44th Parl. 1st Sess.
March 28, 2023 10:00AM
- Mar/28/23 10:30:32 a.m.
- Watch
Madam Speaker, I will get the opportunity to expand upon the point I am going to make to my colleague across the way.
Right away, I am concerned that the Conservatives have chosen this, as opposed to using an opposition day so that we could have a good and thorough discussion on the issue and hopefully get some more positive results coming from a full day of debate using an opposition day. They have chosen to use a concurrence debate, which prevents us from being able to have a number of additional hours of debate on the issue of Bill C-27, which is the digital charter that deals with the privacy of Canadians.
I am wondering if the member could explain to Canadians why the Conservatives continue to have misplaced priorities by not dealing with issues such as the personal security of Canadians on the Internet and by bringing forward a report like this today, as opposed to on an opposition day.
163 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, it is, again, an honour to rise and speak in this place on behalf of my constituents of Medicine Hat—Cardston—Warner in relation to Bill C-27. It is dubbed the digital charter implementation act.
It is really frustrating to continually see legislation from the Liberal government that is sloppy, lazy and really incomplete, to be honest, and this bill is no exception.
Canadians have seen most of this legislation before in a failed attempt back in 2020. That legislation died on the Order Paper when the Prime Minister took his costly, ill-timed and overly optimistic opportunity to call an election. Since then, we have had three years of inaction on this file, and now the government has tabled this piece of legislation, Bill C-27, which should have been more focused on giving the people of Canada the privacy rights they deserve.
Instead, this legislation is literally the least that they could have possibly done in this regard. The bill is a flawed attempt to start the long overdue process of overhauling Canada's digital data privacy framework. Conservatives will be looking at putting forward some common-sense amendments at the committee stage to protect both individuals and small businesses alike and to ensure that it is the best possible legislation moving forward.
The Conservative Party believes that digital data privacy is a fundamental right that urgently requires strengthened legislation, protections and enforcement. Canadians must have the right to access and control collection, use, monitoring, retention and disclosure of their personal data.
It is unfortunate that we could not rely on the Liberals to get it right the first time, but maybe they will have the modesty, humility and common sense to accept the amendments that will be coming, instead of once again using their NDP coalition to control and steamroll at committee stage.
It is also a shame because Canada's digital data privacy framework has been in dire need of modernization for years. This government has been dragging its feet as well for years on this critically important legislation.
It appears that there is no good reason as to why there has not been advancement on this legislation. Clearly, they did not spend their extra time making the legislation any better than when it was first proposed in 2020.
Conservatives will be looking to see how this bill can be improved. However, when looking at how to improve something, we need to look at why it is even in front of us to begin with.
The Liberals brought it forward today because they were finally exposed for being flat-footed on Canadians' data protection and how they were exposed. Let us think about TikTok.
Michael Geist, Canadian research chair in Internet and e-commerce law at the University of Ottawa, said that he found it “pretty stunning” that the Liberals had to block TikTok on government devices as a precaution because, again, “part of what [the Liberals] were attributing the TikTok ban to was essentially Canada's weak privacy laws.”
The expert continued to say that, when it comes to Bill C-27, the government “sat on it. It barely moves in the House.”
He is not alone in his criticism either. Former privacy commissioner of Canada Daniel Therrien shared similar concerns to those of Michael Geist and those we as Conservatives have.
The former commissioner, Mr. Therrien, argued that the solutions in proposed Bill C-27 are not strong enough to rein in technology companies from pursuing “profit over respect for democratic values”.
He also said that Bill C-27 “will not provide effective protection to individuals, in part due to weak enforcement provisions.”
Former commissioner Therrien's most notable criticism, however, is in his retort to the Liberals' claim that the bill “will create the most important penalties among G7 countries”, which is called “simply marketing”.
This is just a gentlemanly way of a former public official saying that it is not really the case. There are those of us who would call it by some other name.
At best, Bill C-27 is a first step. It is better than the nothing that the Liberals have done for the last three years. That is where the catch-22 is with this bill as proposed.
