Bill C-11 (Historical)

Thank you, Mr. Chair.

Thank you, officials.

Before I ask a couple questions on this, which I don't believe I've talked to yet, I note that this is the third meeting we've had on CPC-7, most of which has been driven by the government's desire to amend and change it. I note this only because the government suggested that clause-by-clause would take four meetings and the government is the one pushing to make it longer.

Mr. Schaan, I'm a little concerned by your testimony earlier about the Privacy Commissioner. Bill C-11, which was the predecessor to this bill, attempted to make Privacy Act changes in the last Parliament, and I would like to read from the Privacy Commissioner's submission on it to committee, if I could:

While the OPC and the courts have provided some interpretations of sensitive information, it would be preferable to have a legislative definition that sets out a general principle and is context-specific, followed by an explicitly non-exhaustive list of examples (such as those included in article 9 of the GDPR). This would provide greater certainty for organizations and consumers as to the interpretation of the term. For instance, such a definition might read:

Sensitive information means personal information for which an individual has a heightened expectation of privacy, or for which collection, use or disclosure creates a heightened risk of harm to the individual. This may include, but is not limited to—

Does that sound familiar? It's in MP Garon's subamendment.

—information revealing racial or ethnic origin, gender identity, sexual orientation, political opinions, or religious or philosophical beliefs; genetic information; biometric information for the purpose of uniquely identifying an individual; financial information; information concerning health; or information revealing an individual’s geolocation.

That was for the last bill, so it comes as a surprise to me, Mr. Schaan, that you said the Privacy Commissioner has not asked for that. It's right in his brief.

Thank you, Mr. Chair.

This one's not a test, I don't think.

Throughout the bill, the term “lawful authority” appears. Now, we're in the early stages of the bill, and we found that our concern was that nowhere in the definition section of the bill does it actually define what “lawful authority” means. Without even providing that term, I think it provides a bit of ambiguity in there.

For instance, proposed section 44 of Bill C-27 allows an organization to share “an individual's personal information” with a government institution upon request “for the purpose of enforcing federal or provincial law”. The language of proposed section 44 is taken from PIPEDA, as I understand it, and it is problematic, given that it outlines few privacy safeguards that have been afforded to individuals in the past with Supreme Court decisions like the 2014 R. v. Spencer case. I'm sure everyone on the committee is familiar with that—I know that some of the witnesses are—but I'll just go over a summary of it.

R. v. Spencer, in 2014, according to Wikipedia, “is a landmark decision of the Supreme Court of Canada on informational privacy. The Court unanimously held that internet users were entitled to a reasonable expectation of privacy in subscriber information held by Internet service providers. And as such, police attempts to access such data could be subject to section 8 of the Charter of Rights and Freedoms. At issue was whether the police could request subscriber information associated with an IP address from an Internet service provider without prior judicial authorisation, who could then voluntarily provide it. The Supreme Court ruled that the request for internet subscriber information infringed on the Charter's guarantee against unreasonable search and seizure.”

Law enforcement, with some exceptions, in my view—in our view—generally should be required to produce a court order when asking for somebody's personal information: a bank account, personal messages, health information and that kind of thing.

The ambiguity with respect to the meaning of “lawful authority” that existed in PIPEDA with regard to disclosures to law enforcement remains in the CPPA and will likely result in continued disclosures of personal information without consent by organizations to police and to other law enforcement agencies in the absence of a court order.

Given this issue, the Privacy Commissioner recommended that the definition of “lawful authority” for purposes of sections like proposed section 44 in this bill be amended to clarify that individuals should still enjoy a reasonable expectation of privacy.

In the Privacy Commissioner's submission on Bill C-11 in May 2021, the Privacy Commissioner said:

Beyond transparency, clarity is also required with respect to the impact of the 2014 R v. Spencer decision with respect to when the state can obtain personal information via warrantless access. When Bill S-4 was before Parliament, the OPC recommended that:

a legal framework, based on the Spencer decision, is needed to provide clarity and guidance to help organizations comply with PIPEDA and ensure that state authorities respect the Supreme Court of Canada's decision. Such a framework would provide Canadians with greater transparency about private sector disclosures of their personal information to state agencies.

The Privacy Commissioner went on to state:

The ambiguity with respect to the meaning of “lawful authority” that existed in PIPEDA remains in the CPPA, as evidenced by companies' continued disclosures of personal information without consent to police and other law enforcement agencies absent a court order.

As such, we reiterate and update for Bill C-11—

At the time, that's what he was dealing with.

—a recommendation previously made in our 2015 submission to Parliament on Bill S-4, that a clarifying provision be introduced that defines lawful authority for the purposes of section 44. This provision would make clear that discretionary disclosures to law enforcement following a request should be permissible only where there are exigent circumstances, pursuant to a reasonable law other than section 44 of the CPPA, or in prescribed circumstances where personal information would not attract a reasonable expectation of privacy.

Recommendation 19: That a definition clarifying the meaning of “lawful authority” for the purposes of section 44 be introduced.

It wasn't. In his submission for this bill, on April 26, 2023, the Privacy Commissioner again proposed recommendation 19: “That a definition clarifying the meaning of 'lawful authority' for the purposes of section 44 be introduced” in this bill.

This amendment follows on the recommendations of the Privacy Commissioner on numerous occasions to “make clear that discretionary disclosures to law enforcement...should be permissible only where there are exigent circumstances, pursuant to a reasonable law other than section 44 of the CPPA, or in prescribed circumstances where personal information would not attract a reasonable expectation of privacy.”

That's by way of introduction. I haven't read the actual amendment, which is fairly short, but I know the witnesses have read it.

Do you agree with the Privacy Commissioner that this needs to be added to this bill, that we need to add a definition in the definitions section for “lawful authority”, which is a term used frequently throughout this legislation?

Madam Speaker, on September 19, Bill C-354, an act to amend the Canadian Radio-television and Telecommunications Commission Act regarding the cultural specificity of Quebec and the Francophonie was tabled and read for the first time. From the outset, I would like to thank the member for La Pointe-de-l'Île for giving me the opportunity to reiterate our government's commitment to supporting the French language.

Bill C-354 aims to amend the Canadian Radio-television and Telecommunications Commission Act, and this is closely tied to the government's ongoing work to ensure a broadcasting system in Canada that reflects the evolution of our digital world and in which all Canadians, including Quebeckers and members of the Canadian Francophonie, see themselves represented. In fact, closely linked is an understatement. The government's efforts have already been going very much in the same direction as the objective of this bill.

On February 2, 2022, our government introduced Bill C-11, aimed at reforming the Broadcasting Act so that Canadian laws reflect the evolution of our digital world. The latter aimed to clarify that online broadcasting services fall under the act, to ensure that the CRTC has the appropriate tools, to encourage greater diversity and inclusion in the broadcasting sector and to better reflect Canadian society.

The legislative process surrounding Bill C-11 took a very long time. Indeed, one year to the day passed between the initial tabling of the bill in the House and its adoption at third reading by the Senate. Both the Standing Committee on Canadian Heritage and the Standing Senate Committee on Transport and Communications spent many hours dissecting, analyzing, hearing from witnesses and refining Bill C-11. During the same legislative process, several modifications were made to Bill C-11 to strengthen the commitment to the French language and official language minority communities.

The Broadcasting Act, as recently amended, put in place new guarantees to ensure continued support for the production and broadcast of original French-language productions, the majority of which are produced in the province of Quebec. What is more, the CRTC is required to interpret the Broadcasting Act in a manner that respects the Government of Canada's commitment to promoting the vitality of Canada's French-speaking and English-speaking minorities and supporting their development. Added to this is the fact that the act provides that regulations must take into account regional concerns and needs. It should also be noted that the government is already actively consulting the provinces and territories, particularly when it comes to broadcasting.

At each stage of the process surrounding the implementation of the Online Streaming Act, the provinces and territories were consulted. In particular, the government consulted its provincial and territorial counterparts as part of the consultations related to the decree of instructions proposed to the CRTC concerning the implementation of the law.

The final decree also contains various instructions to support the official languages of Canada and official language minority communities. The decree recognizes, among other things, the minority nature of the French language in Canada and North America and the fact that the broadcasting system should promote the development of Canada's official language minority communities and promote full recognition and use of French and English in Canadian society. A section was even added to the final version of the decree to support the creation and availability of programming in French.

In addition, for its part, the CRTC has published a road map describing the main stages of the implementation of the act and is already actively consulting the public. It should be noted that as an administrative tribunal, the CRTC already holds in-depth consultations before making decisions under the rules of practice and procedure that it adopted in order to respect the principles of procedural fairness and of natural justice incumbent upon it. Provinces and territories have the opportunity to participate in CRTC consultations. To this end, the provinces and territories, including Quebec, can already present observations to the CRTC on issues of provincial interest during hearings and consultations.

It is important to specify that the Government of Quebec has the right and already uses its right to intervene in the CRTC's consultative processes. The Broadcasting Act provides for three forms of consultation, depending on the decisions it is considering. They are, in no particular order, one, with official language minority communities on any decision likely to have a detrimental effect on them; two, with CBC/Radio-Canada on its conditions of services; and three, with any interested party for decisions regarding conditions of services. The latter is an open consultation, where provinces and territories and, in fact, any interested intervenor can put forward their opinions and concerns.

In other words, the addition of the consultation obligation provided for by Bill C-354 could raise concerns that are being addressed in the course of the work of the CRTC and under the requirements of the Broadcasting Act. An obligation for the CRTC to consult elected provincial governments could also have an impact on public confidence and the independence of the CRTC. It is important that we are all mindful of not just the independence of the CRTC but the importance of that independence.

As outlined, “The CRTC is an administrative tribunal that regulates and supervises broadcasting and telecommunications in the public interest. [It is] dedicated to ensuring that Canadians have access to a world-class communication system that promotes innovation and enriches [the] lives [of Canadians].”

Further to this, under the section of the CRTC's own website entitled “We listen and collaborate”, it states that, in order to “fulfill [its] mandate, [it] must understand the needs and interests of Canadians who make use of broadcasting and telecommunications services.”

In conclusion, the government supports and will continue to support the French language. The Online Streaming Act and the act to amend the Official Languages Act are concrete examples of our commitment to the French language. Once more, the government regularly consults the provinces and territories, including Quebec.

The minister has consulted her counterparts on numerous occasions when it comes to regulating the broadcasting sector. The government will welcome any questions from members regarding Bill C-354 as the debate on this legislation continues.

I'm going to turn to the other witnesses now.

Did any of you participate in the consultations on Bill C-11 or the bill the committee is currently studying, Bill C-27? Please nod your head if you did.

I see that no one was consulted. All right.

In light of what we've seen since we began our study a few weeks ago, no one seems to have been consulted, but the Minister of Innovation, Science and Industry says that 300 individuals and organizations were consulted after the bill was introduced. I'd like to find those individuals and organizations. I don't know where they are.

In a moment, I'll be giving notice of a motion, but I'd like to ask you a question, first, Ms. Piovesan.

Mr. Balsillie appeared before the committee, and I'm sure you read his remarks. He likened the bill to a bucket that has holes. What witnesses have told us so far seems to suggest that the bucket basically has no bottom. That's what it seems like.

You talked about the fact that the committee has heard opposing views from witnesses. Take the tribunal, for instance. Some suggested getting rid of it because we didn't need it, while others argued the opposite, that having a tribunal in the sector was important.

Given how far apart on the spectrum people's views are, do you think the bill should have been split from the beginning? We've heard from the start that the bill is almost monstrous, that it's too big, that the privacy piece and the AI piece should have been dealt with separately.

What do you think?

Thank you, Mr. Chair.

Thank you to the witnesses as well.

Today's discussion is fascinating. I am very interested in what you have to say.

Ms. Piovesan, if I understood correctly, you helped draft Bill C-11, the predecessor to the bill before us today, Bill C-27.

Thank you, Mr. Chair.

Thanks to the witnesses. Welcome to the great Liberal darkness club. This makes me feel like a dog chasing its tail. I use that metaphor because I just saw Ms. McPherson's dog on the screen.

We are all here to discuss a bill that, as Mr. Champagne announced to us three weeks ago, would be subject to eight amendments, some of which will be major.

Mr. Balsillie, earlier you said that Mr. Bains consulted you at the time about Bill C-11 and that you had made recommendations. The current minister, Mr. Champagne, tells us he has consulted 300 organizations and experts.

Ms. Vipond, you clearly weren't in the group. At any rate, many of the witnesses here probably weren't in the consulting group, since they're asking us today to hold more consultations and that they be permanent and ongoing depending on how the bill evolves.

Mr. Balsillie, almost all the comments you've made on this bill thus far have been negative. Can you see anything anywhere in this bill that might be positive, or do you think we should simply toss it out and start over?

Based on what we have before us today, I think we've confused “privacy” with “artificial intelligence”. These are two completely different things, but we're putting everything in the same basket.

We would've liked to hear what you had to say about artificial intelligence. I'm convinced you would have liked to talk to us about that at greater length as well. So allow me to give you the floor.

Thank you, Mr. Chair.

I would like to thank my colleague for sharing his time with me.

I'd like to thank all the witnesses for being here.

Dr. Geist, I'd like to talk about the way this bill, formerly Bill C‑11, has been presented over the past two years. We know that amendments were requested and that the minister didn't really listen, because the new version is no better. So here we are, 18 months later, and you are having to testify about this bill.

During this whole process, which is set to last several months, we will be meeting with about 100 witnesses. How do you feel about this process, when we haven't had access to the eight amendments put forward by the minister, other than the few lines we've be able to get so far? I'm asking because you talked about this earlier.

I'd like you to speak as a witness. I'm not necessarily asking you to speak on behalf of others, but at the very least I'd like people to understand the process we are currently in, which I consider to be skewed. How can you or any of the witnesses who will appear possibly give your opinions on the content of a bill without access to the amendments?

Thank you, Mr. Chair.

Thank you to our witnesses here today.

I'm somewhat concerned about this bad bill before us today.

With Bill C-11, the Government of Canada had an opportunity to enshrine the fundamental right to privacy for children, to define what a minor is, to define perhaps an age of consent and do a whole bunch of stuff to ensure that children were protected. That bill died on the Order Paper.

Then, we had Bill C-27 when this Parliament opened up again. The minister again had an opportunity to enshrine the fundamental right for children to protect their privacy in some of the actions they may take online. Then the government had the opportunity to define what sensitive information is—likely in the context of a child. They had an opportunity to define what a socially beneficial purpose was in the context of a child.

