44th Parl. 1st Sess.
March 7, 2023 10:00AM
Madam Speaker, I will be sharing my time with the wonderful member forRosemont—La Petite-Patrie.
I am grateful for the opportunity to rise today on Bill C-27, which is an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act, and to make consequential and related amendments.
The amendments are what I am particularly interested in today. As New Democrats, we will be supporting this at second reading. We support the need to modernize Canada's privacy laws and establishing rules around data governance and empowering the Office of the Privacy Commissioner to bring enforcement actions to protect consumers and citizens.
This bill takes some of those steps. However, there is a need to ensure that reforms are robust and effective. In my opinion, a long list of amendments will certainly be required to achieve these goals.
I am going to be referencing two important works that have been presented. One is from the Centre for Digital Rights, entitled “Not Fit For Purpose - Canada Deserves Much Better”. From the title, we can note that there are some concerns with this bill.
However, we recognize that this privacy legislation must be amended because there are already glaring shortfalls in PIPEDA, which urgently needs updating.
Technology continues to evolve, and data-driven business continues to move away from a service-oriented approach to one that relies on monetizing personal information through mass surveillance of individuals and groups. While these businesses find new ways to expand their surveillance and methods of monetizing our personal information, Canadians' privacy is increasingly put at risk.
The GDPR is the bar that is currently considered the adequate level of protection. However, if we were to do a little bit of comparing and contrasting, we would see that this bill tends to fall short of this level in terms of what the European Commission has done.
What this means for us is that the ability for personal data to flow to Canada without any further safeguards is at risk. There has also been pressure from industry and advocacy groups, the privacy commissioners of Canada and abroad, and privacy and data governance experts. In fact, in this particular bill, we think that the government side has fallen short in its engagement with people; I will get to that in a moment.
When we are in these technological environments, it is an ecosystem that goes well beyond our borders. We are talking about what it is like—
427 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I am sure the hon. members from the other side are about to take some good notes on the recommendations we put forward. They are probably discussing among themselves how they can improve upon these serious gaps and have some public engagement on this.
We are not subject matter experts in this House when it comes to this type of technology. It is not clear whether there has been any public engagement specific to Bill C-27 as it is proposed. There was public engagement around the creation of Canada's digital charter, called the national digital and data consultations, that happened back in 2018. However, as I understand it, only about 30 or so discussions were held. That fell dearly short. The majority of digital leaders were from the private sector, and there were only a couple of universities involved. Therefore, it is unclear who the government is consulting with when it deals with this type of surveillance capitalism and the risks it presents to consumers.
Let us get right to the point. What are the gaps that exist in this legislation? How does Bill C-27 compare with the ideal privacy legislation? There are many gaps. Clearly, it does not compare to the GDPR; it also falls short of privacy legislation that is currently being proposed in la belle province of Quebec, in New Zealand and in the state of California.
For example, in California, the California Consumer Privacy Act, the California Privacy Rights Act and the Children's Online Privacy Protection Act have all presented more robust solutions to what is before us here today. In addition, there are privacy protections that come into effect under the CCPA that we should be considering.
We need to ensure that the protections that come into effect include the rights to know, to delete and to opt out of sale or sharing, as well as the right to non-discrimination. Under that legislation, consumers also have the rights to correct inaccurate personal information and to limit the use and disclosure of sensitive personal information collected about them. There is a lot out there that we should be considering when it comes to amendments.
I am going to list examples of gaps within this bill so they are on the record. The bill does not promote the development of data stewardship models. It does not require that organizations take into account the potential consequences to individuals and societies through such measures as privacy impact assessments of a breach of security or safeguards. There is no section in Bill C-27 expressly dedicated to cross-border dataflows.
There has been no privacy impact assessment done to address any additional risks, which should be identified, justified, mitigated and documented in such an assessment. There is no assessment of the broader level of privacy rights protections in foreign jurisdictions. This is a very important conversation, particularly this week in the House, that includes how Canadians' privacy rights can be enforced.
This bill does not include specific rules that are applicable to data brokers, and these are important third parties who are not service providers. There should be a fiduciary duty to individuals if data processors act as intermediaries between individuals and data collectors. This would ensure that such service providers only use personal information entrusted to them for the purpose intended by the individuals.
This bill does not provide the right to disposal with respect to search engines' indexing of personal information where it could cause harm to the individual's privacy or reputation. It does not include the language that was in PIPEDA regarding individual access where it provides an account of third parties to which personal information about an individual or an organization has been disclosed. There should be an attempt that is as specific as possible.