Doing something will be better than staying in our current technological stone age, with respect to data privacy.
Specific items like the bill's requirements for all businesses to have a privacy watchdog and maintain the public data storage code of conduct are positive measures. However, it does cause worry about the burden this new layer of red tape will have on small business and especially for sole proprietors. Again, on a catch-22 of this lazy Liberal legislation, the law does not go far enough to protect children's privacy for example.
While the information of minors is finally included in the legislation, the definition of what is sensitive, what a minor is or who a minor is are not set out, and the sensitive information of adults for example is not given the same special provisions. This means that businesses are left to decide what is sensitive and appropriate for minors. It also means that the courts, when interpreting the legislation, will understand that if not amended, the sensitive information of adults was specifically left out of the legislation.
Further, businesses will have to navigate varying rules in each province where different definitions of a minor actually apply and that depends on provincial law. This is not good for protecting minors, this is not good for protecting Canadians' sensitive information and this is not good for businesses.
Finally, the fundamental problems in this bill can be summed up in that this bill does not recognize privacy as a fundamental right. Thirty-four years ago, the Supreme Court said that “privacy is at the heart of liberty in a modern state”.
Conservatives believe that individuals are worthy of privacy as a fundamental right, and the concept of privacy as a fundamental right is worthy of legislative protections. Based on that alone, the Liberals have missed the mark on this legislation. Once again, it is up to the Conservatives to fix the Liberals' poorly written legislation.
As I close, I want to offer my thanks for the hard work of the Conservative members of the access to information, privacy and ethics committee. They have done a great job to date. They spent a lot of time on the previous iteration of this legislation, and I have heard a great deal about how Canadians' information and data is used without their consent. With the many identified flaws of the bill, Bill C-27, I think it would be best if this bill were voted down and redrafted, honestly, in order to take these issues into account. However, the NDP-Liberal coalition will surely ignore doing these things right in favour of expediency and send it off to committee.
With that, Canadians and I are leaving the flaws that I have pointed out, and there are many more, along with the additional flaws that I am sure my colleagues will find in their review and will need to be fixed at committee. The Liberals have left the committee a lot of work, but I know that my colleagues there are up for the challenge.
1244 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I would like to ask my colleague about the overall theme of his speech, which was about the positioning of personal privacy versus business interests. In clause 5 of this bill, it basically says that the purpose of the bill is to balance interests. There has been a lot of discussion about the protection of personal privacy interests. However, clause 18 of the bill says that business interests can trump individual interests by saying that express consent is not needed for a company to do something with the information of an individual if the company thinks it is in the legitimate interests of the company.
I wonder what the member thinks about a government that says this protects personal privacy while giving all the power to the businesses to determine legitimate interest.
134 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I appreciate that question from my hon. colleague. When he stands up, I never know what angle he is going to go with. It is nice to have a reasonable question from my friend across the way.
I look at some of the recent examples of privacy and mobility data being used without consent. The member is right. Canadians have to be confident about the information they are using in apps, and they have to have businesses they can trust.
The Tim Hortons app was tracking movements after orders, which caused concern for Canadians. Telus' data for good program was giving location data to PHAC. That was a significant faux pas. One that really stood out was the public doxing of those who donated to the “freedom convoy” through GiveSendGo. Anytime one is revealing their personal information online, there has to be some confidence behind it. Businesses rely on it. Those who use those businesses as consumers need to have confidence that the information is not going to be abused and shared inappropriately.
177 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I do not see the connection to the first portion of my hon. colleague's question. I do understand that this bill absolutely needs significant improvement.
I am certainly supportive of it, in principle, to go to committee to have the amendments ironed out and improved upon so the legislation could address some of the concerns raised by my friend, as well as the concerns identified by people across the country. This includes some of the experts who say we need to strike the right balance, and it is about time privacy legislation takes into account all those issues.
101 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I am thankful for this opportunity to speak to Bill C-27, the digital charter implementation act, 2022. While there are many important components of Bill C-27 to debate, my speech today will focus on just two aspects. The first is privacy, and the second is identity.