The minister came before us a few weeks ago. He said, “I have this bill. It's going to do so much work to protect children, but we have to amend it.” Then we had to put a motion forward to get a copy of those amendments. We're here today. I am not going to relent on this until we have more clarification and I hear from as many witnesses as possible to ensure that children's rights are protected.

My question is open-ended. I'll start with you, Mr. Geist. What clauses of the bill do you believe need to be amended to ensure that a child's fundamental right to privacy and their online actions are not used in a way that will compromise them as adults, or at a future period of time in their life?

Thank you, Mr. Chair.

I'd like to thank all the witnesses.

Mr. Bennett, in your February 12, 2021, submission to the public consultations on Bill C‑11, you distinguished between the concepts of interoperability and harmonization. I believe this is particularly germane to the subject before us, because these two concepts can be confused. You showed the difference between the two with an example I'd like to quote:

For instance, the processes for doing PIAs should be interoperable between the federal government and the provinces. If an organization does a PIA under the authority of one law, it may need the assurance that the PIA will also be acceptable in another jurisdiction. But that does not necessarily mean the harmonization or convergence of rules.

First, can you provide us with a definition of these two distinct concepts?

Second, can you tell us whether the provisions of Bill C‑27 promote the interoperability of processes among the various levels of government or rather the harmonization of rules?

Thank you, Mr. Chair.

I also thank the witnesses.

Mr. Therrien, you were the Privacy Commissioner when former bill C‑11 was tabled. You had proposed amendments and stated that the bill was a step backwards from what existed at the time.

Your successor proposed 15 amendments, which you say you agree with. However, the government only retained five of them. Of the 10 it did not keep, which ones do you think should fundamentally be included in the current bill?

However, Bill C-11 was tabled—

Thank you, Mr. Chair. Thank you, witnesses.

My first series of questions are to Mr. Therrien.

You were the Privacy Commissioner during the development of the replacement for the Privacy Act in the last Parliament, Bill C-11, and presumably in the run-up to the development of this one. The current Privacy Commissioner was here last week and said essentially that he personally wasn't the commissioner who was consulted on it.

This is a critical bill because it's a complete replacement of the Privacy Act. It's not an amendment.

I'll start by asking you if, in the development of Bill C-11, the Minister of Industry of the day—I believe it was Mr. Bains—consulted with you before the bill was tabled in Parliament.

Mr. Speaker, I am pleased to rise today to speak to Motion No. 426, which deals with Bill C-27. For those watching who do not know Bill C-27, it is the government's piece of legislation to update our privacy laws and introduce a new act on artificial intelligence.

As to the purpose of this motion, even though the bill went through second reading and is now awaiting study at the industry committee, we are asking that the bill be split in three, because it really is three separate bills. The first bill, as my colleague from Bay of Quinte just mentioned, is the part of the legislation that deals with updating the Privacy Act, including all of the privacy terms for protecting an individual's privacy and protecting the rights of others to use someone's privacy, that is, how they can or cannot use it. The second piece of the legislation would create a new agency called the privacy tribunal. It is really a separate piece of legislation. In fact, it is classified as a separate piece of legislation, an act within this act. Then the third piece is the artificial intelligence and data act.

It really is three pieces of legislation in one bill, and that is why we have moved this motion asking that the bill be split in three. It is a massive 120-page piece of legislative change impacting every person and every business in this country. It deserves to be studied as three separate pieces, and members of the House of Commons deserve to vote separately on those three separate pieces of information.

I will start with the first piece, which is the privacy piece. We talked at second reading about the difference between our views on the purpose of this bill, this act, and the government's views. The government made the claim that this bill was making greater steps toward protecting the personal information of the individual, yet that is not what the bill does.

Clause 5 is the purpose section, the most important section of any bill that sets out what the legal structure or purpose of legislation is. It says that it tries to balance the protection of personal privacy with the rights of businesses to use people's data. It puts business interests on a par with individual privacy interests. As my colleague from Bay of Quinte just said and as I said in my second reading speech, that is a fundamental flaw of this bill. The Privacy Commissioner has already spoken out about it.

There has been discussion about whether privacy is a fundamental human right. There is language on this in the preamble, but the preamble of the bill has virtually no legal impact. It says that privacy is among the fundamental rights people have, but it is not in the purpose section. We have been seeking and will be seeking a broad discussion at committee on that issue and the legal implication of it. The purpose section of the bill, clause 5, should say that the protection of personal privacy is a fundamental right. It is not balanced between business needs and individual needs but is a fundamental right.

That is important not only for the reasons that I just outlined, but because further down, clause 18 of the privacy part of the bill creates a concept called “legitimate interest” for a business. Clause 17, just prior to that, lays out that there has to be the express consent of an individual for a business to use privacy data, but clause 18 goes on to say that there is a legitimate interest for the business to not care about an individual's express consent. In fact, it lets a company say that if something is in its legitimate interest as a company, even if it causes individuals harm, it is okay for it to use their data for something that they did not give permission for. It says that right in the legislation.

This is a fundamental flaw of a bill that pretends to be protecting people's fundamental privacy rights. It in fact protects big corporate data and the right of big corporations to use our data however they wish. It does give additional power, which is needed, to the Privacy Commissioner in that, but the second part of the bill then takes it back with the creation of the privacy tribunal.

Maybe the best explanations of the privacy tribunal is to compare it to and understand the way the Competition Act works. There are two aspects to how we decide competition issues and appeals. One is the Competition Bureau that looks at merges and acquisitions, and it says whether they are anti-competitive or not and will rule on that merger. Then there is a Competition Tribunal, like the privacy tribunal as proposed in the bill, which is the legal framework where the law gets done and the battle gets fought between the company that thinks it should do the merger and the Competition Bureau that thinks it should not.

A classic example recently was the Rogers-Shaw takeover. Quite a bit of time was spent both through the Competition Bureau process and the Competition Tribunal process, which ruled whether that sale could happen and then whether an aspect of that sale, being the sale of Freedom Mobile to Vidéotron, could be done.

The government wants to create that kind of process in the privacy law now. It is a separate act that creates this bureaucracy and this appeal mechanism, where six individuals will decide, as a privacy tribunal, whether a company has breached a person's privacy rights. However, out of the six individuals, only three of them need to any familiarity with privacy law. The others do not need any familiarity with privacy law, no familiarity with business, no familiarity with human rights, nothing. They do not need any other qualifications other than, perhaps in this case, they are a Liberal and are appointed to this board.

I have discussed this with a number of law firms since the bill was tabled a year ago. These law firms have very different views about whether this speeds up or slows down the process of dealing with individual privacy law issues. We need to have a separate study within the committee on that aspect. In fact, I have been talking to the chair of the committee about that structure, trying to get the hearings to be set up in a way that looks at these three pieces separately.

The third piece, which my colleague for Bay of Quinte spoke eloquently about, is on artificial intelligence.

Remember, the first two parts of the bill are essentially a modest rewrite of a bill from the last Parliament, Bill C-11, when the government tried to amend these acts and then complained that the bill did not pass, because it called an early election. The Liberals could not figure out why it did not pass. However, the Liberals reintroduced the bill, but then they bolted on this other thing, which has absolutely nothing to do with the first two parts.

The third part is called the “artificial intelligence act”, but it has nothing to do with the privacy of individuals and it has nothing to do with the appeal of a person's privacy. It is all about how to regulate this new industry, and it gets it wrong. The government is basically saying that its does not know what artificial intelligence is, which is not surprising for the Liberals, but it is going to regulate it. It is going to define it in regulation, and the minister is going to be in charge of defining it. The minister is going to be in charge of setting the rules on whether the law has been breached. The minister is also going to be in charge of fining someone who has breached the law of this thing the government cannot define. It is a total usurping of Parliament. The Liberals are saying that they do not know what it is, but we should trust them, that they will never have to come back to Parliament to deal with this again.

We are asking the House to split the bill into three, because it really is three separate pieces of legislation. The government would have more success in its legislative agenda if it actually brought in these pieces properly, individually, rather than a mini-omnibus bill of different types of issues. Then they could be properly studied, properly amended, properly consulted on and properly dealt with by Parliament. The government is choosing not to do that, which is why it is having such poor legislative success in all of its efforts to date.

Madam Speaker, he is certainly better known for the way his trademark mangling and misuse of words and phrases has resulted in strangely keen insights that are still widely quoted today by many. I have a few favourites. One of them is “I didn't really say everything that I said.” Another one is “We made too many wrong mistakes.” Another is “Swing at the strikes.”

When I thought about Bill C-27 and preparing to speak today, it brought to mind Yogi-isms, and not only because those examples I just cited reminded me of the Liberals' poor approach to governance but because the title of this bill is a real mouthful at 35 words long. This brought that to mind as well.

For now, I will call it the consumer privacy protection act, but it is really summed up best by what is probably the greatest Yogi-ism of all, which is “It's déjà vu all over again.” That really speaks to it. The member was looking for me to tie it back in, so there it is. There is the tie back in.

Here we are in 2023 and here I am speaking on yet another rehash of another Liberal bill from years previous. They have a real penchant for that, these Liberals. They kind of remind me of Hollywood Studios that no longer seems to be able to produce an original script so it just keeps churning out sequels. If Bill C-27 was a film, one could call it “Bill C-11, the redo”. Bill C-27 is essential a warmed-over version of previous Bill C-11, the digital charter implementation act the Liberals introduced back in 2020.

It is not to be confused with the current Bill C-11, which is also making its way through Parliament and is the online streaming act and which also poses another threat to Canadians' privacy and online freedoms.

It is really easy to see a bit of a pattern evolving here. In any case, in May 2021 the Privacy Commissioner said the digital charter act “represents a step back overall from our current law and needs significant changes if confidence in the digital economy is to be restored.” It of course died when the Prime Minister cynically called an expensive and unnecessary election nobody wanted and everybody paid for and that did not change the Prime Minister's political fortunes one iota.

Bill C-27 carries the stamp of that former digital charter proposal, which Conservatives had concerns about then, and which we still have concerns about in its new form now. Some of the text is in fact directly lifted from Bill C-11 and the text of that bill is available for all to review.

Let us talk more about the impact of the bill's content, rather than the wording itself.

The bill purports to modernize federal private sector privacy law, to create a new tribunal and new laws for AI, or artificial intelligence, systems. In doing so, it raises a number of red flags. Perhaps the most crimson of those flags, for me, is that the bill does not recognize privacy as a fundamental right. That is not actually all that surprising, because this is a Liberal bill. I hear daily from Canadians who are alarmed by how intrusive the Liberal government has become, and who are also fearful of how much more intrusive it still seems to hope to become.

It just seems just par for the course for the government that, in a bill dealing with privacy, it is failing to acknowledge that, 34 years ago, the Supreme Court said privacy is at the very heart of liberty in a modern state, individuals are worthy of it, and it is worthy of constitutional protection.

When we talk about privacy, we have to talk about consent. We have seen far too many examples of Canadians' private and mobility data being used without their consent. I think some of these examples have been cited previously, but I will cite them again.

We saw the Tim Hortons app tracking movements of people after their orders. We saw the RCMP's use of Clearview AI's illegally created facial recognition database. We saw Telus' “data for good” program giving location data to the Public Health Agency of Canada.

These were breaches of the privacy of Canadians. There needs to be a balance between use of data by businesses and that fundamental protection of Canadians' privacy. The balance in this bill is just wrong. It leans too heavily in one direction.

There are certainly issues with user content and use of collected information. For instance, there are too many exemptions from consent. Some exemptions are so broad that they can actually be interpreted as not requiring consent at all. The concept of legitimate interests has been added as an exception to consent, where a legitimate interest outweighs any potential adverse effect on the individual. Personal information would be able to be used and shared for internal research, analysis and development without consent, provided that the content is de-identified. These exemptions are too broad.

The bill's default would seek consent where reasonable, rather than exempt the requirement. In fact, there are several instances where the bill vaguely defines terms that leave too much wiggle room for interpretation, rather than for the protection of Canadians. For example, there is a new section regarding the sharing of minors' sensitive information, but no definition of what “sensitive” means is given, and there would be no protection at all for adults' sensitive information. These are both problematic. De-identification is mandated when data is used or transferred, but the term is poorly defined and the possibility of data being reidentified is certainly there.

Anonymization or pseudonymization are the better methods, and the government needs to sharpen the terms in this bill to be able to sharpen those protections. An even more vague wording in the bill is that individuals would have a right to disposal, the ability to request that their data be destroyed. Clarification is certainly needed regarding anonymization and the right to delete or the right to vanish.

There are many more examples. I know my colleagues will certainly expand on some of those questions as posed in the bill. I know my time is running short. I want to speak to the individual privacy rights of Canadians briefly.

Canadians value their privacy even as their government continually seeks ways to compromise it. The Public Health Agency of Canada secretly tracked 33 million mobile devices during the COVID lockdown. The government assured them their data would not be collected, but it was collecting it through different means all along.

Public confidence is not that high when the Liberals start to mess in issues involving privacy. The onus should be on the government to provide clarity around the use and collection of Canadians' private information because, to quote another Yogi-ism, “If you don't catch the ball, you catch the bus home.”

Mr. Speaker, it is a privilege to rise in this House to speak to this piece of legislation. I would like to start today by saying a few words about how this bill is structured, and then I plan to use the majority of my remaining time to discuss the implications of this legislation regarding personal privacy rights.

When I look at this bill, my initial response is this: Should there really not be three separate pieces of legislation? One would deal with the consumer privacy protection act and issues related to modernizing PIPEDA, perhaps a second, separate piece would create the proposed personal information and data protection tribunal act, and a third, separate component, which should absolutely be its own legislation, would be for the section dealing with artificial intelligence.

AI may present similar, very legitimate concerns related to privacy, but the regulation of AI in any practical sense is almost impossible at this juncture because so many aspects of it are still very unknown. So much is still theoretical. So much of this new world into which we are venturing with AI has yet to be fully explored, fully realized or even fully defined. This makes regulation very difficult, but it is in this bill, so it forms part of this legislation.

We can see just how vague the language related to the AI framework really is. I understand why it is that way, and do not get me wrong; I think we need this type of legislation to regulate AI. However, in the same way, this is way too big a topic to delve into in a simple 10-minute speech. It is also too big a topic to drop into an existing piece of legislation, as the government has done here, basically wedging this section into what was known as Bill C-11 in the last Parliament.