This bill does not include the right of individuals to express their points of view to a human who can intervene or to contest decisions. When we look at AI or how algorithms are working in society today, they are inherently flawed.
In fact, there is another study that I would reference, titled “AI Oversight, Accountability and Protecting Human Rights”, which has commentary on this. This was authored by a series of subject matter experts who gave a long list of needs for adequate public consultation and proper oversight of AIDI to effectively regulate the AI market in Canada.
The commissioner needs to be an independent agent of Parliament. We need to empower an independent tribunal to administer penalties in the event of a contravention, and we need to outline the best practices for auditing and enforcing the law. There are dozens of recommendations contained in both reports that, as New Democrats, we will be presenting to the government at the appropriate time at committee.
It is clear, from the body of the preliminary work that has been done, that this bill is inadequate as it stands. It is too big to adequately cover AI and consumer protections. It has always been our belief that those should be split up. That way we can have an investigation to ensure that consumer protections are met, that surveillance capital does not continue to profit off our most personal information and data and that, ultimately, we have safeguards with a robust and very firm platform on which these organizations, businesses, companies, and in some instances foreign countries, are held to account when they violate our rules.
912 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I would like to thank my friend from Hamilton Centre. I see him all the time in our town, and we serve together on the Standing Committee for Access to Information, Privacy and Ethics.
I would ask whether he thinks there is urgency to this legislation, given the fast pace that this technology develops and that companies are using it to develop what can sometimes be invasive and can violate the privacy of Canadians.
76 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, that is an important question. Bill C-27 needs consistent, technologically neutral and future-proof definitions both to the consumer privacy protection act and the AIDA within Bill C-27. It should provide definitions for AI or algorithmic systems that are cohesive across both laws, and the definition for AI ought to be technologically neutral and future-proof. That is the question I just answered for the previous speaker. A potential pathway for regulation is to define algorithmic systems based on their applications, instead of focusing on the various techniques associated with machine learning and AI.
98 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, that is also an important question, because I think what the member did not reference, which I will reference specifically, are the instances where governments used this information.
I think that informed consent is an inherent right to privacy and protection. The AIDA must apply to government institutions, given that the AIDA only currently applies to the federal private sector, as government institutions are explicitly exempt from this. It is imperative that the AIDA's framework be brought in to include government institutions.
Let us be very clear. Individuals ought to always have informed consent about where their information and data go. There ought not to be situations, outside of warrants expressed through our legal system, that allow for the collection, maintenance and distribution of personal information online.
130 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, certainly from the Conservative side and from the NDP, it seems like we are on the same page when it comes to looking at privacy, protecting privacy and stating that privacy should be a fundamental right, not only in the preamble but also in the clause statement. The clause statement is very important because that is what the bill is derived from. The definition of privacy and fundamental rights then goes throughout the rest of Bill C-27.
One example that came out this week was of our children using a game called Fortnite. There are a lot of other games children spend a lot of time on sometimes, but Fortnite was found to be in breach of error in the U.S. for exploiting our children, taking their data and selling that. Can the member please answer for me how important it is not only to protect our adult fundamental right to freedom, but also our children's fundamental right to freedom?
165 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague for his question, because it is really important. I am not saying that just because I have teenagers at home. We also see the dangers of social media and the fact that young people's privacy or personal information can be exploited. In that regard, once again, Bill C‑27 does not go far enough.
Bill C‑27 includes an interpretation clause stating that the personal information of minors is considered to be sensitive information. However, in the current bill, there is no definition or explicit direction as to what constitutes sensitive information. Once again, the work is only half done. What exactly does “sensitive information” mean when we are talking about information on a minor, someone under 18 years of age?
We will have to move amendments to make this much clearer.
144 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I wonder if the member could provide his thoughts in regard to his critique of the legislation, when he said that there are many things missing.
A number of the things the member refers to could easily be done through regulation. The legislation sets in place a very substantial framework, which is there to protect the privacy of Canadians, and a number of things that have been raised already this morning could be done through regulation. In fact, many would argue they might be best done in regulation.
90 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is a pleasure to rise to speak to Bill C-27 today. As I put forward to my friend in the form of a question, when we think of Bill C-27, I like to think that the government is on the right track in continuing to protect the privacy of Canadians in many different ways. Yesterday we had a debate on Bill C-26 on cybersecurity.