The protection of both the privacy and the identities of Canadians is essential. We need to ensure that strong legal mechanisms are in place to guarantee that protection. Connected with that is the need to protect from the commercial interests of private companies, as well as protection from the government and its potential overreach into the private lives of Canadian citizens. Consequently, I believe a national digital charter is urgently needed. To protect Canadians, it is important that we have a piece of legislation that acts as an umbrella to protect Canadians from government, and to uphold the privacy of Canadians' data and their digital identities.
The second part of my speech will highlight some of the breaches that have occurred over the past three years. These breaches drive home the urgent need for more stringent protection for Canadians when it comes to privacy and protecting their private information.
Privacy rights are at the heart of any democracy. They are necessary for reinforcing the limits and boundaries between private citizens, their government and the private sector. In Canada, individual liberties are guaranteed by section 7 of the Canadian Charter of Rights and Freedoms. Our Chief Justice of the Supreme Court has made comments on this. She stated, “liberty...depends on and mandates respect for the individual and his or her right to be free from government restraint, except as authorized by law.”
Justice McLachlin further explains why it is important for government to keep the people informed and to answer questions, stating, “People who possess power, even small administrative powers, may use information they should not have improperly. And even if they don’t, the individual’s fear that they may use it, often leads to unwilling compliance.”
Just as we have fundamental freedoms entrenched in the highest law of our land to protect us from government encroachment of our freedoms, I also believe that it is necessary to have digital data privacy legislation. That is a fundamental right that urgently requires the strengthening of our legislative protections and enforcement.
That is why we need a federal digital charter, which would act as an overarching piece of legislation. However, Bill C-27, the digital charter implementation act, falls short of this very important objective. The Office of the Privacy Commissioner, for years, has made several calls for reform. Privacy watchdogs have repeatedly lamented that our federal privacy laws are outdated, that they fail to provide the needed legal protections in an increasingly digital world.
Canadians also have serious concerns about privacy. First, they have concerns about how their private information is being used, and what large corporations and governments are doing with it. Second, these concerns have turned into a fear because of the misuse and abuse of private information in the recent years.
This leads me to the second point of my speech. I will speak about the bigger problem in the privacy landscape in this country, which is that the Liberal government is failing to update its own legal boundaries and parameters in this area. The reality is that this bill does not touch on the Privacy Act, the act that governs the government, and this digital charter does not cover how the government handles the information it collects from Canadians.
Essentially, this bill is saying, “Do as I say, not as I do.” With this bill, the government is telling businesses, even sole proprietorships, that they should add additional layers of red tape under the threat of financial penalties. Business owners are still struggling to recover from COVID setbacks, lockdowns and government red tape.
My fear is that many of these small businesses, subject to these new requirements, would not be able to survive or have the capacity to implement some of these new requirements. These demands come even though government itself has failed to lay down the rules and regulations as to what is needed in the form of a regulatory infrastructural framework to secure our digital future.
A digital charter is needed to protect Canadians, but the federal government should be leading by example by outlining a digital charter that would protect the personal data and privacy of its own citizens first, before it asks businesses to do so. Let us be honest that the number one privacy concern Canadians have right now is how their government is using their information. These fears were exacerbated during the trucker convoy when Canadians’ bank accounts were frozen and property was confiscated through the abuse of the Emergencies Act.
Canadians still remember how the government quietly spied on their movements during the pandemic without their consent. A year ago, it was discovered that the Public Health Agency of Canada was tracking Canadians' movement during the pandemic. This was done without their knowledge, and PHAC wanted to keep doing it quietly for years into the future, but it was the Conservative opposition that discovered this breach and stood up for Canadians. We demanded answers from the Public Health Agency on the way the data was collected, how it was defined, what third parties were privy to the data and whether any data was reidentified. It is important that the government answer these questions and sets standards because it is falling short of its own requirements.
Canadians have not forgotten even the ArriveCAN debacle, the privacy questions around its mandatory use, and the terms and conditions associated with it. In other words, exactly what personal data and identifying information has been shared outside the app? Under what circumstances, and with which domestic or international organizations, was it shared? The app’s privacy notice even stipulated that the government had the right to share our information contained in the app with international organizations and institutions.