I have deep concerns with AI. They are practical concerns, economic concerns and labour concerns related to the implementation of AI. I even have moral concerns. We have artificial intelligence so advanced that it can make decisions by itself. The people who have created that technology cannot explain how it came to those decisions and it cannot tell them. The capabilities of this technology alone seem almost limitless. It is actually a little scary.

Personally, I look at some of the work being done in AI and wonder if we should, as humanity, really be doing this. Just because we have the knowledge and capability to do something does not necessarily mean it is for the betterment of humanity. I wonder sometimes where this technology and these capabilities will take us. I fear that in hindsight, we will look back and see how our hubris led us to a technological and cultural reality we never wanted and from which we will never be able to return.

However, here we are, and we have this capability partially today. People are using it, and it requires some form of regulation. This bill attempts to start that important conversation. It is a good first step, and that is okay. I think this is one of those things where we need to start somewhere as we are not going to get it done all at once. However, again, given the enormity of the topic and the vast implications, it should be its own separate piece of legislation.

Those are my thoughts on the structure of the bill, and now I will shift gears to talk a bit about personal privacy.

Personal privacy is a fundamental right. Three decades ago, long before the advent of the Internet or smart phones, the Supreme Court of Canada ruled privacy is “the heart of liberty in a modern state”. It did not say that privacy was at the heart; it said privacy is the heart. Personal privacy is the fundamental right and freedom from which all other liberties flow, and with the advent of the Internet age, the age of the smart phone and the age of digitized everything, laws related to protecting the fundamental right to privacy must be updated. Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data. The question is, how do we realistically do that?

One of the reasons I am a Conservative is that I believe in individual rights and that rights and freedoms must be coupled with accompanying accountability and responsibility. This has to be a two-way street. Canadians need to be informed, and they need to be responsible and aware of what they are agreeing to, subscribing to and giving permission for. How often do we simply and blindly click “accept” without reading the terms and conditions for using a website, using an app or allowing others the use of our information?

I would be curious to know among my colleagues in the House, when was the last time they fully read the terms and conditions of a user agreement or a disclosure statement? Most of us just hit “accept”. We do not want to be bothered.

Recognizing this, can we really say the privacy of Canadians is being violated when many individuals live every moment of their lives posting in real time online for all the world to see, and access and just click “accept” without reading what they are agreeing to?

In this context, what is the role of government and what is the responsibility of the individual user? Government and businesses need to provide clear information, but people also need to be informed. They need to take responsibility.

I recall a while back when my office received an email on this subject of privacy. The individual was deeply concerned about web giants having access to his personal data. I had to laugh, because at the bottom of the email it said, “Sent from my Huawei phone”.

As a government creating legislation, where should those legal lines between consent and informed consent be drawn? As Canadians, we are a bit too quick to consent.

However, we have also seen far too many examples of Canadians’ private and mobility data being used without their consent. We heard about the Tim Hortons app that was tracking the movement of Canadians; how the RCMP was using Clearview AI’s illegally created facial recognition database; the public doxing of all those who donated to the freedom convoy; Telus giving location data to the Public Health Agency of Canada without a judicial warrant; and, in my view, the most egregious violation of privacy in generations, the requirement by the government and others for Canadians to provide their personal health data and information in order to work and/or travel.

If I am honest, it is this violation of privacy rights that makes me truly hesitant to support any effort by the government to strengthen privacy rights: first, because it has so flagrantly violated them, but also because I and a growing number of Canadians just do not trust the government. We do not trust it to keep its word. We do not trust it to create legislation that does not have loopholes and back doors that will give it the capability to violate individual personal freedoms.

Why? Because we have seen it from the Liberals. They want to control everything. There has never been a government that has had such an utter disregard for Canadians.

I have noted before that it was the Prime Minister's father who famously said that the government had no place in the bedrooms of Canadians. However, the current government not only wants to be in our bedrooms, but in every room, on every device, in every conversation and in every thought. It wants to control what Canadians think, what they see and what they post, and, by extension I can safely say, how their private data is curated and used.

One thing that is vital if we are to trust the government with our private data and with protecting privacy, there must be clear boundaries. This leads to one of the larger issues with this legislation, an issue we are faced with every time the government brings legislation forward. It fails to provide clear definitions.

There is a section of the bill that deals with the sensitive information of minors. The fact that there is no section for the protection of sensitive information of adults is a sign.

What does it mean by “sensitive”? It is never defined. What does it mean by “scrutiny” for data brokers? It is this habitual lack of specificity that characterizes so much of the government's legislation.

It is like a band that is way more interested in the concept of the album and how it looks on the cover than the actual quality of its music. If it cared about the quality of the music, it would have brought forward a bill that looks more like the European Union's 2016 GDPR, which is widely regarded as the gold standard for digital protection. By that standard, PIPEDA fails the test, but so might Bill C-27 if we do not bring it closer in line with what other nations have done. This lagging behind does not just affect personal privacy, but the ability of Canada and data-driven Canadian businesses to work with our EU friends.

This whole new regime outlined in the bill has huge implications for businesses, something I am sure my colleagues will be addressing. There is so much that can and should be said about this legislation, but it comes down to this: Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data.

Mr. Speaker, to bring it back to the topic of this debate, Bill C-27, the intention of the bill is to modernize the protection of digital privacy rights in Canada. The previous iteration of the bill was roundly panned by stakeholders when it was introduced in the previous Parliament. However, in this new version, Bill C-27, the government has added a few new elements, for example, regulating artificial intelligence.

Unfortunately, there are so many different elements within the bill that nobody can actually address all the issues within a 10-minute speech, so I will focus on the privacy issues that are sorely lacking within the legislation.

The bottom line is that the new bill, Bill C-27, remains fundamentally flawed and is, simply put, a redux of the former bill. Essentially, what it would do is put lipstick on a pig.

The dramatic and rapid evolution in how we gather, use and disseminate digital information in the 21st century has presented the global community with not only a lot of opportunities but significant challenges as we try to protect society and individuals against the unauthorized use of their data and information. This directly implicates the issue of privacy and the various Canadian pieces of legislation that address the issue of privacy.

This is not the first time the Liberal government has tried to “fix” a problem, and I use that term advisedly. It tries to fix things, but just makes things worse. In the 21st century, we are faced with immense challenges in how we protect individuals, our Canadian citizens, against those who might misuse their data and information. Any suggestion that this digital charter is actually an articulation of new rights is simply wrong. This is a digital charter, but it is not a digital charter of rights.

I will turn to the most significant and substantive part of the bill, the privacy elements. Very little of this legislation has been changed from the original Bill C-11, and the government has not measurably responded to the criticism it received from the stakeholders when the previous version of the bill was reviewed at committee.

There are five key additions and alterations to Canada's existing privacy protection laws.

First, the bill expressly defines the consent that Canadians must give in order for their data and information to be collected and used, and there are guidelines attached to that. We commend the government for doing that clear definition of consent.

Second, Bill C-27 addresses the de-identification, the anonymization of data that is collected by private companies. Again, that is important. We want to ensure when private businesses collect information from consumers that this information is not attached to a specific individual or citizen.

Just to be clear, the bill contains numerous broad exemptions, which we could probably drive a truck through, and will likely create the loopholes that will allow corporations to avoid asking Canadians for permission.

Third, the bill provides that all organizations and companies that undertake activities that impact the privacy of Canadians must develop codes of practice for the protection of the information they collect.

Finally, the act would create harsher financial penalties, up to $25 million, for a violation of Canadian privacy rights. We, again, commend the government for doing that.

However, let me say for the record that what we do not support is the unnecessary creation of a new personal information and data protection tribunal, which is another level of bureaucracy that would add more layers of complexity, delays and confusion to the commissioner's efforts to enforce privacy laws.

Canada is not alone in expressing concern over the risks that digital information and data flows represent to the well-being of Canadians and our privacy rights. Many other countries are grappling with the same issue and are responding to these threats, and none more so than the European Union. The EU has adopted its general data protection regulation, the GDPR, which has now become the world's gold standard when it comes to privacy protection in the digital environment.

The challenge for Canada is that the EU, which is a market of over half a billion well-heeled consumers, measures its willingness to mutually allow sharing of information with other countries against the GDPR, the standard it has set. Those who fall short of the rigour of that privacy regime will find it difficult to conduct business with the EU.

Do our current regime and this legislation measure up to the GDPR from the EU? No, probably not. In fact, for years Canada's digital data privacy framework has been lagging behind those of our international counterparts. The problem is that if we do not meet the standard, we will not be able to do the kind of business with the EU we expect to. As someone who played a part in negotiating our free trade agreement with the European Union, I know it would be an absolute travesty to see that work go to waste because our country was not willing to adopt robust privacy and data protections.

I note that, as is the custom with our Liberal friends, the bill creates more costs for taxpayers to bear. There is a creation of new responsibilities and powers for the commissioner, which we support, but this legislation calls for the creation of a separate tribunal, a new layer of bureaucracy and red tape that small and medium-sized enterprises will have to grapple with.

There are other unanswered questions. Why does this legislation not formally recognize privacy as a fundamental right? Regrettably, as presented, Bill C-27 misses the opportunity to produce a path-breaking statute that addresses the enormous risks and asymmetries posed by today's surveillance business model. Our key trading partners, especially the EU, have set the bar very high, and the adequacy of our own privacy legislation could very well be rescinded by the EU under its privacy regime.

Thirty-five years ago, our Supreme Court affirmed that privacy is “at the heart of liberty in a modern state”, yet nowhere in this bill is that right formally recognized. Any 21st-century privacy regime should recognize privacy as a fundamental human right that is inextricably linked to other fundamental rights and freedoms. By the way, I share the belief that as a fundamental right, it is not appropriate to balance off the right to privacy against the rights of corporations and commercial interests. Personal privacy must remain sacrosanct. When measured against that standard, Bill C-27 fails miserably.

I have much more to say, but I will wind down by saying that this bill is another missed opportunity to get Canada's privacy legislation right by consulting widely and learning from best practices from around the world. There is a lot riding on this bill, including the willingness of some our largest trading partners to allow reciprocal data flows. This bill is not consistent with contemporary global standards.

The Centre for Digital Rights notes that this legislation “fails to address the reality that dominant data-driven enterprises have shifted away from a service-oriented business model towards one that relies on monetizing [personal information] through the mass surveillance of individuals and groups.” That should be a wake-up call to all of us. Sadly, this bill fails to listen to that call. Let me repeat that there is a move toward monetizing personal information through mass surveillance of individuals and groups, and the government has not yet recognized that.

For those reasons, I expect the Conservatives will be opposing this bill and voting against it.

Madam Speaker, I am looking at Bill C-27 and wondering what we make of the fact, and I know he commented on this, that we have three different bills that are all put together and only one is really new. We have seen the privacy pieces and the repeal of PIPEDA in the former Parliament's Bill C-11. The bill before us relating to artificial intelligence and high-impact AI and regulating that is essentially an entirely different scheme of legislation. Would the Conservatives agree that they should be split so we can examine them separately? I think that is already their position. What does the hon. member say to that?

Madam Speaker, we are here today to debate Bill C-27, the digital charter implementation act. With this bill, the government seeks to bring Canada's consumer privacy protections up to date, to create a tribunal to impose penalties on those who violate those protections and to create a new framework on artificial intelligence and data.

For my constituents, I think the most important question is this: Why are consumer privacy rights important? Our personal information has become a commodity in the modern world. Businesses and organizations regularly buy, sell and transfer our personal data, such as our names, genders, addresses, religions, what we do on the Internet, our browsing history, our viewing and purchasing habits, and more. This happens so often that it is almost impossible to know who has access to our sensitive data and what they do with those personal details. Unfortunately, this bill fails to adequately protect the privacy of Canadians and puts commercial interests ahead of privacy rights.

The first part of this bill is the consumer privacy protection act, and I will note, as many others have during this debate, that it is really three bills in one. It is the largest part of this bill and brings in new regulations on the collection, use and sale of the private data of Canadians. I will cover three issues that I have found in this act in the first part of this bill.

The first issue relates to how organizations may collect or use our information without our consent. Subclause 18(3) states:

(3) An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for the purpose of an activity in which the organization has a legitimate interest that outweighs any potential adverse effect on the individual resulting from that collection or use

Without defining what a “legitimate interest” is, this subclause risks giving organizations free rein to define “legitimate interest” in whatever way suits their own commercial interests.

The second issue I will cover relates to how the bill would protect the privacy rights of children. Subclause 2(2) states:

(2) For the purposes of this Act, the personal information of minors is considered to be sensitive information.

However, nowhere in this bill are the terms “minor” or “sensitive information” defined. This will lead to confusion about how the personal information of children should be handled, and will ultimately lead, in my opinion, to weak protection of that information. There is also no other provision in this legislation that regulates the collection and use of children's personal data.

Every parent in the House of Commons is very concerned about their child going on Minecraft and about their interactions with other people and other gaming sites. This bill does not do enough to protect children in the context of online gaming.

The last issue I will raise in this act relates to when organizations can rely on implied consent to collect and use personal data. Subclause 15(5) states:

(5) Consent must be expressly obtained unless, subject to subsection (6), it is appropriate to rely on an individual’s implied consent, taking into account the reasonable expectations of the individual and the sensitivity of the personal information that is to be collected, used or disclosed.

This subclause highlights that the bill lacks a clear definition of “sensitive information”. This means that organizations will have free rein to determine when they can rely on implied consent, and they will be free to decide what information is or is not deemed sensitive according to their interpretations and not the legislation's interpretation.

The second part of the bill relates to the creation of the new personal information and data protection tribunal act. The bill would create a new semi-judicial body with the power to levy financial penalties against those who violate the CPPA, the first part of the act. I question whether this tribunal would be able to enforce the penalties outlined in clause 128, which are tied to global revenue and a proportion of profit in the previous fiscal year.

How does the government plan on ensuring accurate figures? Does the government really believe that it will go after Google in a global context, hold Google accountable and collect up to 4% or 5% of Google's global revenue? It is farcical.

We need very clear and very big amendments to this section. We need to question whether we even need a tribunal, because if it is in charge of enforcing clause 128 of the bill, I already know it is going to fail.

Under the third section of the bill, the artificial intelligence and data act, new provisions would be created that apply to the private sector. However, this bill does nothing to address the relationship between government and artificial intelligence.