If we take a holistic look at what the government has been able to accomplish through legislation and, ultimately, in certain areas in terms of developing the industry through budgetary measures, Canada is indeed in a very good position in comparison to our peer countries around the world. I do not say that lightly, because I know that all members are very concerned about the issue of privacy. That is in good part why we have the legislation today.
The last time these changes we are proposing happened was two decades ago. Let us reflect on that time of 20 years ago. We did not have iPhones, and Facebook did not exist. Going back a little further than that to when I was first elected, when one clicked into the Internet, the first thing one heard was a buzzing sound, the dial tone and then clicking. Then one was magically connected to the world. How far we have advanced in a relatively short period of time. Last week, I was on the Internet making a purchase that would be delivered. I never had to go to the store. It involved my doing a little bit of design work on the computer before making the purchase. I was told yesterday that it was delivered to my home.
The amount of information out there is absolutely incredible, and it is very hard to imagine the types of data and the risk factors out there. That is why it is so important that, as a government, we bring forward substantive legislation that is going to protect the privacy of Canadians, to ensure companies are held accountable and, in the context of yesterday's debate, to protect them from security threats that are very strong and very viable. It was interesting yesterday listening to the debate for a number of hours.
I get the sense that a wide spectrum of support is shaping up today. The NDP is supporting the legislation. My understanding is that the Conservatives are supporting the legislation. The Bloc, in principle, is supporting the legislation. The Province of Quebec has actually made some significant gains on this whole front, so I am not surprised that the Bloc or members from Quebec within the Liberal caucus are very strong about these issues, whether they are cybersecurity issues or the privacy issues of Bill C-27 that we are debating today.
I raise this because I believe that it does not matter what side of the House one happens to sit on, as this is legislation worth supporting. As I indicated, it has been 20 years since we have seen substantial changes to the legislation. The expectation is very high that we will not only introduce the legislation but that, with the cooperation of members opposite, we will see it pass through in a timely fashion.
Being an optimist, I would like to see the bill pass before the summer, and it is possible. I realize that it would require a great deal of co-operation from opposition parties, but I do believe it is doable, especially after the comments I heard this morning.
The legislation is not meant to address every matter that Canadians are having to face in the digital world. That is not what it is designed for. As I indicated, the legislation, whether this one or Bill C-26, goes a long way in establishing a solid base for a framework that would enable the government of the day, which is held accountable by the opposition, to have the opportunity to do a lot of work in an area where we need to see a higher sense of security and protection.
One member across the way asked about engagement. There has been a great deal of engagement. I can assure the member that, whether it is from a constituency perspective, a ministerial perspective or, I would even suggest, the member would have to take some credit in terms of an opposition perspective, there has been a great deal of dialogue. This is not a new issue. This issue has been in the making for years now.
There have been some factors that are beyond the government's control in terms of the manner in which it can bring forward legislation, for example the worldwide pandemic and the requirement for substantial legislation in order to support Canadians and have their backs. There were issues of that nature, along with numerous other pieces of legislation. I would not want to give a false impression that this is not an important issue for the Government of Canada.
At the end of the day, based on comments I have heard on both Bill C-26 and Bill C-27, I believe the legislation would establish a solid footing or framework, whatever terminology we might want to use, and, at the very least, we should see it go to committee. The principles of the legislation are in fact endorsed and supported by all sides of the House, from what I can tell, and please correct me if I am wrong. No doubt we will have other legislation that might be somewhat more controversial, where there is real opposition to the legislation, and this would enable more time for debate on that type of legislation.
If we could somehow recognize the value of this legislation, given that there is so much support for its principles, we would allow it to go to committee, where members of Parliament are afforded the opportunity to get into the nuts and bolts, the details, where there is representation from different stakeholders at committee to express their thoughts and opinions on the legislation, and where members can find out directly from the minister what kind of consultation has taken place. The member does not to have to take my word for it, but I can assure him that there has been a great deal of consultation. He would be able to hear that first-hand from departmental officials, the minister and so forth.
I believe the government has done its work in bringing the legislation to the point where it is today. We have seen ministers, in their opening remarks and in their response to questions, in co-operation with opposition members. The government has demonstrated very clearly in the past that it is open to amendments that can improve upon legislation for the benefit of Canadians, and if there are ways we can improve this legislation, we will accept those types of amendments. We will support those types of amendments. I believe this is one of the areas where the Prime Minister has been very good in sending that message. It could be because of years in opposition, when the opposition never had amendments accepted by former prime minister Stephen Harper.