Canadians have a right to know with whom their data is being shared. This matter, it is no surprise, was referred to the Privacy Commissioner for an investigation. We are still waiting for an answer on the ArriveCAN privacy breaches.
Let us not forget that Canadians were fined thousands of dollars and threatened at their own borders for not submitting their own private medical information. This was, in my view, a massive overreach of government powers, but the reality is that this overreach happened because Canada has insufficient legal safeguards in place to prevent such abuses, and this creates a profound distrust in government.
It concerns me that the government is moving toward integrating a digital proof of identity framework that would massively expand the centralization of government access to the private information and data of Canadians. There are numerous ethical abuses that relate to this data collection.
The biggest concern is having all of one's private information in one place. Imagine our health information, driving information and banking information all in one portal. This would give information handlers a great deal of power over our data. This power urgently needs to be kept in check, and we need public experts in consultation on the ethics behind this centralized data collection power to uncover what we need to do to protect Canadians.
In conclusion, Canada’s digital privacy framework has long been in dire need of modernization. I want to thank the Standing Committee on Access to Information, Privacy and Ethics, which worked hard on this issue for years. Canadians must have the right to access and control the collection, use, monitoring and retention of their personal data. However, in Canada, the Liberal government is failing Canadians by not prioritizing its own accountability when it comes to protecting privacy rights. The bill sadly fails to put forward a rigorous and comprehensive legislative framework that would defend Canadians’ data, privacy and digital identities, now and in the future.
1344 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, this is a part of the problem with why Canadians do not trust government. When Canadians raise concerns, the Liberals label them, degrade them, make fun of them and call them conspiracy theorists instead of dealing with the real issues and fears that Canadians have. The news report indicated that the privacy of Canadians was breached during COVID, and that is factual.
64 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I am known for my perspicacity, so I decided to ask ChatGPT another question.
I asked it to come up with a question for my Conservative colleague from Haldimand—Norfolk about the importance of enhancing data and privacy protection in Bill C-27. That was what her speech was about.
ChatGPT replied: “Sure, here is a question for the Conservative member. The question is as follows: As a Conservative member, how does she think that Bill C‑27, which aims to modernize the Privacy Act”—already this is a step up from the other question—“will offer better protection for Canadians' data and privacy? Also, what are the key points she would like to see in the bill to ensure the adequate protection of personal information?”
I am very impressed by artificial intelligence because it touches on the role of the official opposition, which is not just to complain, but also to make suggestions.
I would be very curious to hear my colleague's thoughts on the subject, because I did not hear many constructive remarks in her speech.
189 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I beg to disagree. There were largely areas of constructive discussion in my speech, and I will highlight some of them for my friend.
The government needs to have an infrastructure framework that will protect the privacy of Canadians before it can demand that of businesses. Businesses, which are already saddled with red tape, do not even have the mechanism to put this in place. Nor does the federal government have the structure to put this in place, but it demands that the business sector do that, with sweeping loopholes that could violate the privacy of Canadians.
The first thing we need to do is ensure that the Liberals put in place a legislative framework that will set the foundation for digital privacy in Canada.
127 words
- Hear!
- Rabble!
- add
- star_border
- share
Uqaqtittiji, privacy rights are fundamental. Small businesses are important. I wonder if the member agrees that it is important to empower the Privacy Commissioner to enforce the protection of both those groups of people.
34 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I am impressed that Bill C-27 would give the Privacy Commissioner some teeth to enforce penalties. That I acknowledge. I also see it as a positive that there is some attempt to create some sort of regulatory framework, but it does not go far enough. This framework has to start from the federal government and work its way down so we have an umbrella legislation to protect the digital privacy of Canadians.
75 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, to bring it back to the topic of this debate, Bill C-27, the intention of the bill is to modernize the protection of digital privacy rights in Canada. The previous iteration of the bill was roundly panned by stakeholders when it was introduced in the previous Parliament. However, in this new version, Bill C-27, the government has added a few new elements, for example, regulating artificial intelligence.