Right now in Parliament, we are debating Bill C-11, which talks about the government's use of algorithms in the context of the CRTC. This bill has rightly infuriated Canadians across the country who are concerned about how the government would determine what people say and do on the Internet and where they would be directed. Why is the government not trying to apply the same standards upon itself as it is trying to apply on private corporations?

I want to address some other key oversights in the bill.

First, in the U.K., EU and even Quebec, certain personal details, such as race, sexuality and religion, are given special protection in comparison with other personal information. Why does the government believe the most identifiable aspects of our personal information are not worthy of being defined as sensitive information in the context of privacy law?

Second, the bill does nothing to regulate the sale of personal data. I am reiterating this point. In a world where the sale of personal data has become an integral part of our economy, why is the government not concerned with setting clear rules on how data and what kinds of data can be bought and sold, especially in the context of children?

Third, the bill fails to regulate the use of facial recognition technology. The RCMP used Clearview Al's facial recognition database, which was illegally created. Why does the government not think it is appropriate to ensure this never happens again?

Fourth, the consumer privacy protection act and the personal information and data protection tribunal act proposed in this bill are nearly identical to the acts proposed under last Parliament's Bill C-11. The consequence is that Canada's consumer privacy laws will be out of date by the time they come into force.

This bill was an opportunity to put forward strong regulations on the collection and use of personal data, but it failed to meet some basic criteria and thresholds. While the increased penalties for violating the act are welcome, they are watered down by the implementation of a tribunal that would take months or potentially even years to make a decision and levy fines. It is even questionable whether such a tribunal could actually do what it is purported to be responsible for.

Do we really need privacy legislation that fails to protect the privacy of Canadians? Do we really want privacy legislation that fails to put consumer interests ahead of corporate interests? Do we really want privacy legislation that fails to protect the personal information of children? Do we really want Al regulations that do not apply to government? Frankly, the government needs to withdraw Bill C-27, break it up into different parts and come back to Parliament after it has looked at the drawing board again and done something a little more comprehensive.

Madam Speaker, in a previous Parliament, the government killed Bill C-11 because it wanted to have an election. It did not see the importance of that bill. Now the government is proposing a flawed bill and expecting us to support it. We will support a bill that really makes sense, a bill that will help and work for Canadians.

I do not think we have any interest in wasting time. It is up to the government to do something with its bill to make it acceptable for other parties to support it.

Madam Speaker, last week, the federal government banned the use of the TikTok app on government devices because of data privacy concerns, so it is very appropriate for us to be discussing this matter today. Digital data privacy can be seen as a fundamental right, one that urgently requires strengthened legislation, protections and enforcement. Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data.

This is a pressing issue. Realizing that, the European Union introduced the GDPR, its General Data Protection Regulation, in 2016. EU countries were given a couple of years to adapt to this new privacy reality, with the regulation coming into effect in 2018. The GDPR has been used by many other countries as a framework for privacy protection.

With the GDPR as an example, and faced with a changing digital data universe, the government basically did nothing to protect data privacy for Canadians. Perhaps that is an unfair statement. After all, digital and online data privacy was addressed in the last Parliament under Bill C-11. The Liberals recognized that Canada needed to bring its privacy laws into the 21st century.

However, that bill was never passed. Apparently, data privacy was not a big enough issue to be made a priority, and the digital charter implementation act was scrapped in favour of an election that Canadians neither wanted nor needed. Now we are asked once again to address this subject. It is indeed better late than never. I would have hoped, though, that with the delay, the government could have improved on what it is proposing.

Perhaps if the government had moved a little faster, Canadians would not have had to question how their data was being used and how their privacy was being invaded by governments and corporations. We are left to wonder how many privacy breaches have gone undetected or unreported. The ones we know of are disturbing enough. Tim Hortons used its app to track customer movements. The RCMP used Clearview AI’s illegally created facial recognition database. Telus gave customer location data to PHAC.

It has been more than 20 years since Canada’s existing digital privacy framework, the Personal Information Protection and Electronic Documents Act, PIPEDA, was passed. With technological changes in recent years, legislation is needed to address subjects such as biometrics and artificial intelligence. We have to consider how Canadians understand the issue of consent when it comes to the use of their data and their privacy.

I am deeply concerned and disappointed with how sloppy the Liberal approach in Bill C-27, the digital charter implementation act, 2022, currently is. Privacy is a fundamental right. This bill does not mention that, despite the Supreme Court of Canada having acknowledged it. We need to clearly distinguish the extent to which Canadians’ digital privacy will be protected. If the government wants the bill to be fully effective, it needs to further explore the scope of accountability required when privacy is breached.

The clear definition of consent is a major improvement from what it once was in the Personal Information Protection and Electronics Document Act, but a good definition is only the beginning. Because technology has greatly expanded and evolved since the implementation of PIPEDA, should we not also expand the umbrella of activities that consent would cover? The large number of exemptions allowed would weaken the impact of the legislation.

Bill C-27 may be a good beginning, but I had hoped for something better. It is sad that the bill’s title is perhaps the strongest statement in the legislation. While the title gives some idea of what the legislation is all about, it is already dated. We are no longer in 2022, and the Liberals are once again falling behind.

As parliamentarians, we know the power of words and the importance of speaking in a way that can be understood by those receiving the message. It is important that legislation can be understood. It is even more crucial that the bills we pass spell out exactly what we intend.

Perhaps the most important part of any of the laws is the section that provides definitions. They need to be clear and comprehensible and not subject to differing interpretations that weaken the intent of the legislation. Legislation that allows each person to provide their own definitions is problematic. Bill C-27 uses words such as “significant impact” or “sensitive information”. I cannot help but question what is covered by these vague terms.

Before the people of Edmonton Manning sent me to represent them in the House, I was a businessman. I understood the importance of safeguarding the personal information my customers entrusted to me and not to abuse that trust. However, as we have seen, some companies make unauthorized use of the information they gather to gain a competitive edge or for profit.

With that in mind, there must be a balance between acceptable use of data by business and the fundamental protection of our privacy. It seems to me that the balance is wrong on this bill, given the way it addresses user consent and the use of collected information.

The more I read Bill C-27, which 100 pages-plus, the more questions I have. There is too much in it in need of clarification. Yes, that will be done when it goes to committee after second reading, but the government could have presented a better bill to make the committee’s work easier.

I do not want to sound too negative. I know the Liberals mean well, even if they do not seem to be able to quite understand just how important digital privacy is to Canadians in the 21st century. I am pleased therefore to see that they understand that sometimes mere words or a scolding are not enough.

It makes sense to me that the Privacy Commissioner will receive new powers to enforce violations of the consumer privacy protection act. That may be the most impactful change the legislation brings about. It is not enough to simply recommend that perpetrators stop their violations. Any parent could tell us that consequences are needed if we want to ensure improved behaviour.

With the Privacy Commissioner finally being able to force violators to conform to the rules, I think we will see increased respect and better treatment of Canadians' personal information. The harsh financial penalties for non-compliance will be a powerful motivator.

Given the amount of time the Liberals had before presenting Bill C-27, we must question why they did not come up with a better bill. They have left me, and all Canadians, asking if they really understand what their own legislation is supposed to do.

Does the consumer privacy protection act, as proposed in the bill, do enough to properly protect Canadians’ personal information? The Liberals had a chance to look at the EU’s GDPR and see how well that worked. Did they learn anything?

Would Bill C-27 improve the protection of Canadians’ personal information or are there so many exemptions for needing consent in the sharing of personal information that the words of the bill are meaningless?

Would the legislation create proper protections for Canadians’ biometric data? Given that no such protection currently exists, perhaps we should be thankful that the subject is addressed at all.

Is it reasonable to exempt security agencies and departments, such as CSE, CSIS and DND from AI regulations? How do you balance privacy and security concerns?

Canadians’ digital privacy and data needs to be properly protected. This bill is a flawed attempt to start the long overdue overhaul of Canada’s digital data privacy framework. The Conservatives will be looking at putting forward some common-sense amendments at the committee stage to ensure we have the best possible legislation.

Madam Speaker, I want to use my speaking time in the House to note that today is the 85th day of the blockade of the Lachin corridor. This blockade has left 120,000 Armenians in Nagorno-Karabakh without access to health care, food and medication. This situation has been denounced by the European Parliament, by Amnesty International and, last week, by the International Court of Justice. I urge the federal government to do more and apply pressure to ensure that these 120,000 Armenians can have access to food and to prevent a humanitarian crisis.

I am pleased to rise in the House today to speak to Bill C-27, an act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other acts.

This bill includes many things and covers many topics. I want to begin with the part on artificial intelligence. The NDP was a bit concerned by the fact that in the wake of Bill C‑11, this whole new part on the Artificial Intelligence and Data Act was added to Bill C‑27. We think this is a separate issue that needs to be dealt with separately. It is a huge topic in and of itself. We are pleased that the bill is being split so that we can study it in two parts.

In my riding, Rosemont—La Petite-Patrie, there is a burgeoning AI hub that provides jobs for hundreds, maybe even thousands, of professionals. I have met people who were a little worried about the federal government being kind of hasty in dealing with an issue as complex as AI. They are particularly worried about the fact that the U.S. and the EU have laws and regulations already. They think we need to take the time to make sure Canada's regulations are compatible with what is being done elsewhere, with our trading partners and our competitors, just so that it will be easier to attract talent down the line and get these professionals to go work in Montreal, Toronto, Vancouver and other places in Quebec and Canada. They want to avoid the kind of incompatibility that could result in unnecessary obstacles.

With respect to the protection of personal information, I believe that, sadly, a string of scandals has made people aware of this issue, and they realize that our laws and regulations must be updated and adapted. Consider the personal information and data breaches and the problems this causes for people. I will quickly mention a few examples. The problems with Yahoo, Marriott, and Mouvement Desjardins in Quebec, as well as Facebook, all revealed the need for new measures to help victims who have had data and their personal information stolen in several countries. We need only think of the 2019 settlement in the U.S. for the Equifax data breach. It is quite significant, given that Equifax is one of the largest companies people rely on for their credit score so they can make purchases or borrow money. This is not trivial.

Here, in 2019, the Office of the Privacy Commissioner of Canada found that Equifax fell short of its obligations to Canadians and Quebeckers. He then had the company sign a compliance agreement that did not require the payment of any fines or damages for Quebec or Canadian victims. This happened just a few years ago and clearly demonstrates just how outdated Canada's legislation is.

That is why the NDP will be supporting Bill C-27 at second reading. We think it is important that the bill be sent to committee, because we see all the cracks and gaps currently in the bill. It is important that the Office of the Privacy Commissioner be strengthened to bolster enforcement measures to protect consumers and Canadians. Bill C-27 needs to be amended to improve things. There are some shortcomings in this bill. There is even some backsliding in relation to Bill C-11, its predecessor in the previous Parliament, before the last election.

Privacy concerns everyone. In a digital world where social media and online entities are taking up more and more space, we have to remember that, although it is nice to use them sometimes—and they can be of great service—we are the ones who have become the product. Our personal information is the source of huge profits, and we need to be aware of that.

Our information is used to target the advertising we see on our devices when we go to websites. That targeting is based on our personal choices, preferences and searches. Big corporations create profiles and use them to sell advertising. We are the product. These companies make money off the information we give them for free. I have met people who had an interesting suggestion. Maybe these companies should pay us because we are their source of profit. They make money off the targeted advertising they sell, and that is how they plump up their bottom line.

We need to modernize our privacy protection laws. We also need to start thinking about the implications of handing over so much information about our consumer behaviour, our travel patterns, our interests and everything we search for online. We have to prompt people to think about that.

The bill is interesting because it creates a lot of new regulations and a new tribunal. The NDP thinks that is a good thing, but the bill does not go far enough. For example, the bill sets out a private right of action for individuals, but it does not really make it possible for consumers who have fallen victim to privacy breaches to be compensated, unlike what is being done in the United States. This right comes with various rather ineffective stipulations, so although there are new provisions, like this new tribunal, the bill provides for very little recourse.

A few years ago, the NDP published a digital bill of rights for Canadians. In it, we called for new, more effective provisions on consent and the sustainability of data. We called for the government to give the commissioner order powers and to impose larger and more consequential monetary penalties. We also called for transparency with regard to algorithms and more protection against abuse.

I think that the government could draw inspiration from the NDP's digital bill of rights to amend, enhance and improve the bill before us today. Once again, I have to say that this bill takes half steps because it proposes half-measures. There are some rather interesting measures in this bill, but they do not go far enough.

For example, there is still a significant imbalance between commercial interests and individual rights. Unfortunately, the Liberals are still in the habit of putting commercial interests ahead of the rights of citizens. For example, the new preamble of Bill C‑27 tries to present privacy as an individual interest tied to fundamental rights, but still does not directly recognize that privacy is not just an essential aspect of fundamental rights, but a fundamental right in and of itself. It considers the right to privacy to be part of Canadian norms and values, rather than a fundamental right. I think this part of the preamble of the bill should be changed.

There is also some backsliding. Under Bill C‑27, individuals would have less control over the collection, use and disclosure of their personal data, even less than what was proposed in Bill C‑11, which was introduced during the last Parliament. That is really the crux of the matter. If we do not have control over the information we provide or the way it is used or shared, it will be a wild west, total chaos. That is what we are seeing now, in fact. This is a step backwards, and I think that the NDP will be proposing amendments to restore this balance.

Under the bill, information that has been de-identified is still personal information, with some exceptions. There are quite a few exceptions, including in clauses 20 and 21, subclauses 22(1) and 39(1), and the list goes on and on. Roughly a dozen clauses contain multiple exceptions, so it gets extremely complex and confusing. It seems to me that this is going to give big corporations and web giants a way out, through loopholes and back doors. They will be able to do whatever they want because of this list of exceptions.

We in the NDP will be supporting the bill at second reading, but there is still a lot of work to be done to improve the bill.

Madam Speaker, I am concerned. I said that right off the top. When Bill C-18 was introduced over a year ago, the bill was designed to help local newspapers in this country. Now we find out when we peel back the onion that public broadcaster CBC, Rogers and Bell, are going to get 75% of the funding from Meta and Google. Why are they at the trough?

We dealt with Bill C-10 and Bill C-11 before, which pertained to those industries. Bill C-18 was designed for newspapers, as we have found out with the department saying only $150 million will be raised. Is it $150 million, or what the PBO said is a bigger pot of $239 million?