At the end of the day, if there are ways to do it, we can improve upon this bill. I heard yesterday on Bill C-26, and already today on Bill C-27, that members have genuine concerns. I do not question those concerns, but I do believe that it would be helpful if they can look at those concerns. If they already have ideas that they believe will improve the legislation, nothing prevents members of the opposition or government members from being able to provide those amendments or thoughts in advance to the ministry, which would potentially allow for a deeper look into it to see if, in fact, something is doable.
The NDP talked, for example, about digital rights for Canadians. There is a great deal of concern that we need to ensure and recognize them, whether they are consumer rights or privacy rights. These are things we all hold very close to our hearts. We all want to make sure the interests of Canadians are being served.
When I took a look at the specifics of the legislation, I highlighted three parts I wanted to make reference to. CPPA would strengthen privacy enforcement and oversight in a manner that is similar to that of certain provinces and some of Canada's foreign trading partners. It is important that we do not just look internally. There are jurisdictions, whether nations or provincial entities, that have already done some fine work in this area. We do not have to reinvent the wheel, and working with or looking at other forms of legislation that are there is a very positive thing. In particular, the CPPA would do so by granting the Privacy Commissioner of Canada order-making powers that can compel organizations to stop certain improper activities or uses of personal information and order organizations to preserve information relevant to an OPC investigation.
This is significant. We need to think in terms of the technology that I make reference to. I can remember a number of years back when a pizza store was becoming computerized. As someone called in and made an order, they recorded the telephone number, the name and the address, personal information such as that. I remember talking to the franchise owner, whom I happen to know quite well, explaining how the collection of data, if used appropriately, can not only complement the business, but also complement the consumer, and this was maybe 20 years ago.
We can contrast that to an iPhone and looking at some of those applications we see. The one that comes to mind is a true Canadian application and a true Canadian franchise: Tim Hortons. My wife never followed hockey, but nowadays she does because of Tim Hortons. One can win free cups of coffee by picking who is going to score goals or get assists. I am not exactly sure how it works, but Tim Hortons comes up with a program that is actually collecting data from people. It is a program that allows it to send out all kinds of notifications. It could be sales of product. It could be something like NHL standings. It really engages the consumers. An incredible amount of data is actually being collected.
Tim Hortons is not alone. One can go to virtually all the major franchises and find the same thing. It is not just the private sector. Yesterday we were talking about cybersecurity, and one can easily understand and appreciate the sensitivity of collecting information, even if one is a Tim Hortons or a Home Depot, but also many government agencies. For example, there is the amount of personal information Manitoba Health has, which is all computerized. There are also doctors' offices. The digital world, in a very real and tangible way, has changed to such a degree that many, including myself, would argue that things like Internet access have become an absolute and essential service nowadays. It is something we all require.
The incredible growth of data banks, both in the private sector and in the government, and I would throw in the non-profits and the many other groups that collect data, has been substantive in the last 15 or 20 years. That is the reason why today we have the type of legislation we have before us. Bill C-27 would ensure that we have something in place to provide consequences for offences. To give members a sense of those consequences, the new law would enable administrative monetary penalties for serious contraventions of the law, subject to a maximum penalty of 3% or $10 million of an organization's global revenue, whichever is greater, and fines of up to 5% of revenues or $25 million, whichever is greater, for the most serious offences.
I said I wanted to highlight three things, so I will move on to the second point. The personal information and data protection tribunal act would establish a new tribunal, which would be responsible for determining whether to assign administrative monetary penalties that are recommended by the Privacy Commissioner following investigations, determining the amount of penalties and hearing appeals of the Privacy Commissioner's orders and decisions. The tribunal would provide for access to justice and contribute to further development of privacy expertise by providing expeditious reviews of the Privacy Commissioner's orders.
The third point is that the AIDA would impose a duty to act responsibly by requiring organizations designing, developing, deploying or operating high-impact artificial intelligence technologies to put in place measures to proactively mitigate risks of harm and bias in the development of these technologies.
I have less than a minute left to talk, and I have not even touched on the AI file. I made reference at the very beginning to the financial investments of this government in encouraging the growth of that industry in the different regions of our country. The Government of Canada is not only bringing in the type of securities that are absolutely important for Canadians from a privacy perspective, to encourage continual growth in the area and have these protections in place, but also doing so through budgetary measures to ensure that we continue to enhance the opportunities of Canadians. If we take a look at the digital world today, it is very hard to imagine where it is going to be tomorrow, at least for myself, in witnessing the growth of the digital world over the last 20 or 30 years and how far it has gone.