Unfortunately, there are so many different elements within the bill that nobody can actually address all the issues within a 10-minute speech, so I will focus on the privacy issues that are sorely lacking within the legislation.
The bottom line is that the new bill, Bill C-27, remains fundamentally flawed and is, simply put, a redux of the former bill. Essentially, what it would do is put lipstick on a pig.
The dramatic and rapid evolution in how we gather, use and disseminate digital information in the 21st century has presented the global community with not only a lot of opportunities but significant challenges as we try to protect society and individuals against the unauthorized use of their data and information. This directly implicates the issue of privacy and the various Canadian pieces of legislation that address the issue of privacy.
This is not the first time the Liberal government has tried to “fix” a problem, and I use that term advisedly. It tries to fix things, but just makes things worse. In the 21st century, we are faced with immense challenges in how we protect individuals, our Canadian citizens, against those who might misuse their data and information. Any suggestion that this digital charter is actually an articulation of new rights is simply wrong. This is a digital charter, but it is not a digital charter of rights.
I will turn to the most significant and substantive part of the bill, the privacy elements. Very little of this legislation has been changed from the original Bill C-11, and the government has not measurably responded to the criticism it received from the stakeholders when the previous version of the bill was reviewed at committee.
There are five key additions and alterations to Canada's existing privacy protection laws.
First, the bill expressly defines the consent that Canadians must give in order for their data and information to be collected and used, and there are guidelines attached to that. We commend the government for doing that clear definition of consent.
Second, Bill C-27 addresses the de-identification, the anonymization of data that is collected by private companies. Again, that is important. We want to ensure when private businesses collect information from consumers that this information is not attached to a specific individual or citizen.
Just to be clear, the bill contains numerous broad exemptions, which we could probably drive a truck through, and will likely create the loopholes that will allow corporations to avoid asking Canadians for permission.
Third, the bill provides that all organizations and companies that undertake activities that impact the privacy of Canadians must develop codes of practice for the protection of the information they collect.
Finally, the act would create harsher financial penalties, up to $25 million, for a violation of Canadian privacy rights. We, again, commend the government for doing that.
However, let me say for the record that what we do not support is the unnecessary creation of a new personal information and data protection tribunal, which is another level of bureaucracy that would add more layers of complexity, delays and confusion to the commissioner's efforts to enforce privacy laws.
Canada is not alone in expressing concern over the risks that digital information and data flows represent to the well-being of Canadians and our privacy rights. Many other countries are grappling with the same issue and are responding to these threats, and none more so than the European Union. The EU has adopted its general data protection regulation, the GDPR, which has now become the world's gold standard when it comes to privacy protection in the digital environment.
The challenge for Canada is that the EU, which is a market of over half a billion well-heeled consumers, measures its willingness to mutually allow sharing of information with other countries against the GDPR, the standard it has set. Those who fall short of the rigour of that privacy regime will find it difficult to conduct business with the EU.
Do our current regime and this legislation measure up to the GDPR from the EU? No, probably not. In fact, for years Canada's digital data privacy framework has been lagging behind those of our international counterparts. The problem is that if we do not meet the standard, we will not be able to do the kind of business with the EU we expect to. As someone who played a part in negotiating our free trade agreement with the European Union, I know it would be an absolute travesty to see that work go to waste because our country was not willing to adopt robust privacy and data protections.
I note that, as is the custom with our Liberal friends, the bill creates more costs for taxpayers to bear. There is a creation of new responsibilities and powers for the commissioner, which we support, but this legislation calls for the creation of a separate tribunal, a new layer of bureaucracy and red tape that small and medium-sized enterprises will have to grapple with.
There are other unanswered questions. Why does this legislation not formally recognize privacy as a fundamental right? Regrettably, as presented, Bill C-27 misses the opportunity to produce a path-breaking statute that addresses the enormous risks and asymmetries posed by today's surveillance business model. Our key trading partners, especially the EU, have set the bar very high, and the adequacy of our own privacy legislation could very well be rescinded by the EU under its privacy regime.
