatives say? They say they do not care about this type of legislation because they have their own ideas. Will the member and the Conservative Party acknowledge that it is okay to allow the legislation to go to committee where the member can continue to rant on the different ideas and maybe even do something positive, like suggest an amendment he feels would make the legislation better?

159 words

Mr. Garnett Genuis

Mar/7/23 1:54:32 p.m.
Watch
Re: Bill C-27

Madam Speaker, it is quite a thing to be accused of ranting by the member for Winnipeg North. I am so sorry to have disappointed him with my speech. I recall in an earlier exchange he referred to me as a “mischievous little guy”. I framed that and put it on my wall. That is truly having a ride. The goal I set out from the beginning was to be thus recognized by the member. He asks what changes to the bill I would like. I suggest he support changes that reflect what Conservative members, in their wisdom, have put forward through our policy declaration, which we, as a caucus, are strongly supporting. This is the idea that there is a right to digital privacy that comes before the corporate friends of that member and the government.

139 words

Ms. Elizabeth May (Saanich—Gulf Islands, GP)

Mar/7/23 1:55:32 p.m.
Watch
Re: Bill C-27 Bill C-11

Madam Speaker, I am looking at Bill C-27 and wondering what we make of the fact, and I know he commented on this, that we have three different bills that are all put together and only one is really new. We have seen the privacy pieces and the repeal of PIPEDA in the former Parliament's Bill C-11. The bill before us relating to artificial intelligence and high-impact AI and regulating that is essentially an entirely different scheme of legislation. Would the Conservatives agree that they should be split so we can examine them separately? I think that is already their position. What does the hon. member say to that?

113 words

Mr. Garnett Genuis

Mar/7/23 1:56:12 p.m.
Watch
Re: Bill C-27

Madam Speaker, some members will recall that way back in 2015, eight long years ago, in the lead-up to that election, the Liberal platform spoke about how the Liberals would end omnibus bills. That went the way of the dodo bird, as did many of their other election commitments. It was such a sunny time, in the rhetoric of the Liberal caucus, and we see the government's management of its legislative calendar. It puts forward bills, then it prorogues Parliament; it puts forward bills again and calls an early election. Now it is putting forward bills again. In contrast, my constituents are certainly hoping for an opportunity to weigh in on the government at some point soon, but I think the member's point is quite correct. We have seen immense hypocrisy from the government around omnibus bills, and I wonder if we are getting to a point where it will just try to put all aspects of its legislative agenda together at once. I think that is probably the direction some of the members want to go.

180 words

Mr. Bob Zimmer (Prince George—Peace River—Northern Rockies, CPC)

Mar/7/23 1:57:28 p.m.
Watch
Re: Bill C-27

Madam Speaker, to respond to the member across the way from Alberta, he, the Prime Minister and the Liberal Party say to just trust them on this. Does the member who just spoke think we should trust the government and the Prime Minister?

43 words

Mr. Garnett Genuis

Mar/7/23 1:57:49 p.m.
Watch
Re: Bill C-27

Madam Speaker, my short answer would be that, no, we should not trust the government. My slightly longer answer would be that over the last few years, we have seen various actions through COVID and various other actions contemplated by the government. In all of these actions, there is a great deal of concern about people's privacy. Because of the way the government has acted in the past, there is concern and distrust any time the government says not to worry, that it is going to protect our information and that it will not use systems in such a way. The current government has undermined trust in government and institutions because it has not been worthy of that trust.

120 words

Mr. Shaun Chen (Scarborough North, Lib.)

Mar/7/23 1:58:39 p.m.
Watch

Madam Speaker, today, members of the Canadian Foodgrains Bank are in Ottawa to mark the organization's 40-year mission to end world hunger. Since 1983, Foodgrains has provided over $1 billion in food-related assistance, working with over 100 international partners in over 70 countries around the globe. As a partnership of 15 Canadian churches and church-based organizations, Foodgrains responds to emergency food needs arising from conflict, climate change and other causes of humanitarian crises while supporting long-term development. Its work centres on supporting sustainable farming practices, promoting gender equality and enabling communities to enhance their livelihoods and resiliency. Congratulations to executive director Andy Harrington and the board of directors, staff, volunteers and member agencies that have contributed to Foodgrains' incredible impact over the last four decades. May they continue to stay the course and help drive meaningful change.

142 words

SoVote

House Hansard - 165