This legislation is a modernization. It is legislation we can all get behind and support. I would encourage members, no matter what party they are from, to support it. Let us see it go to committee, where the committee can do its fine work and see if we can even improve—
2336 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, certainly this is important legislation and it is quite needed in our country to get a handle on the protection of people's privacy and, as the member was just speaking about, artificial intelligence.
One question I have for the member relates to the area of regulations. There is so much in this legislation that is dependent upon future regulations that would be written. I am just wondering why those regulations were not presented with this legislation and, failing that, when we can expect to see the regulations. So much of what is being talked about here really depends on how it is implemented through the regulations.
109 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, this is long overdue. The current privacy laws were drafted 20 years back when iPhone and Facebook were not in existence. Advanced technologies like artificial intelligence are ever evolving. They are almost getting changed on an everyday basis. Does the member agree with defining things like artificial intelligence in the legislation and casting it in the legislation so that it becomes inflexible; or would it instead be better that we have regulations which would be more flexible, that would allow the ministers and the government of the day to make changes as may be required, as and when the technologies advance?
103 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I believe I heard the member for Winnipeg North say in his presentation that the Conservatives were supporting the bill. That is incorrect. We are opposing the bill, not that we oppose the modernization. It is needed, but this bill is inadequate.
There are many reasons but the primary reason is that it does not put personal privacy interests above those of business interests. In the “purpose” section of clause 5 in the bill, it says that, basically, they are of equal weight.
Further on, in subclause 18(3), the bill says that a legitimate interest of a business, determined by a business, is a reason that a business can use one's data without one's permission, in a way that they did not get permission for.
That is one of the fundamental flaws in the bill, in terms of the idea that personal information, mine or anyone's, is mine and should be paramount and superior to that of the business. The business is there just to serve my interest, not of equal value.
I would like the hon. member to comment on that.
190 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is a privilege to rise in this House.
Another day, another debate about an NDP-Liberal piece of legislation about Internet freedom in Canada. The good folks on the west side of Saskatoon have heard me speak in this place about Bill C-11 and Bill C-18, two bills aimed at controlling what Canadians see and post on the Internet.
Today we are dealing with Bill C-27, which is aimed at protecting the online data of Canadians. This legislation is meant to put safeguards around the use of artificial intelligence and establish rules around Internet privacy. Sounds good, sounds noble and sounds like something we should support. To a certain degree I do support these initiatives.
However, I have deep reservations with this legislation as it exempts the Government of Canada from these very safeguards. Do we as Canadians need the protections in this bill from companies? Absolutely, but we also need protections from government, especially this NDP-Liberal coalition government that wants to take away some of our liberties and freedoms.
Some on the other side may accuse me of fearmongering about the NDP-Liberal suppression of civil liberties and freedoms on the Internet; I am not. Let me lay out the facts, and the people in Saskatoon West can decide for themselves.
Bill C-11 is the first piece of legislation meant to strip of us of our rights to free speech on the Internet. Conservatives such as myself and free speech advocates have been warning that the provisions put in place by the NDP-Liberals to have government-appointed gatekeepers decide what is acceptable speech or not in Canada will lead to disaster.
We have already seen that a prominent University of Toronto professor has been threatened with the revocation of his licence and livelihood for tweeting out against this legislation and the current Prime Minister. Imagine what would happen when the Prime Minister has the full weight of the law to simply muzzle this type of speech. Anyone who disagrees with him would be silenced and would be fined, lose their livelihood, and what is next, go to a re-education camp? We all know about the Prime Minister’s fondness for the basic dictatorship of the People’s Republic of China, heck, he does not even mind if the People's Republic of China funnels money to his family foundation and tilts elections towards the Liberal Party of Canada in this country.
How about the second piece of legislation meant to limit our Internet freedoms, Bill C-18? That legislation allows government-appointed gatekeepers to decide what is or is not news in Canada, and forces private companies to block content they do not like from their feeds and search engines.
If there is a story critical of the NDP-Liberal coalition and the Prime Minister, they call it fake news and ban it. If there is another fawning story by Andrew Coyne in The Globe and Mail about the Trudeau Foundation and the Chinese Communist Party, it is forced to the top of everyone’s news feed and search engine, like it or not.