Thirty-five years ago, our Supreme Court affirmed that privacy is “at the heart of liberty in a modern state”, yet nowhere in this bill is that right formally recognized. Any 21st-century privacy regime should recognize privacy as a fundamental human right that is inextricably linked to other fundamental rights and freedoms. By the way, I share the belief that as a fundamental right, it is not appropriate to balance off the right to privacy against the rights of corporations and commercial interests. Personal privacy must remain sacrosanct. When measured against that standard, Bill C-27 fails miserably.
I have much more to say, but I will wind down by saying that this bill is another missed opportunity to get Canada's privacy legislation right by consulting widely and learning from best practices from around the world. There is a lot riding on this bill, including the willingness of some our largest trading partners to allow reciprocal data flows. This bill is not consistent with contemporary global standards.
The Centre for Digital Rights notes that this legislation “fails to address the reality that dominant data-driven enterprises have shifted away from a service-oriented business model towards one that relies on monetizing [personal information] through the mass surveillance of individuals and groups.” That should be a wake-up call to all of us. Sadly, this bill fails to listen to that call. Let me repeat that there is a move toward monetizing personal information through mass surveillance of individuals and groups, and the government has not yet recognized that.
For those reasons, I expect the Conservatives will be opposing this bill and voting against it.
1277 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
No, not at all, Mr. Speaker. We are certainly not trivializing Bill C-27. In fact, right now it is only the Conservative members of Parliament who are speaking to it. This is the most important issue of privacy and protecting the privacy of Canadians within an emerging digital environment. I am disappointed that my colleague from the Bloc does not take this issue seriously enough to get up in this House and debate it. It is important that we get this right.
What we have is a redux of the old bill the Liberals brought forward. It was so roundly castigated and panned at committee that the minister had to go back to the drawing board. However, he has come back with essentially the same milquetoast legislation, which does not address the most critical parts of protecting the privacy of Canadians.
142 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I have great respect for my colleague and great interest in the issue of making privacy a fundamental human right.
One of the shocking things we found with the last bill was from the Privacy Commissioner. He ruled that the company Clearview AI had broken Canadian law by allowing all manner of photographs of Canadian families, individuals and children to be sold on a market with facial recognition technology. He called that out as illegal but told us that under the new law, it would be almost impossible for him to go after Clearview AI because his rulings could be overturned by a board the Liberals will appoint above him.
We trust our Privacy Commissioner and we need to protect privacy. I want to ask my hon. colleague why he thinks the Liberals are undermining privacy at this time.
141 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I have mutual respect for the member. We are both from the class of 2006, I believe.
Mr. Charlie Angus: It was 2004.
Hon. Ed Fast: Mr. Speaker, yes, 2004. He has a couple of years on me.
I agree with him 100%. What has happened is the government, in order to protect its right to interfere in protecting the privacy rights of Canadians, has established a tribunal that could override the commissioner's investigations of violations of privacy rights within Canada.
The member mentioned the Clearview AI situation. He is absolutely right that it was a fundamental breach of our privacy rights. However, there are Canadian companies like Tim Hortons that have also violated Canadians' privacy rights. That is why it is important that we get this right and not put through a milquetoast bill that will not achieve what we want and that allows the Liberal government to continue to interfere and protect its big business buddies.
I just mentioned the importance of making sure our privacy rights are protected in an era when data is being monetized. Canadians' own personal information is being monetized by corporate interests. We need to make sure that our rights are protected, and this bill does not go far enough.
210 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I would like to ask the hon. member a question about clause 5 of the bill. Clause 5 is the purpose section and is probably the most important section of any bill, as it sets out the reason for the legislation. That is the section where the government says an individual's rights are equal to a business's right to use people's personal information. That is the section, in my view, that needs to be amended to make a personal privacy right a fundamental right.
I wonder if the member could comment on why it so important to put a fundamental right in that section of the bill.