Mr. Speaker, it is an honour to speak today in the House about Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making other consequential amendments.

This is a critical bill, and I am very happy to see the debate being undertaken today in the House. I do know that cybersecurity is important to the Minister of Public Safety, so I will give him credit for bringing this bill forward. It should be something that is important to all government ministers of every level of government. It is very important that we are having this debate today.

I was provided a briefing from cybersecurity experts from the minister's department just under a year ago. It was very informative about the risk Canada faces in terms of cybersecurity. Just to speak simply, I asked them what would be, in the worst case scenario, sort of a Pearl Harbor moment for Canada. They responded that it would be a cybersecurity attack on our electrical infrastructure or our pipeline infrastructure in the middle of winter. If there were a cyber-attack or a ransomware attack on the infrastructure that keeps Canadians warm in the middle of winter, that would be absolutely devastating, specifically in our coldest provinces, regions and territories in Canada.

Just to give Canadians an idea of the gravity of what we are talking about today and how important it is, not only that we bring forward cybersecurity legislation that builds capacity, but also that it be done right. There was a series of questions before my remarks that outlined a number of the issues in this bill.

I will just outline a number of recent cybersecurity attacks in Canada and also in the United States of late. We know that the Canada Revenue Agency was attacked in August 2020, impacting nearly 13,000 Canadians who were victims of that. There was also a hospital in Newfoundland, in October 2020, where the cybersecurity hackers stole personal information from health care employees and patients in all four health regions, as well as social insurance numbers belonging to over 2,500 patients. Very deeply personal and private data from these hospitals was stolen by cybersecurity hackers.

Global Affairs also most recently was attacked in January 2022, right around the time that Russia engaged in the illegal invasion of Ukraine. It was reported that it may have been Russian, or Russian state-sponsored, actors who were responsible for the cyber-attack on Global Affairs.

That was a very serious attack on another government department. The government is certainly not immune to these types of cybersecurity attacks.

Most famously, I would say, there was a ransomware attack on critical infrastructure in the United States back in May 2021. Pipeline infrastructure was attacked. President Biden issued a state of emergency. Seventeen states issued these states of emergency. It was very serious, and it just shows the capabilities of some of these cyber-threat actors, and the threat they pose to Canadians in their everyday lives and to Canada as a whole, as well as the threat to our allies.

This bill is coming forward in light of the government announcing most recently, in the past year, that it would ban Huawei from our 5G infrastructure. Conservatives and the House of Commons, in fact, have been calling on the government to do that for quite for some time. This legislation would help enable the practical implications of that ban. Again, it is certainly a very long time coming. Had this been done years ago, it would have saved our telecommunications and thereby the everyday users of our telecommunications companies, a lot of pain and a lot of money. I am concerned about the financial impact, although this is critical, that waiting so long to bring it forward would have on everyday Canadians and their cellphone bills, just as an example.

I am the vice-chair of the public safety and national security committee. I championed a study we are undertaking, which is in the process of being finalized right now, of Canada's security posture in relation to Russian aggression. A large part of that study was about cybersecurity. The experts we brought in repeatedly sounded the alarm that cybersecurity is of the utmost importance. It is something that the Government of Canada, the private sector, provincial governments and, frankly, municipal governments must take extremely seriously. It is rapidly evolving. I am going to give some quotes from a few of the experts to the lay the stage of what we are facing as Canadians.

Professor Robert Huebert of the University of Calgary said:

With regard to other cyber threats, we also know the Russians have shown an increasing capability of being able to interfere in various electronic systems and cyber systems of other states. We've seen this with their ability to influence the Ukrainian electrical system prior to the onset of the war in 2014.

This is the other war it engaged in over the last number of years. He also said that we are seeing this in other locations across the globe.

He went on to state:

Once again, it's hard to know exactly how well-defended [Canada has] become in being able to harden that part of cyberwarfare. There's no question, whatsoever, that the attention the Russians and the Chinese are giving this is increasing....

He compared that to the reports we are hearing from our American and British friends and allies who are saying the Chinese and Russians are extremely active on the issue of cybersecurity and involving state-sponsored actors launching attacks against countries like Canada and the United States.

We also had a woman named Jennifer Quaid, who is the executive director of the Canadian Cyber Threat Exchange, which is a private company that supports various companies to help boost their cybersecurity. She talked a lot about cybercriminals. This is an important piece. Even the minister talked about this as well.

First and foremost, she flagged that the Minister of National Defence of the current government said, “Cyber security is one of the most serious economic and national security challenges we face.” Therefore, it is quite a serious issue we are talking about today.

Ms. Quaid went on to say, “cyber-threats are becoming more sophisticated and are increasingly pervasive. Driven by the growth and global adoption of innovative technologies, cybercrime pays.”

She meant that cyber-threat actors can be grouped roughly into two categories, nation states conducting espionage and statecraft through the Internet, and criminals engaging in cybercrime for financial gain.

She went on to say, “It's this criminal element that has commercialized cybercrime”, meaning that cybercriminals and cybercrime have now become a thriving industry. She pointed out that the barriers to entry, the technical expertise needed to be a hacker, so to speak, is increasingly low. She said that several countries now are allowing cybercriminal groups to operate within their borders.

She also named something called a “hacktivist”, an activist hacker, of all things. We may have someone, in the name of social justice, hacking into a fossil fuel company, for example. Imagine if that happened in Canada in the middle of winter to our gas pipeline infrastructure. It would be devastating and deadly, so we have to keep an eye out for hacktivists, as she said.

She also pointed out that 25% of organizations in Canada have reported a cyber-breach. One in four. That is pretty significant. She said that the small and medium-sized enterprises that make up 98% of our economy are also being impacted. Almost 100% of our economy is being attacked in some form or another.

This is really important when we think of big banks and big, wealthy corporations that have pretty good cybersecurity infrastructure and have the money to do so. What feeds them is third party suppliers that may provide the various components or various mechanisms to undertake their important parts of the industry that company is engaged in. They are also at risk. Therefore, if a lower third-party provider of a major telecom is attacked, for example, that may seriously impact the ability of that telecom to deliver its services adequately to Canadians.

She mentioned that 44% of SMEs, small and medium-sized enterprises, do not have any defence. Almost half of our small and medium-sized enterprises, which dominate our economy, do not have any sort of defence and are not even thinking about cybersecurity. That is why today's discussion and this bill are important to be debated and have experts weigh in.

I will also quote Dr. Ken Barker, who is a professor at the Institute for Security, Privacy and Information Assurance at the University of Calgary. He talked a lot about the impact of cybersecurity on critical infrastructure. He mentioned that, in general, it is very vulnerable because it is built on legacy systems that, in essence, predate the Internet. As our legacy systems are getting online, this creates, as he explained, some gaps that hackers can take advantage of, which again puts our critical infrastructure at risk. That came up over and over at committee. He pointed out that our large private companies and our banks are investing a lot in cybersecurity, but again, as he and Ms. Quaid pointed out, it is their SMEs that are the most vulnerable.

I will conclude my quotations here with Caroline Xavier, who is the director of the Communications Security Establishment, which falls under the Department of National Defence. It is the part of government responsible for cybersecurity. Therefore, that she is the head of government cybersecurity is a simple way to look at it.

She said, “cybercrime is the most prevalent and most pervasive threat to Canadians and Canadian businesses. Cybercriminals trying to probe Canadian systems have been found in Russia, Iran and China, among others. [They] use various techniques such as ransomware”. They are specifically focusing on our critical infrastructure, and they certainly pose, as she said, “the greatest strategic threat to Canada.”

The bill before us would do a number of things. It is quite a large bill, so I will not go into every detail of what it would do, but in essence there are two parts. One would amend our existing Telecommunications Act. Of particular importance, it would give very broad and sweeping powers to the minister of industry to do a number of things. What has been criticized by a number of organizations is a specific part of the bill, which is in the summary, that says it would allow the minister and the Governor in Council to “direct telecommunications service providers to do anything, or refrain from doing anything”.

Those are very broad powers to be given to one minister, so that should immediately put up red flags for all of us. No one should have such vast sweeping powers over our telecoms. Again, I have built the case that we need better cybersecurity, but there is a big question mark here of whether we are giving too much power to one minister, one person, in all of Canada.

The bill also has a whole financial issue involved in it. To do anything, as it said, could have massive financial implications. Big companies such as Telus may be able to afford that, but our small telecoms may not be able to so much. It might bankrupt them. That is not great news, and there would be no financial component, in terms of compensation, for any of these losses, so there is a big question mark there as well.

Also, something of importance I find quite concerning is the way the bill is structured would result in a significant exchange of a lot of information from telecoms to the minister, which he could pass on to various ministers and government agencies. Is that very confidential information? It is certainly the cybersecurity plans. Does that include state secrets? Is it safe that we would be asking our telecoms this?

The second part of the bill involves all critical infrastructure companies in Canada, as was outlined by the minister, including provincial and Crown corporations, and the like, so the bill would really establish the process that all of these companies would have to provide their cybersecurity plans, and there would be a very strict reporting mechanism. We are talking about days, if not a few weeks, to get together these plans and provide them to the minister. There would be annual updates required. If a big company were to change a third-party provider, it would have to, in essence, immediately report that to the minister of industry.

There is a whole host of very cumbersome reporting mechanisms, and I do believe we need some of these, but a question remains, as I have outlined earlier, and the government is not immune to being hacked by cybercriminals. I just outlined three or four incidents when that happened. The bill would take all of our critical infrastructure, and all of companies' cyber-defence plans, along with countless other pieces of personal data of Canadians and others, and we would give that to the government. An argument could be made that this is needed, but where are the protections for that? Where is the defence of government to ensure that this would not end up in the wrong hands or that information is not hacked by cyber-actors?

That is a significant threat that needs to be addressed by the minister, and I was not assured from his remarks that this is something that is front and centre in his objective through the bill.

I would also say that there is a number of civil liberty organizations that have raised serious alarm as well. There was an open letter written to the minister from the Canadian Civil Liberties Association, the Canadian Constitution Foundation, the International Civil Liberties Monitoring Group, Leadnow, Ligue des droits et libertés, OpenMedia, and the Privacy and Access Council of Canada. All of the leaders of research and discussion of our civil liberties, all such major organizations in Canada, were quite alarmed by the bill in many ways and wrote an open letter to the minister that outlined a number of things.

In essence, they said the bill would grant the government sweeping new powers, not only over vast swathes of the Canadian economy, but also in intruding on the private lives of Canadians. To sum it up, and I think they said really quite well, “with great power must come great accountability.” There is great power in the bill, but the accountability side is lacking.

Before I go on to detail some of their concerns, I do want to outline what some other countries are doing. If we look at the U.S. and the EU, they have established similar bills in the past year or so. The EU actually has greater and more significant fines in many ways, and the U.S. provides more prescriptive and strict reporting mechanisms, such as, if a U.S. critical infrastructure company has a ransomware attack, the legislation outlines the company must report it to the government within 24 hours.

That actually might be something we may want to consider for the bill. If we are going to go there, we might as well have it in line with our American allies and make it tight. I do think that a reporting mechanism is one of the most important parts of this bill.

I want to go back to the civil liberties issue. With the government's track record on Internet regulation bills, such as Bill C-11 and others, a lot of people have their backs up about their personal freedoms online and their data, rightfully so. The civil liberties associations are raising some of the concerns that have not been assuaged thus far by the government or the Minister of Public Safety.

In the open letter, they mention that this, “Opens the door to new surveillance obligations”, which is quite concerning. In their view, and this has not been proven, “Bill C-26 empowers the government to secretly order telecom providers ‘to do anything or refrain from doing anything’”, as I mentioned. They believe that, if there was an abuse of this extreme power, it could be utilized by a government with ill intent, not to say that is the Liberal government's intent, but it could be utilized to survey Canadian citizens. It is quite concerning.

They go on in that realm to outline that the powers in this bill allow the administrative industry to terminate who telecoms work for, for example. They believe that could also be applied to individual citizens. They are looking at this and thinking, if a government wanted to punish a group of people, it could call up Telus, and this is very blunt and not overly academic in the way I am explaining it, to direct Telus it cannot do business with these people, cut off their access to the Internet and cut off their cell phones.

It is an extreme worst-case scenario, but it is worth flagging that there may be a bit of a backdoor in this bill that would allow that, should an evil government ever come along that is looking to abuse the civil liberties of Canadians. I would like to see that addressed and have safeguards put in place to prevent that type of abuse, should it ever happen in an extreme circumstance.

They also talk about how it “Undermines privacy” and that there are “No guardrails to constraint abuse”. Again, I think this is an area where opposition parties, in particular, and hopefully government members on the committee, can come together to ensure that there is an ombudsman put in place or an oversight body. We need something where the rights of companies, and more importantly of citizens, are protected from the abuses I have outlined, and there are many others.

There were also a lot of concerns from the Business Council of Canada. It wrote an open letter to the minister on behalf of large companies, and also small and medium-sized enterprises. In essence, what we are seeing is the red tape is extremely high, so we are worried that will impact our small and medium enterprises.

The business community, in general, has said that it seems that this bill, to sum it up bluntly, is all stick and no carrot. It is all hard-hitting. It is going to be super hard on us, and we better comply. I can hopefully go into more details about that in the question part of this debate, but there is no incentive structure built in.

There is no incentive to have companies share best practices with each other. I think the government should be a leader in encouraging the open sharing of best practices and experiences that protect the confidentiality of companies but allow them to share information, so other companies can be better equipped, and we can all work together as one big happy, cyber-secure family.

The Conservative Party of Canada is, first and foremost, concerned about national security and ensuring the federal government takes that leadership role in ensuring that Canada, as a whole, is secure against any possible threat, every eventuality, as the Minister of National Defence likes to say.

We are seeing serious gaps in our military. We can have stronger alliances in our Five Eyes intelligence sharing and other agreements. Certainly, that involves cybersecurity. Canada is vulnerable, like many countries in the world. In fact, most countries are dealing with these problems. The Conservative Party of Canada wants to see a more robust framework to incentivize and enforce reporting mechanisms to ensure our cybersecurity is protected, and to make sure there is not a ransomware attack on our pipelines in the middle of winter, which could kill thousands of Canadians from the cold, for example.