When I spoke about Bill C-18 in December I warned of the consequences that this legislation would have. Specifically, I mentioned conversations I had with Google and Amazon Web Services and the impact on how they deliver services to Canadians. Google flat out told me it would simply get out of the business of delivering any and all news to Canadians as it did not want to become an instrument of the Canadian government to spread partisan messaging for the party in power. Just last month it began beta testing how it could shut down its news services for Canadians.
We need a 21st century solution to this problem, not one based on ideas from 40 years ago. Bill C-27 is supposed to protect people’s data from corporations. We need that but what we need, as well, is protection from this NDP-Liberal government when it comes to privacy.
Bill C-27 completely fails us in that area. The government has dragged its heels on Internet privacy for years, and unfortunately it has been a pattern to consistently breach our digital privacy rights. We saw it when the government waited until just last year to ban Chinese telecom giant Huawei from operating in Canada while other countries did the right thing years before us.
We saw it with the $54 million “arrive scam” app tracking Canadians border travel up until September 30, and the public bank account freezing for people who donated to the truckers last year. The list goes on and on. In the words of Alanis Morissette, “Isn’t it ironic?” when we hear the government start to talk about online privacy rights. I just hope it learns to start respecting the privacy of Canadians.
Let us take a look and see if this legislation actually protects the online privacy of the people of Saskatoon West. After all, they are rightfully distrustful of government and corporations when it comes to accessing their data
Here are some examples showing why they are distrustful: Tim Hortons tracking the movement of users after they have ordered something on their app; the RCMP using Clearview AI to access a data bank of more than three billion photos pulled from websites without user consent; and we cannot forget Telus giving the federal government access to the movements of over 33 million devices over the course of the pandemic.
When governments abuse their power, it destroys the level of faith Canadians have in their institutions. In fact, if we look at polling data, we see that the number of Canadians that have faith in their government is at an all-time low. With scandals like these, it is no wonder why.
If we want to improve the level of trust held between individuals and institutions, we must look at protecting Canadians' private data. If we dive into this legislation, it seems the intent is to create a level playing field between citizens and companies when it comes to how their data is used. However, if we look into it further, the balance between businesses using business data and the protection of our privacy is off.
The bill, as it is currently written, skews toward the interests of corporations rather than the fundamental rights of individuals. There are too many exceptions granted to businesses in this legislation. Some are so broad that it is like the legislation never existed at all.
For example, business activities are exempt if a “reasonable person” would expect a business to use their data, without including the definition of what a reasonable person is. The concept of legitimate business interests has been added as an exemption to consent. How does one determine if a business interest outweighs the privacy rights of an individual? Finally, the bill does not recognize privacy as a fundamental right. This absence tips the scales away from Canadians and could affect how their privacy interests are weighed against commercial interests in the future.
Artificial intelligence comprises a major component of this legislation. AI is becoming a key tool in today's world, much like engineering was in the last century. In the past, an engineer would sit down and design a bridge, for example. Obviously, the failure of a bridge would be a huge event with the potential for major disruptions, significant costs, potential injuries and even death. Therefore, we have professional standards for engineers who build bridges, but what about artificial intelligence?
In today's modern world, AI is used more and more to perform ever more complex tasks. In its early stages, AI was used as a shortcut for repetitive tasks, but as the technology advances, it is now being used for much more. In the future, it is not unreasonable to expect AI to play a significant role in designing a bridge, for example. Artificial intelligence also needs to have standards, which is why our universities teaching AI put a big emphasis on ethics, as there are huge implications.
I know first-hand the dangers of unregulated AI systems interfering in our day-to-day lives. On the immigration committee, we have studied this issue and looked at how Canada's immigration department is using Chinook, a so-called e-tool to help IRCC bureaucrats assess applications in bulk form. This AI program was introduced in-house by these bureaucrats, which means the software's algorithms are beholden to the beliefs of its creators.
The concerning part of all of this is that there is a known culture of racism within the department, and members do not have to take my word for it. The NDP-Liberal Minister of Immigration said this of his own department at committee: The IRCC “has zero tolerance for racism, discrimination or harassment of any kind. However, we know that these problems exist throughout the public service and in our department...[and] we must first acknowledge this reality.”
There were no outside consultations done on the use or creation of this artificial intelligence application, and rejection rates have climbed since its introduction. Although I am pleased that the government is finally looking to add a framework to address concerns surrounding AI, it needs to get its own house in order first.
I will wrap up with these final thoughts.