112 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, it is an excellent question because that is the fundamental failing of Bill C-27. We have an opportunity, once and for all, to express and codify Canadians' right to have their personal information and data protected. Typically, that kind of statement of purpose goes into the purpose section. It is completely missing from that section because we know the Liberals are not really serious when it comes to protecting Canadians' privacy rights. We can do better than this.
81 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, it is a privilege to rise in this House to speak to this piece of legislation. I would like to start today by saying a few words about how this bill is structured, and then I plan to use the majority of my remaining time to discuss the implications of this legislation regarding personal privacy rights.
When I look at this bill, my initial response is this: Should there really not be three separate pieces of legislation? One would deal with the consumer privacy protection act and issues related to modernizing PIPEDA, perhaps a second, separate piece would create the proposed personal information and data protection tribunal act, and a third, separate component, which should absolutely be its own legislation, would be for the section dealing with artificial intelligence.
AI may present similar, very legitimate concerns related to privacy, but the regulation of AI in any practical sense is almost impossible at this juncture because so many aspects of it are still very unknown. So much is still theoretical. So much of this new world into which we are venturing with AI has yet to be fully explored, fully realized or even fully defined. This makes regulation very difficult, but it is in this bill, so it forms part of this legislation.
We can see just how vague the language related to the AI framework really is. I understand why it is that way, and do not get me wrong; I think we need this type of legislation to regulate AI. However, in the same way, this is way too big a topic to delve into in a simple 10-minute speech. It is also too big a topic to drop into an existing piece of legislation, as the government has done here, basically wedging this section into what was known as Bill C-11 in the last Parliament.
I have deep concerns with AI. They are practical concerns, economic concerns and labour concerns related to the implementation of AI. I even have moral concerns. We have artificial intelligence so advanced that it can make decisions by itself. The people who have created that technology cannot explain how it came to those decisions and it cannot tell them. The capabilities of this technology alone seem almost limitless. It is actually a little scary.
Personally, I look at some of the work being done in AI and wonder if we should, as humanity, really be doing this. Just because we have the knowledge and capability to do something does not necessarily mean it is for the betterment of humanity. I wonder sometimes where this technology and these capabilities will take us. I fear that in hindsight, we will look back and see how our hubris led us to a technological and cultural reality we never wanted and from which we will never be able to return.
However, here we are, and we have this capability partially today. People are using it, and it requires some form of regulation. This bill attempts to start that important conversation. It is a good first step, and that is okay. I think this is one of those things where we need to start somewhere as we are not going to get it done all at once. However, again, given the enormity of the topic and the vast implications, it should be its own separate piece of legislation.
Those are my thoughts on the structure of the bill, and now I will shift gears to talk a bit about personal privacy.
Personal privacy is a fundamental right. Three decades ago, long before the advent of the Internet or smart phones, the Supreme Court of Canada ruled privacy is “the heart of liberty in a modern state”. It did not say that privacy was at the heart; it said privacy is the heart. Personal privacy is the fundamental right and freedom from which all other liberties flow, and with the advent of the Internet age, the age of the smart phone and the age of digitized everything, laws related to protecting the fundamental right to privacy must be updated. Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data. The question is, how do we realistically do that?
One of the reasons I am a Conservative is that I believe in individual rights and that rights and freedoms must be coupled with accompanying accountability and responsibility. This has to be a two-way street. Canadians need to be informed, and they need to be responsible and aware of what they are agreeing to, subscribing to and giving permission for. How often do we simply and blindly click “accept” without reading the terms and conditions for using a website, using an app or allowing others the use of our information?
I would be curious to know among my colleagues in the House, when was the last time they fully read the terms and conditions of a user agreement or a disclosure statement? Most of us just hit “accept”. We do not want to be bothered.
Recognizing this, can we really say the privacy of Canadians is being violated when many individuals live every moment of their lives posting in real time online for all the world to see, and access and just click “accept” without reading what they are agreeing to?
In this context, what is the role of government and what is the responsibility of the individual user? Government and businesses need to provide clear information, but people also need to be informed. They need to take responsibility.