We will be looking to support this bill in going to committee, but I want to make it very clear that, if the issues in this bill, and I have outlined a few of them concerning privacy and impacts to business, are not addressed, the Conservative Party is ready to pull its support immediately and put up a very strong defence to stop this bill from going beyond committee. I want to make that very clear to the minister and the Liberal government.

We will get this to committee to hear from experts because we believe that is important, but it must be fixed. There are serious issues that need to be addressed and amendments that need to be made. I would ask Liberal members on the committee to get to work with us, so we can make this bill what it needs to be and make it better to ensure cybersecurity is protected in Canada today and for years to come.

Mr. Speaker, I thank my colleague from Winnipeg North for his remarks.

Indeed, I think such a bill was urgently needed. I commend the government's leadership and congratulate it on having understood the errors in Bill C-11 and making some improvements.

I met with the Minister of Innovation, Science and Industry in January, when it was time to think about developing this bill. I emphasized the importance of the Quebec legislation and of ensuring its primacy. I thank him for listening to me and for the respect evident in Bill C-27.

With respect to the urgent need to take action, Europe is putting a lot of pressure on us. Indeed, Europe has set guidelines and is currently threatening to withdraw its confidence in our artificial intelligence systems in Canada, particularly in the banking sector. It was necessary to act; better late than never.

I hope the principle will be adopted quickly, but more importantly, I hope that the committee work will be thorough and that the experts will be heard. This will be more than welcome.

Mr. Speaker, I am pleased to speak to this bill after my colleague from Rivière‑des‑Mille‑Îles, whom I would like to congratulate. I am also pleased to be following my colleague from Trois‑Rivières, an ethics expert who enlightened us on the potential impact of this bill and the dangers involved.

Unfortunately, very few people are interested in this type of bill, and yet, in the digital age, we cannot afford not to regulate the use of personal information. We cannot deny the fact that the digital shift has exploded in Quebec and elsewhere over the last decade, and it has greatly changed our lifestyles.

It is impressive to see which path companies have chosen during the pandemic, and I think it is a timely discussion to have today. However, I would like to draw attention to the new part of the bill that deals with artificial intelligence. I think it deserves serious consideration.

Part 3 of the bill raises many questions, and opinions from experts in the field of artificial intelligence are mixed. The use of artificial intelligence is a rapidly growing field that risks expanding beyond our control and jurisdiction if we do not begin to regulate the practice and define certain concepts.

Recent developments in AI in general and deep learning in particular have led to the creation of autonomous intelligent agents, which are essentially robots capable of deciding what to do without third-party intervention. These agents' autonomy raises new questions about civil liability, so we have to think about criminal provisions that would apply if someone were put in a dangerous situation, for example.

How should we approach this, and what legal status are we granting them? What legislative framework is the best fit for these autonomous agents?

At this point, we think some important definitions are missing. The law clerks who are examining the bill's provisions from a legal standpoint told us that again today. What is a high-risk intelligence system? What is a high-impact system?

The algorithms produced in applications that use artificial intelligence enable artificial beings to create goods or services or to generate predictions or results. If we compare them to human beings and use the existing framework, how will we interpret the notions of independence and unpredictability attributable to these artificial beings? The experts will help us understand all that.

Quite a few goods already exist that have a layer of artificial intelligence built into them, and 90% of those goods should not pose a problem. Experts at Meta have even said that this technology has reached its limits, because the data to train an algorithm is insufficient in quantity and lacks depth.

Let us get back to the main problem we have with Bill C‑27. Until the department clarifies its thinking on what constitutes a high-impact system, it will be difficult to assess the scope of part 3. Let us assume that everything can be considered high risk. This would mean that many companies would be accountable. If we had greater accountability, the Googles of this world might be the only ones that could risk using artificial intelligence.

The bill does not need to cover everything a machine can do for us or everything software can do once it is developed and generates predictions and results like a calculator.

If we compare it to the European legislation, we note that the latter is currently targeting employment discrimination systems, systems that would determine whether or not a permit to study there can be granted. That is essentially the limit of what the machine can do in our place.

Although the law in this document concerning artificial intelligence is far from being exhaustive, I believe it is important that we start somewhere. By starting here, with a framework, we can lay the groundwork for a more comprehensive law.

My speech this evening will help my colleagues better understand what needs to be clarified as soon as possible so we can have an important discussion about how to regulate the applications that use artificial intelligence and how to process these systems' data.

First, we will have to implement regulations for international and interprovincial exchanges for artificial intelligence systems by establishing Canada-wide requirements for the design, development and use of AI systems. Next, we must prohibit certain uses of AI that may adversely affect individuals.

The legislation is very clear on many other aspects, including on the fact that there would be a requirement to name a person responsible for artificial intelligence within organizations that use this technology. The responsibilities are fairly extensive.

In addition to the artificial intelligence and data act, which is in part 3, Bill C‑27 also includes, in part 1, the consumer privacy protection act, as well as the amendments to the former legislation. Part 2 of the bill enacts the personal information and data protection tribunal act, while part 4 includes the coming into force provisions of the bill.

As my colleagues explained, the other sections of the bill contain a lot of useful elements, such as the creation of a tribunal and penalties. One of the acts enacted by Bill C‑27 establishes a tribunal to process complaints under litigation when it comes to the use of private data. In case of non-compliance, the legislation provides for heavy penalties of up to 3% of a multinational's gross global revenue. There are provisions that are more in favour of citizens when a company misuses digital data.

Yes, this bill does have its weaknesses. I believe those weaknesses can be addressed in committee, but they may require the introduction of new legislative measures. Public services, however, are not covered by this bill. Data in the public sector requires a greater degree of protection; this bill covers only the private sector. Take, for example, CERB fraud and the CRA. In 2020, hackers fraudulently claimed $2,000 monthly payments and altered the direct deposit information for nearly 13,000 accounts.

The government can do more to tackle fraud. Unfortunately, this bill offers no relief or recourse to those whose information has already been compromised. There are digital records of nearly every important detail about our lives—financial, medical and education information, for example—all of which are easy targets for those who want to take advantage. It has been this way for a while, and it is only going to get worse when quantum computers arrive in the very near future.

This means that we must find and develop better means of online identity verification. We must have more rigorous methods, whether we are changing our requirements for passwords, for biometrics or for voice recognition.

Recently, at the sectoral committee, we heard about how easy it is for fraudsters to call telecommunication centres and pass themselves off as someone else to access their information. We must improve identity verification methods, and we must find a way to help those who are already victims of fraud. We must do so by amending Bill C-27 or introducing an additional legislative measure.

Since this is a fairly complex bill, it will be referred to the Standing Committee on Industry and Technology, where we will have the opportunity to hear from experts in the field. At this step, I would like to recognize the leadership of the Minister of Innovation, Science and Industry and his team. We have been reassured by the answers we have received.

Since Quebec already has data protection legislation—Bill 64, which became law 25—we want to understand when the federal act will apply and whether the changes we requested to Bill C-11, introduced in the previous Parliament, were incorporated into this bill. I want to say that we are satisfied with the answers we have received so far.

We will do our due diligence because this bill includes a number of amendments. Obviously, the devil is in the details. During the technical briefings held by the department since Bill C-27 was published, we asked how much time businesses would have to adjust their ways of doing things and comply with the legislation.

We expect that there will be a significant transition period between the time when Bill C-27 is passed and when it comes into force. Since the bill provides for a lot more penalties, the government will likely hold consultations and hearings to get input from stakeholders.

In closing, I would like to say that I have just come back from Tokyo, where I accompanied the Minister of Innovation, Science and Industry to the Global Partnership on Artificial Intelligence Summit, where Quebec and France took the lead. The first summit was held in 2020. I would like to list some important values that were mentioned at this summit that deserve consideration and action: responsible development, ethics, the fight against misinformation and propaganda, trust, education, control, consent, transparency, portability, interoperability, strict enforcement and accountability. These are all values that must accompany open data and ecosystems.

Madam Speaker, I acknowledge that I am standing today, as any day that I am on Parliament Hill, on the Algonquin land of the Anishinabe peoples. I say a large meegwetch to them.

I am speaking today, as we all are, to Bill C-27, which is really three bills in one. My other parliamentary colleagues have already canvassed the bare outline of this, in that we are looking at three bills: an act to create a consumer privacy protection act; a personal information and data protection tribunal act, which largely replaces some of what there was already in PIPEDA in the past; and a brand new artificial intelligence and data act.

I want to start with the artificial intelligence and data act because it is the part with which all of us are least familiar. Much of what we see in this bill was previously before Parliament in last session's Bill C-11. There is a lot to dig into and understand here.

As I was reading through the whole concept of what kinds of harms are done by artificial intelligence, I found myself thinking back to a novel that came out in 1949. The kind of technology described in George Orwell's book, famously called 1984, was unthinkable then. The dystopian visions of great writers like George Orwell or Margaret Atwood are hard to imagine. I will never forget the scene in the opening of The Handmaid's Tale, where a woman goes into a store and her debit card is taken from her. At that moment, we did not have debit cards. Margaret Atwood had to describe this futuristic concept of a piece of plastic that gave us access to our banks without using cash. No one had heard of it then.

There are words from George Orwell, written in 1949, about the ways in which artificial intelligence and new technologies could really cause harm in a dystopian sense. In 1984, he writes, “It was terribly dangerous to let your thoughts wander when you were in any public place or within range of a telescreen. The smallest thing could give you away.”

More recently, there is the song by The Police and written by Sting and others. I will never forget that once I went to a session on rights to privacy being under assault and a British jurist brought with him for his opening of the speech, “Every breath you take, And every move you make, Every bond you break, Every step you take, I'll be watching you.”

We live in a time when artificial intelligence can be enormously invasive of our privacy with things like visual recognition systems, as the hon. member for Selkirk—Interlake—Eastman was just speaking to. These are things that, for someone like me born in 1954, are all rather new, but they are new for people born in 1990 too. It is very new technology and bringing in legislation to control it is equally new and challenging for us as parliamentarians. The whole notion that we are going to be able to spot the ways in which artificial intelligence can affect our democracy is something that will take time.

We talk about harms from this kind of technology, from capturing algorithms, from invading our spaces. We do not have to look any farther than the way Cambridge Analytica was used by the Brexit forces in the U.K. to harness a public outrage against something based on a pile of disinformation, by targeting individuals and collecting their data. That kind of Cambridge Analytica concern also gets into part 1 and part 2 of this bill. We really do need to figure out how to control the digital tech giants harvesting our information.

As an example used earlier today in debate, there is the idea that big digital giants and large corporations can profit from data without the consent of Canadians who may have put a family photo on social media, never knowing that their privacy has been invaded and their personal information and photos have been used for profit without their permission. In this sense, I am going to flag that in the context of the artificial intelligence and data act, I hope we will be taking the time necessary to hear witnesses specifically on this.

We have developed a pattern in recent years, which is to say the last decade or so, of having three or four witnesses appear on panels. All of us in this place know that committees are trying to hear from a lot of people and receive a lot of evidence. It will do us a disservice in our dive into the artificial intelligence and data act if we combine panels of people who are experts on PIPEDA and people who are experts on other aspects of this bill, with panels on artificial intelligence and data.

The committees that study this bill will control their own process. Committees are the masters of their own process, but I would urge the government, the Liberal legislative managers of this piece of legislation, Bill C-27, to follow the lead of the Speaker's ruling earlier today. If we are going to vote on the artificial intelligence act as a separate piece when we come to vote, we could at least make an effort to ensure that the concentrated effort of committee members and hearing witness testimony is not diluted through several different pieces of legislation and panels with three or four witnesses.

Members' questions will inevitably and invariably go to one or two. In this format of panels and pushing witnesses through quickly, we lose a lot of content. Compared with when I worked in government back in the 1980s, which I know seems like the dark ages and no one in this room was on committees in those days, committees would hear from a witness who could speak for 15 minutes and then we would have the rest of an hour to ask that one witness questions. Now that we are into something as complicated as this area, I would urge the committee to give it that kind of attention or to ask the government to send part 3, the artificial intelligence and data act, to a different committee, so that the study can be thorough and we can educate ourselves as to the unintended consequences that will inevitably occur if we go too fast.

Turning to the parts of the bill that deal with privacy, I want to put on the record again a question that was raised just moments ago about whether privacy legislation should apply to political parties in Canada. At the moment, it does not. Political parties are exempted from the kinds of privacy protections that other organizations, NGOs and corporations must use to protect the privacy information of their customers, consumers and citizens.

The Green Party of Canada believes it is essential that political parties be added to the list of organizations that have an obligation to protect the privacy of Canadians.

I will say quickly that I tend to agree with the first analysis of one of the NGOs that are very concerned with privacy information. OpenMedia, in an article by Brian Stewart, says very clearly that this legislation could actually make things worse for some privacy protections. They give the efforts of Bill C-27's consumer privacy protection act and its personal information and data protection tribunal act a grade of D. In other words, it passes but just barely. There will be many witnesses.

I can certainly confirm that, as a Green Party member of Parliament in this place, I will be bringing amendments forward, assuming this bill gets through second reading, which I think we can assume, and ends up at committee.

In the time remaining, I want to emphasize that Canada is aware that privacy is a fundamental human right. It is part of the UN declaration on the rights of individuals. I echo some of the sentiments from the hon. member for Selkirk—Interlake—Eastman in asking why we are looking at consumer privacy. Maybe we should change that word to Canadians' rights and privacy.

I also agree with many members who have spoken today about the problems of subclause 18(3) and the number of exemptions along with the question of what is a “legitimate” reason that people's privacy can be invaded. That should be further clarified. I find “a reasonable person would expect the collection or use for such an activity” to be fine, but the exemptions seem overly broad.

If I dive into anything else I will go over my allotted time.

This is important legislation. We must protect the privacy of Canadians. I think we will call on all parties in this place to set aside partisanship and make an honest effort to review it. That is not to delay it but to make an honest effort to review the bill before it leaves this place.

I am now prepared to rule on the point of order raised on November 22, 2022, by the member for New Westminster—Burnaby concerning the application of Standing Order 69.1 to Bill C-27, an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act and to make consequential and related amendments to other acts.

The member for New Westminster—Burnaby stated that there is a clear link between the first two parts of Bill C‑27, which respectively enact the consumer privacy protection act and the personal information and data protection tribunal act. He further noted that these elements were both part of the previous Bill C-11, which was introduced in the House during the 43rd Parliament.