If we are going to address concerns surrounding our digital privacy, we must listen to Canadians, and many Canadians are worried that this legislation does not protect them. I have met with Bryan Short from OpenMedia, and he said this:
Bill C-27...only plays brief lip service to privacy being a fundamental human right in its preamble; Bill C-27 fails to do the more important task of inscribing the privacy rights of people as being more important than the business interests of companies.
The bill before us is supposed to be about protecting Canadians' privacy, yet it completely avoids inscribing privacy as a fundamental right. We all know the saying “There is no point in doing something unless you do it right”, and it is quite clear that the government needs to go back to the drawing board once again on some aspects of this legislation since there is not much evidence of it consulting Canadians on how their data was actually used.
I believe the former Ontario privacy commissioner, Ann Cavoukian, said it best in 2020 during the initial Liberal attempts to bring in privacy reform to Canada when she stated:
[With] the Liberals under [the Prime Minister], it's been extremely weak. They have not addressed repeated requests from the federal privacy commissioner to strengthen existing privacy laws.... I'm tired of that. I want a party that will walk the talk. And I'm hoping that will be the Conservatives.
Canadians can count on the Conservative Party of Canada to walk the talk when it comes to strengthening our privacy laws, and Canadians can count on the Conservative Party of Canada to respect their freedom of expression online. We will scrap the online censorship legislation put in place by this tired, worn out, costly coalition. We will allow people to choose for themselves which news they want to consume, not just what the government wants them to see. Under our new leader, we will be the voice of those left behind by the NDP-Liberal government, and we will put Canadians back in the driver's seat of their own life.
1940 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I find it interesting that the Canadian Conservative Party has become such a champion for big tech companies. Since the member opposite brought this up even though it is not related to this legislation, does he think it is okay that Google blocked news access to hundreds of thousands of Canadians in order to strong-arm the government? Does he think Google is a paragon of virtue that will, on its own, protect Canadians' privacy rights?
78 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, right now, Bill C-27 does not explicitly apply to political parties. We know there have been privacy breaches and the misuse of data in the past in the political area. Does the member think this kind of legislation should be amended to include political parties?
48 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I think it is ironic that members of the Liberal Party, the government, are claiming some sort of aversion to big corporations. Obviously, they have not read the bill. Subclause 18(3) says:
(3) An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for the purpose of an activity in which the organization has a legitimate interest that outweighs any potential adverse effect on the individual
The government does not believe in the protection of personal privacy. It believes in the protection of access to data for companies.
106 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I agree with the summary of that. The government is mostly concerned about big business and the ability to use data. The Conservatives are concerned about individual Canadians and their right to privacy protection.
36 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, last week, the federal government banned the use of the TikTok app on government devices because of data privacy concerns, so it is very appropriate for us to be discussing this matter today. Digital data privacy can be seen as a fundamental right, one that urgently requires strengthened legislation, protections and enforcement. Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data.
This is a pressing issue. Realizing that, the European Union introduced the GDPR, its General Data Protection Regulation, in 2016. EU countries were given a couple of years to adapt to this new privacy reality, with the regulation coming into effect in 2018. The GDPR has been used by many other countries as a framework for privacy protection.
With the GDPR as an example, and faced with a changing digital data universe, the government basically did nothing to protect data privacy for Canadians. Perhaps that is an unfair statement. After all, digital and online data privacy was addressed in the last Parliament under Bill C-11. The Liberals recognized that Canada needed to bring its privacy laws into the 21st century.
However, that bill was never passed. Apparently, data privacy was not a big enough issue to be made a priority, and the digital charter implementation act was scrapped in favour of an election that Canadians neither wanted nor needed. Now we are asked once again to address this subject. It is indeed better late than never. I would have hoped, though, that with the delay, the government could have improved on what it is proposing.
Perhaps if the government had moved a little faster, Canadians would not have had to question how their data was being used and how their privacy was being invaded by governments and corporations. We are left to wonder how many privacy breaches have gone undetected or unreported. The ones we know of are disturbing enough. Tim Hortons used its app to track customer movements. The RCMP used Clearview AI’s illegally created facial recognition database. Telus gave customer location data to PHAC.
353 words
- Hear!
- Rabble!
- add
- star_border
- share
It has been more than 20 years since Canada’s existing digital privacy framework, the Personal Information Protection and Electronic Documents Act, PIPEDA, was passed. With technological changes in recent years, legislation is needed to address subjects such as biometrics and artificial intelligence. We have to consider how Canadians understand the issue of consent when it comes to the use of their data and their privacy.