I recall a while back when my office received an email on this subject of privacy. The individual was deeply concerned about web giants having access to his personal data. I had to laugh, because at the bottom of the email it said, “Sent from my Huawei phone”.
As a government creating legislation, where should those legal lines between consent and informed consent be drawn? As Canadians, we are a bit too quick to consent.
However, we have also seen far too many examples of Canadians’ private and mobility data being used without their consent. We heard about the Tim Hortons app that was tracking the movement of Canadians; how the RCMP was using Clearview AI’s illegally created facial recognition database; the public doxing of all those who donated to the freedom convoy; Telus giving location data to the Public Health Agency of Canada without a judicial warrant; and, in my view, the most egregious violation of privacy in generations, the requirement by the government and others for Canadians to provide their personal health data and information in order to work and/or travel.
If I am honest, it is this violation of privacy rights that makes me truly hesitant to support any effort by the government to strengthen privacy rights: first, because it has so flagrantly violated them, but also because I and a growing number of Canadians just do not trust the government. We do not trust it to keep its word. We do not trust it to create legislation that does not have loopholes and back doors that will give it the capability to violate individual personal freedoms.
Why? Because we have seen it from the Liberals. They want to control everything. There has never been a government that has had such an utter disregard for Canadians.
I have noted before that it was the Prime Minister's father who famously said that the government had no place in the bedrooms of Canadians. However, the current government not only wants to be in our bedrooms, but in every room, on every device, in every conversation and in every thought. It wants to control what Canadians think, what they see and what they post, and, by extension I can safely say, how their private data is curated and used.
One thing that is vital if we are to trust the government with our private data and with protecting privacy, there must be clear boundaries. This leads to one of the larger issues with this legislation, an issue we are faced with every time the government brings legislation forward. It fails to provide clear definitions.
There is a section of the bill that deals with the sensitive information of minors. The fact that there is no section for the protection of sensitive information of adults is a sign.
What does it mean by “sensitive”? It is never defined. What does it mean by “scrutiny” for data brokers? It is this habitual lack of specificity that characterizes so much of the government's legislation.
It is like a band that is way more interested in the concept of the album and how it looks on the cover than the actual quality of its music. If it cared about the quality of the music, it would have brought forward a bill that looks more like the European Union's 2016 GDPR, which is widely regarded as the gold standard for digital protection. By that standard, PIPEDA fails the test, but so might Bill C-27 if we do not bring it closer in line with what other nations have done. This lagging behind does not just affect personal privacy, but the ability of Canada and data-driven Canadian businesses to work with our EU friends.
This whole new regime outlined in the bill has huge implications for businesses, something I am sure my colleagues will be addressing. There is so much that can and should be said about this legislation, but it comes down to this: Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data.
1635 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, after testing ChatGPT earlier, I continued my research with Bing and asked it whether the Liberal government deserved Parliament's confidence when it comes to its Bill C‑27. The search engine told me that the bill enacts the Consumer Privacy Protection Act and that the Liberal government had introduced it in 2021. It also told me that it was unable to tell me whether the Liberal government deserved Parliament's confidence regarding this bill, but I could read the details of the bill.
Fortunately, artificial intelligence still has its limits because we need to think for ourselves. I will ask my colleague from Provencher a question. Would the Liberal government deserve our confidence when it comes to Bill C‑27? The member talked in his speech about confidence in the government. Accordingly, should we not be urgently sending the bill to committee? I think that everyone agrees on the need to regulate artificial intelligence. There is urgent work to be done in committee. Will the member be able to quickly provide his support to influence the content of this bill?
185 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, my question for the member is about the balance between personal information, privacy and business interests. It is something that this bill focuses a lot on.
The government talks about balancing them rather than the personal privacy of an individual being paramount. In particular, in subclause 18(3) of this bill, the government says that it is okay if it is in the “legitimate interest” of the company, even if it harms an individual. They do not need express consent to use the information.
I wonder what the member's views are on that, and whether or not the government is actually putting the emphasis on the individual or the big tech giants from the U.S.
121 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