However, the member argued that part 3, which enacts the artificial intelligence and data act, should be considered separately, because it does not directly concern privacy protection or the analysis, circulation and exchange of personal information. Accordingly, he asked the Chair to divide Bill C‑27 for the purposes of voting, as Standing Order 69.1 permits.

The official opposition House leader concurred. He added that, outside of clause 39 of the bill, which mentions the new consumer privacy protection act in the definition of the term “personal information”, part 3 of Bill C-27 does not refer to parts 1 or 2. Furthermore, the member for South Shore—St. Margarets stated that parts 1 and 2 of Bill C-27 deal with privacy protection, which has nothing to do with the subject of part 3, the regulation of the new industry of artificial intelligence.

On November 23, the parliamentary secretary to the government House Leader pointed out that privacy protection is the common theme that links every part of Bill C-27. In his view, the bill’s three parts constitute a framework for protecting the privacy of Canadians from the risks posed by artificial intelligence systems. He argued that dividing the bill would prevent members from considering all the risks and impacts that new artificial intelligence technologies may create for the security of personal information. He also noted that privacy laws do not adequately protect the public from new artificial intelligence systems and that, as a result, Bill C-27 should be considered as a whole.

Standing Order 69.1 gives the Chair the authority to divide the questions, for the purposes of voting, on the motions for second or third reading of a bill. The objective here is not to divide the bill for consideration purposes, but to enable the House to decide questions that are not closely related separately.

The Chair has carefully reviewed the provisions of Bill C‑27 and taken into account members' statements on the issue of dividing it for voting purposes. The Chair agrees that the bill's three parts are connected by a broad theme, namely, the use and protection of personal information. While parts 1 and 2 of the bill are closely related, this is not true of part 3.

The Chair is of the view that, given the lack of cross-references between part 3 and the preceding parts of the bill, with the sole exception being one reference to the new consumer privacy protection act—which serves to propose a common definition of the term “personal information”—dividing the bill for voting at second reading is justified.

In his intervention, the parliamentary secretary to the government House leader emphasized the common theme that links the three acts enacted by Bill C-27. In a decision on a similar matter, delivered on March 1, 2018, which can be found at pages 17550 to 17552 of the Debates, Speaker Regan said the following, at page 17551:

…the question the Chair must ask itself is whether the purpose of the standing order was to deal only with matters that were obviously unrelated or whether it was to provide members with the opportunity to pronounce themselves on specific initiatives when a bill contains a variety of different measures.

In the absence of a clear link between the three parts of Bill C-27, other than the theme of privacy protection, the Chair is willing to divide the question. Accordingly, two votes will take place at the second reading stage for Bill C-27. The first will be on parts 1 and 2, including the schedule to clause 2. The second will deal with part 3 of the bill. The Chair will remind members of this division before the voting begins.

If any part of this bill is negatived, the Chair will order the bill reprinted for reconsideration at committee.

I thank the hon. members for their attention.

Madam Speaker, for the average citizen in the digital age, we have entered uncertain times. To almost everyone, at face value, the convenience of our time is remarkable. Access to any piece of information is available at our fingertips. Any item imaginable can seamlessly be ordered and delivered to our doors. Many government services can be processed online instead of in person. Canadians have taken these conveniences for granted for many years now.

The pandemic accelerated our ascent, or descent, depending on who you ask, into the digital age. The inability to leave our homes and the necessity to maintain some rhythm of everyday life played a significant part in that, but around the world, we saw governments taking advantage of the plight of their citizens. Public health was used as a catalyst for implementing methods of tracking and control, and social media platforms, which have been putting a friendly face on exploiting our likes, dislikes and movements for years, continue to develop and implement that technology with little input or say from their millions of users.

Canadians no longer can be sure that their personal information will not be outed, or doxed, to the public if doing so would achieve some certain political objective. We saw that unfold earlier this year with the users of the GiveSendGo platform.

The long-term ramifications of our relationship with the digital economy is something Canadians are beginning to understand. They are now alert to the fact that organizations, companies and government departments operating in Canada today do not face notable consequences for breaking our privacy laws. As lawmakers, it is our responsibility to ensure that Canadians’ privacy is protected and that this protection continues to evolve as threats to our information and anonymity as consumers unrelentingly expands both within and beyond our borders.

That brings me to the bill we are discussing today, Bill C-27. It is another attempt to introduce a digital charter after the previous iteration of the bill, Bill C-11, died on the Order Paper in the last Parliament. My colleagues and I believe that striking the right balance is at the core of the debate on this bill. On the one hand, it seeks to update privacy laws and regulations that have not been modernized since the year 2000 and implemented in 2005. It would be hard to describe the scale of expansion in the digital world over the last 22-year period in a mere 20-minute speech. It is therefore appropriate that a bill in any form, particularly one as long-awaited as Bill C-27, is considered by Parliament to fill the privacy gaps we see in Canada’s modern-day digital economy.

Parliament must also balance the need for modernization of privacy protection with the imperative that our small and medium-sized businesses remain competitive. Many of these businesses sustain themselves through the hard work of two or three employees, or perhaps even just a sole proprietor. We must be sensitive to their concerns, as Canada improves its image as a friendly destination for technology, data and innovation. This is especially true as our economic growth continues to recover from the damaging impact of pandemic lockdowns, crippling taxes that continue to rise and ever-increasing red tape.

That extra layer of red tape may very well be the catalyst for many small businesses to close their operations. No one in the House would like to see a further consolidation of Canadians’ purchasing power in big players such as Amazon and Walmart, which have the infrastructure already in place for these new privacy requirements.

In a digital age, Canadians expect businesses to operate online and invest a certain amount of trust in the receiving end of a transaction to protect their personal information. They expect that it will be used only in ways that are necessary for a transaction to be completed, and nothing more.

In exchange for convenience and expediency, consumers have been willing to compromise their anonymity to a degree, but they expect their government and businesses to match this free flow of information with appropriate safeguards. This is why Bill C-27, and every other bill similar to it, must be carefully scrutinized.

As many of my colleagues have already indicated, this is a large and complex bill, and we believe that its individual components are too important for them to be considered as one part of an omnibus bill.

There are three—

Madam Speaker, I commend my colleague. I sat with her on the Standing Committee on Access to Information, Privacy and Ethics for a few months.

We had concerns about privacy. Several recommendations were made, and that is why Bill C‑11 became Bill C‑27. I acknowledge that the bill has been improved. That being said, I wonder about two things.

First, in 2022, I do not think it is right that banking institutions are taking the lead on showing us how important it is to protect privacy. Second, this bill is important, but I would like to know if we should refer it to a committee to study it properly because it is really two bills in one. The first is on artificial intelligence, and the second is on privacy protection. What does the member think?

Madam Speaker, I will be sharing my time with the member for York Centre.

I am pleased to rise in the House today to speak to the digital charter implementation act, 2022, in particular the aspect on the consumer privacy protection act. If I have time, I will also discuss the artificial intelligence and data act.

I am very proud to speak to these two pieces of legislation that introduce a regime that seeks to not only support the technological transformation, but also help Canadians safely navigate this new digital world with confidence. These past few years, Canadians have witnessed these technological shifts take place. They have taken advantage of new technologies like never before. In 2021, more than 72.5% of Canadians used e-commerce services, a trend that is expected to grow to 77.6% by 2025.

According to TECHNATION, a 10% increase in digitalization can create close to a 1% drop in the unemployment rate. What is more, every 1% increase in digitalization can add $8.7 billion to Canada's GDP. In order to take advantage of those major benefits for our economy, we must ensure that consumers continue to have confidence in the digital marketplace.

Technology is clearly an intrinsic part of our lives, and Canadians have growing expectations regarding the digital economy. It is absolutely essential that the Government of Canada be able to meet those expectations.

With this bill, the government is putting forward a regime that gives Canadians the protection they deserve. First, as stated in the preamble of the digital charter implementation act, 2022, Canada recognizes the importance of protecting Canadians' privacy rights. Similarly, the 2022 consumer privacy protection act also provides important protections for Canadians.

That said, our government has listened to the input of various stakeholders, and we have made changes to improve this bill. I was on the committee in the last Parliament, and there was a lot of discussion about the previous bill, Bill C‑11. I am very pleased to be able to speak to Bill C-27, so that we can get all that work done in this Parliament.

One of the most important changes we have made is enhancing protection for minors. Some stakeholders felt that the previous legislation did not go far enough to protect children's privacy. I agree. Consequently, the bill was amended to define minors' information as sensitive by default. This means that organizations subject to the law will have to adhere to higher standards of protection for that information. The legislation also provides minors with a more direct route to delete their personal information. This will make it easier for them to manage their online reputation. I think this is a really important change, because we know that young people are very aware and very capable of using all types of digital platforms, but at the same time, we need to make sure that they are able to protect their reputation.

In addition to protections for minors, we also made changes to the concept of de-identification of personal information. According to many stakeholders, the definitions in the old bill were confusing. We recognize that having well-defined terms helps ensure compliance with the act and provides more effective protection of consumers' information. In that regard, I understand that, because we are talking about new technologies and an evolving industry, it is important for all members to share their expertise, since that will help us develop a better piece of legislation.

The difference, then, between anonymous information and de-identified information needs to be clarified because, clearly, if information is de-identified but an organization or company is able to reidentify it, that does not serve the purpose of having anonymous information.

Data-based innovation offers many benefits for Canadians. These changes contribute to appropriate safeguards to prevent unauthorized reidentification of this information, while offering greater flexibility in the use of de-identified information.

The new law also maintains the emphasis on controlling the use of their personal information by individuals. That remains a foundation of the law, namely that individuals must be able to fully understand the purpose for which information will be used and consent to that purpose in the most important circumstances.

However, the modern economy must also have flexible tools to accommodate situations that are beneficial but that may not require consent if the organization respects certain limits and takes steps to protect individuals.

The approach advocated here continues to be based on the concept of individual control, but proposes a new exception to consent to resolve these gaps as a tool for safeguarding privacy. The new provisions propose a general exception to cover situations in which organizations could use personal information without obtaining consent, provided that they can justify their legitimate interest in its use for circumstances in which the individual expects the information to be used.

In addition, to prevent abuse, the exception is subject to a requirement that the organization mitigate the risk. For example, digital mapping applications that take photos of every street and that we use to view them, particularly to help with navigation, are widely accepted as being beneficial. However, obtaining individual consent from every resident of the city is impossible.

I believe that everyone in the House will agree that it is hard to imagine how we managed before we had access to those navigation applications. Last evening, I had a visit with a family member in Ottawa and was very happy to have my mapping application to find my destination.

The presence of an exception, combined with a mitigation requirement, therefore allows individuals to take advantage of a beneficial service while safeguarding personal information. The example shows another key aspect for building trust and transparency. Digital mapping technology presents a certain level of transparency. The vehicles equipped with cameras can be seen on our streets and the results can also be seen posted and available online.

However, there are some technologies or aspects thereof that are more difficult to see and understand. That is why the bill continues granting individuals the right to ask organizations for an explanation regarding any prediction, recommendation or decision made in their regard by an automated decision-making system.

What is more, these explanations must be provided in plain language that the individual can understand. These provisions also support the proposed new artificial intelligence act. However, I do not think that I have time to get into that, so I will end there.

Madam Speaker, I applaud the minister for bringing the issue forward to Parliament. Again, I want to exercise some caution that the first two pieces of the legislation are much easier to deal with, because at least there was some discussion on those with Bill C-11. It is a bit different in this one, and the tribunal is an issue, but I am open to looking at it. I just have concerns about that. However, the artificial intelligence part of it is critical. I am glad it is in front of us, but it is going to require much more extensive debate and care, and that is why it should be entirely separate.

We in the NDP have proposed a fairly reasonable compromise, and the Speaker will rule on it. The proposed compromise is that there would be a separate vote for that particular part of the bill. The reason is that perhaps the first two parts could lead to a decision that might be different from the decision on the last part, just to ensure that we get enough testimony and time in committee for it.

I am looking forward to all perspectives in the House on this. It is time for us to look at that. It is a reasonable position, and I am glad it is in front of us. I do not like the way it is in front of us, but we will deal with that.

Madam Speaker, I am happy to start this week by speaking to Bill C-27. It is quite an extensive bill at over 140 pages in length. It would amend several acts and the most consequential are three of them in particular, as it is an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act and to make consequential and related amendments to other acts.

I should start by saying that this is really three pieces of legislation that have been bundled up into one. As New Democrats, we have called for different voting for the third and final part of this act.

The first two parts of the act, concerning the consumer privacy protection act and the personal information and data protection tribunal act, do have enough common themes running through them to be put together into one piece of legislation. I still think, for these issues, that they would have been better as two separate pieces of legislation because one of them is brand new and the first one, the consumer privacy protection act, is the former Bill C-11, which was highly controversial in the previous Parliament.

When we had an unnecessary election called by the Prime Minister, that bill died, along with all of the work from Parliament, which was not concluded, despite extensive lobbying and consultation going, particularly, through the ethics committee at that time. This has now been bundled with some other legislation to go through the industry committee, which is fine.

The personal information and data protection tribunal act is a new component of this legislation. I have some concerns about that element of it, but it does have a common theme, which is worthwhile, and at least it has the potential to be put together and bundled. Although, again, it is extensive, it is a bundling that we can accept.

We have called for a Speaker's ruling with regard to the artificial intelligence and data act, as this is brand new legislation as well, but it does not have the same connections as the previous two pieces, which are bundled together, in the way that one could could argue for them. We want a separate vote on the second part of this because the legislation would be studied at committee together.

There will be a high degree of interest in this legislation, since Bill C-11 had that in the past. The new bill changes position from Bill C-11 significantly, and I expect that this in itself will garner a lot of chatter, as well as review and interest, from a number of organizations, many of whom we have already heard from as of now.

The other part, with the tribunal, would be another important aspect, because it is a divergence from our traditional way of enforcement and creates another bureaucratic arm. Again, I would like to see more on this, and I am open to considering the idea, but it is certainly different from our traditional private right of law for dispute settlements about data breaches and other types of corporate malfeasance, that actually have to deal with the types of laws that are necessary to bring compliance among people.

This goes to the heart of, really, where a political party resides in their expectations of companies and their use of data, information and algorithms. For New Democrats, we fall very much in line with something I have tabled before, several years ago, which is a digital bill of rights, so that one's personal rights online are consistent with that of our physical rights, where one is expected to be properly treated in a physical world and in the digital format world. That includes one's right to privacy, right to the expectation of proper behaviour conducted toward oneself and right to not be abused. It also includes significant penalties to those who do those abuses, especially when we are looking at the corporate world.