I am deeply concerned and disappointed with how sloppy the Liberal approach in Bill C-27, the digital charter implementation act, 2022, currently is. Privacy is a fundamental right. This bill does not mention that, despite the Supreme Court of Canada having acknowledged it. We need to clearly distinguish the extent to which Canadians’ digital privacy will be protected. If the government wants the bill to be fully effective, it needs to further explore the scope of accountability required when privacy is breached.
The clear definition of consent is a major improvement from what it once was in the Personal Information Protection and Electronics Document Act, but a good definition is only the beginning. Because technology has greatly expanded and evolved since the implementation of PIPEDA, should we not also expand the umbrella of activities that consent would cover? The large number of exemptions allowed would weaken the impact of the legislation.
Bill C-27 may be a good beginning, but I had hoped for something better. It is sad that the bill’s title is perhaps the strongest statement in the legislation. While the title gives some idea of what the legislation is all about, it is already dated. We are no longer in 2022, and the Liberals are once again falling behind.
As parliamentarians, we know the power of words and the importance of speaking in a way that can be understood by those receiving the message. It is important that legislation can be understood. It is even more crucial that the bills we pass spell out exactly what we intend.
Perhaps the most important part of any of the laws is the section that provides definitions. They need to be clear and comprehensible and not subject to differing interpretations that weaken the intent of the legislation. Legislation that allows each person to provide their own definitions is problematic. Bill C-27 uses words such as “significant impact” or “sensitive information”. I cannot help but question what is covered by these vague terms.
Before the people of Edmonton Manning sent me to represent them in the House, I was a businessman. I understood the importance of safeguarding the personal information my customers entrusted to me and not to abuse that trust. However, as we have seen, some companies make unauthorized use of the information they gather to gain a competitive edge or for profit.
With that in mind, there must be a balance between acceptable use of data by business and the fundamental protection of our privacy. It seems to me that the balance is wrong on this bill, given the way it addresses user consent and the use of collected information.
The more I read Bill C-27, which 100 pages-plus, the more questions I have. There is too much in it in need of clarification. Yes, that will be done when it goes to committee after second reading, but the government could have presented a better bill to make the committee’s work easier.
I do not want to sound too negative. I know the Liberals mean well, even if they do not seem to be able to quite understand just how important digital privacy is to Canadians in the 21st century. I am pleased therefore to see that they understand that sometimes mere words or a scolding are not enough.
It makes sense to me that the Privacy Commissioner will receive new powers to enforce violations of the consumer privacy protection act. That may be the most impactful change the legislation brings about. It is not enough to simply recommend that perpetrators stop their violations. Any parent could tell us that consequences are needed if we want to ensure improved behaviour.
With the Privacy Commissioner finally being able to force violators to conform to the rules, I think we will see increased respect and better treatment of Canadians' personal information. The harsh financial penalties for non-compliance will be a powerful motivator.
Given the amount of time the Liberals had before presenting Bill C-27, we must question why they did not come up with a better bill. They have left me, and all Canadians, asking if they really understand what their own legislation is supposed to do.
Does the consumer privacy protection act, as proposed in the bill, do enough to properly protect Canadians’ personal information? The Liberals had a chance to look at the EU’s GDPR and see how well that worked. Did they learn anything?
Would Bill C-27 improve the protection of Canadians’ personal information or are there so many exemptions for needing consent in the sharing of personal information that the words of the bill are meaningless?
Would the legislation create proper protections for Canadians’ biometric data? Given that no such protection currently exists, perhaps we should be thankful that the subject is addressed at all.
Is it reasonable to exempt security agencies and departments, such as CSE, CSIS and DND from AI regulations? How do you balance privacy and security concerns?
Canadians’ digital privacy and data needs to be properly protected. This bill is a flawed attempt to start the long overdue overhaul of Canada’s digital data privacy framework. The Conservatives will be looking at putting forward some common-sense amendments at the committee stage to ensure we have the best possible legislation.
967 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I want to thank the member for his recommendations on the many amendments that are needed to strengthen this bill. In particular, I am interested in one of them, which is about empowering the Privacy Commissioner. We know that this is essential if we want to protect the rights of Canadians. One way to do that would be to equip the Privacy Commissioner with the power to seek the imposition of administrative monetary penalties in a manner that would be similar to the powers that the commissioner for competition has under the Competition Act.
I would like the member to elaborate on how we must empower the Privacy Commissioner and ensure that he has the powers to enforce Canadians' privacy rights. In particular, on this issue, does he agree we need to amend this legislation?
137 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