Where this legislation really becomes highly complicated is the emergence of artificial intelligence, which has taken place over the last decade and will be significantly ramped up in the years to come. That is why the European Union and others have advanced on this, as well as the United States.

Our concern is that this bill tries to split both worlds. We all know that the industries of Google and other web giants have conducted significant lobbying efforts over the last number of years. In fact, they have tripled their efforts since this administration has come into place and have had a direct line of correspondence about their lobbying, which is fine to some degree, but the expectation among people that it would be balanced does not seem to be being met.

I want to bring into the discussion the impact on people before I get into the technical aspects of the bill, as well as the data breaches that remind us of the need for protection among our citizens and other companies as well. One of the things that is often forgotten is other SMEs, and others can be compromised quite significantly from this, so protecting people individually is just as important for our economy, especially when we have the emergence of new industries. If they are behaviours that are hampered, manipulated or streamed, they can become significant issues.

I want to remind people that some of the data breaches we have had with Yahoo, Marriott, the Desjardins group and Facebook, among others, have demonstrated significant differences in the regulatory system between Canada and the United States and how they treat their victims. A good example is a settlement in the U.S. from 2009 with the Equifax data breach, where Equifax agreed to pay $700 million to settle lawsuits over the breach in agreement with the U.S. authorities, and that included $425 million in monetary relief to consumers. We have not had the same type of treatment here in Canada.

This is similar to the work I have done in the past with the auto industry and the fact that our Competition Bureau and our reimbursement systems are not up to date. We have been treated basically as a colony by many of the industries when it comes to consumer and retail accountability.

We can look at the example of Toyota and the data software issue, where the car pedal was blamed for the cars going out of control. It turned out this was not the case. It was actually a data issue. In the U.S., this resulted in hundreds of millions of dollars of investment into safety procedures. We received zero for that. Also, consumers received better treatment, where their vehicles were towed back to different dealerships to be fixed. In Canada, consumers did not receive any of that.

The same could be said with Volkswagen, another situation that took place with emissions. Not only did we not receive compensation similar to that of the United States, we actually imported a lot of the used Volkswagen vehicles from Europe. However, that was of our own accord and time frame when those vehicles were being sunsetted in those countries because of emissions.

In the case of Facebook, the U.S. Federal Trade Commission was able to impose a $5-billion fine for the company's violation, while the Privacy Commissioner's office was forced to take the company to federal court here in Canada. One of the things I would like to point out is that our Privacy Commissioner has stood up for the needs of Canadians, and one of the concerns with this bill would be the erosion of the Privacy Commissioner's capabilities in dealing with these bills and legislation.

The Privacy Commissioner has made some significant points on how to amend the bill and actually balance it, but they have not all been taken into account. One of the strong points we will be looking to is to see whether there are necessary amendments from our Privacy Commissioner on this.

One of the big distinctions between Canada and the United States, which is to our benefit and to Canada's credit, is the office of the Privacy Commissioner. Where we do not have some of the teeth necessary for dealing with these companies, we do have the independent Privacy Commissioner, who is able to investigate and follow through at least with bringing things to a formal process in the legal system. It is very labourious and difficult, but at the same time, it is independent, which is one of the strengths of the system we have.

If the government proceeds, we will see the bill go to committee, which we are agreeing to do. However, we do want to see separate voting. Before I get into more of the bill, I will explain that we want to see separate voting because we really distinguish that this is inappropriate. The artificial intelligence act is the first time we have even dealt with this topic in the House of Commons, and it should be done differently.

We will be looking for amendments for this, and big corporate data privacy breaches are becoming quite an issue. Some of these privacy breaches get highly complicated to deal with. There have been cases with cybersecurity and even extortion. The University of Calgary is one that was well noted, and there have been others.

We need some of these things brought together. The bill does include some important fixes that we have been calling for, such as stronger enforcement of privacy rights, tough new fines, transparency in corporate decisions made by algorithms.

I have pointed out a lot of the concerns that we have about the bill going forward because of its serious nature. However, we are glad this is happening, albeit with the caveat that we feel the bill should be separate legislation. The minister does deserve credit for bringing the bill forward for debate in the House of Commons.

Bill C-11 should have been passed in the last Parliament, but here we are again dealing with it. The new tribunal is the concern that we have. It could actually weaken existing content rules, and we will study and look at the new tribunal.

The tribunal itself is going to be interesting because it would be an appointment process. There is always a concern when we have a government appointment process. There is a concern that there could be complications setting up the tribunal, such as who gets to go there, what their background is, what their profession is and whether there will be enough support.

One of the things that gives me trouble is that the CRTC, for example, takes so long to make a decision. It is so labourious to go through and it has not always acted, most recently, in the best interest of Canadians when it comes to consumer protection and individual rights. It gives me concern that having another tribunal to act as a referee instead of the court system could delay things.

Some testimony has been provided already, some analysis, that suggests the tribunal might end up with lawsuits anyway, so we could potentially be back to square one after that. The time duration, funding, the ability to investigate and all these different things are very good issues to look at to find out whether we will have the proper supports for a new measure being brought in.

Another government resource for this is key. At the end of the day, if it is a tribunal system that is not supportive of protecting Canadians' privacy and rights, then we will weaken the entire legislation. That is a big concern because that would be outside Parliament. The way that some of the amendments are written, it could be coming through more regulatory means and less parliamentary oversight.

Who is going to be on the tribunal? How will it be consistent? How will it be regulated? I would point to the minister providing the CRTC with a mandate letter, which is supposed to emphasize the public policy direction it should be going. In my assessment, the CRTC, over the last number of years, has not taken the consumer protection steps that New Democrats would like to see.

When it comes to modernizing this law, we do know that this will be important to address because there are issues regarding the data ownership, which is really at the heart of some of the challenges we face. There is algorithmic abuse and also areas related to compensation, enforcement, data ownership and control, and a number of things that are necessary to ensure the protection of people.

We can look at an area where I have done a fair amount of work related to my riding, which is automobile production. There has been the production of the car and the value there, but there will also be the data collection. The use of that data collection can actually influence not only one's individual behaviour, but also that of society. That is a significant economic resource for some of these companies.

It is one of the reasons I have tabled an update to my bill on the right to repair. The right to repair is a person's ability to have their vehicle fixed at an auto shop of their choice in the aftermarket. The OEMs, the original manufacturers, have at times resisted this. There have been examples. Tesla, for example, is not even part of what is called the voluntary agreement, but we still do not have an update with regard to the use of data and how one actually goes about the process of fixing the vehicle.

It also creates issues related to ownership of the vehicle, as well as insurance and liability. These could become highly complicated issues related to the use of data and the rules around it. If these types of things are not clear with regard to the process of rights for people, expectations by those who are using the data, and protection for people, then it could create a real, significant issue, not only for individuals but for our economy.

Therefore, dealing with this issue in the bill is paramount. A lot of this has come about by looking at what the GDPR, the general data protection regulation, did in European law. Europe was one of the first jurisdictions to bring forth this type of an issue, and it has provided an adequate level of protection, which is one of the things Europe stands by with regard to protection of privacy. There have been some on the side over here in North America who have pushed back against the GDPR, and even though this landmark legislation has created a path forward, there still is a need for transparency and to understand what the monetary penalties for abuse are going to be, which are also very important in terms of what we expect in the legislation.

Erosion of content rights is one of the things we are worried about in this bill. Under Bill C-27 individuals would have significantly diminished control over the collection, use and disclosure of their personal data, even less than in Bill C-11. The new consent provisions ask the public to install an exemplary amount of trust to businesses to keep them accountable, as the bill's exceptions to content allow organizations to conduct many types of activities without any knowledge of the individuals. The flexibility under Bill C-27 allows organizations to state the scope not only of legitimate interests but also of what is reasonable, necessary and socially beneficial, thus modelling their practices in a way that maximizes the value derived from the personal information.

What we have there is that the actors are setting some of the rules. That is one of the clearer things that we need through the discussion that would take place at committee, but also from the testimony that we will hear, because if we are letting those who use and manage the data make the decision about what consent is and how it is used, then it is going to create a system that could really lead to abuse.

There is also the issue or danger of de-identification. Witnesses, artificial intelligence and people being able to scrub much of their data when they want and how they want is one of the things we are concerned about. There is not enough acknowledgement of the risk that is available in this. That includes for young people. We believe this bill is a bit lopsided towards the business sector at the moment, and we want to propose amendments that would lead to better protection of individual rights and ensure informed consent as to what people want to do with their data and how they want it to be exercised as a benefit to them and their family, versus people being accidentally or wilfully brought into exposure they have not consented to.

As I wrap up, I just want to say that we have a number of different issues with this bill. Again, we believe there should be a separate vote for the second part of this bill, being the third piece of it. It is very ambitious legislation. It is as large as the budget bill. That should say enough with regard to the type of content we have. I thank the members who have debated this bill already. It is going to be interesting to get all perspectives. I look forward to the work that comes at committee. It will be one that requires extensive consultation with Canadians.

Mr. Speaker, I rise today on a point of order regarding government Bill C-27, an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act and to make consequential and related amendments to other acts.

Standing Order 69.1 states the following:

(1) In the case where a government bill seeks to repeal, amend or enact more than one act, and where there is not a common element connecting the various provisions or where unrelated matters are linked, the Speaker shall have the power to divide the questions, for the purposes of voting, on the motion for second reading and reference to a committee and the motion for third reading and passage of the bill. The Speaker shall have the power to combine clauses of the bill thematically and to put the aforementioned questions on each of these groups of clauses separately, provided that there will be a single debate at each stage.

You will find that, in the case of Bill C-27, the bill enacts three new laws and amends several other existing laws.

Bill C-27 enacts the consumer privacy protection act and the personal information and data protection tribunal act.

These two acts were at the core of the former Bill C-11 in the 43rd Parliament, a bill that was introduced in November 2020 and died on the Order Paper a year later, without ever having been voted on at second reading.

Here is the purpose of part 1 of Bill C-27, as described in the text of the bill:

The purpose of this Act is to establish — in an era in which data is constantly flowing across borders and geographical boundaries and significant economic activity relies on the analysis, circulation and exchange of personal information — rules to govern the protection of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

Part 2 of the bill sets up the personal information and data protection tribunal, which would have jurisdiction with respect to appeals made under different sections of the consumer privacy protection act. The link between part 1 and part 2 of Bill C-27 is clear, and I am not putting it into question in this appeal at all.

Where we have an issue, however, is with the third part of the bill.

Bill C‑27 also enacts the artificial intelligence and data act, which was not part of Bill C‑11, the previous version of this bill.

The purpose of part 3 of Bill C‑27, which enacts the artificial intelligence and data act, is as follows:

The purposes of this Act are:

(a) to regulate international and interprovincial trade and commerce in artificial intelligence systems by establishing common requirements, applicable across Canada, for the design, development and use of those systems; and

(b) to prohibit certain conduct in relation to artificial intelligence systems that may result in serious harm to individuals or harm to their interests.

During his second reading speech on Bill C‑27, the Minister of Innovation, Science and Industry said that the new artificial intelligence act would “set a foundation for regulating the design, development, deployment and operations of AI systems”.

The development of artificial intelligence systems in the past decade has led to profound changes in the way we do things. Regulating AI systems is something we believe must be done. However, it seems odd to add these regulations to a bill that has to do with privacy protection and with the analysis, circulation and exchange of personal information. Artificial intelligence is its own beast in a way, and it should be studied and treated separately.

In a ruling by Speaker Regan on March 1, 2018, he said the following.

The principle or principles contained in a bill must not be confused with the field it concerns. To frame the concept of principle in that way would prevent the division of most bills, because they each apply to a specific field.

The House leader of the Bloc Québécois and member for La Prairie will remember this, since it is from page 400 of Parliamentary Procedure in Québec.

The Speaker continued as follows:

While their procedure for dividing bills is quite different from ours, the idea of distinguishing the principles of a bill from its field has stayed with me. While each bill is different and so too each case, I believe that Standing Order 69.1 can indeed be applied to a bill where all of the initiatives relate to a specific policy area, if those initiatives are sufficiently distinct to warrant a separate decision of the House.

We find ourselves in a similar situation here. While some of the measures in Bill C-27 relate to digital technology, part 1 and part 2 have nothing in common with part 3.

Therefore, it would certainly be appropriate to divide this bill for the vote. The Speaker has that authority, and that would make it possible for members to thoroughly study this legislative measure and better represent their constituents by voting separately on these bills, which are quite different from one another.

Mr. Speaker, I would like to begin by giving a shout out to my constituents in Trois-Rivières, whom I will be visiting all next week in my riding.

When I talk to people on the street, privacy is a topic that comes up a lot. They know that I sit on the Standing Committee on Access to Information, Privacy and Ethics, and privacy comes up often. People tell me that it is important, that we must do our best to rise to the challenge. Today, we have the opportunity to debate that very subject.

Society is a human construct. It is a reflection of how we organize our lives together. It reflects our vision of the world, the role of a citizen, the role of the state. In a democratic society where elected officials are chosen by the people to represent them, our laws must reflect our desires and the desires of our fellow citizens, as well as the way in which their visions can be realized. In other words, a society and its laws are eminently cultural constructs.

When we compare the legislation passed in the House of Commons with that of the Quebec National Assembly, the difference is striking. Ottawa tends to emphasize the enforcement mechanism, whereas in Quebec, the emphasis is on the legislator's intent. Ottawa wants to arbitrate, while Quebec wants to prescribe and guide.

When it comes to privacy, this is especially true in the digital age: the difference is dramatic.

At one end of the spectrum, so to speak, is the United States. In the United States, laws are primarily intended to arbitrate disputes rather than to shape how the digital economy operates. Laws are based on the good faith of the players and on voluntary codes. As one might imagine, this has its limits. Ultimately, if someone is wronged, they can get redress through the common law.

At the other end of the spectrum is the European Union. The legislation there prescribes clear obligations. I am referring to the General Data Protection Regulation, better known by the acronym GDPR.

In between is Canada, a hybrid creature whose intentions on privacy oscillate between the European and American extremes. This may seem like an academic debate, but there are practical implications that bring us to Bill C-27.

When it comes to privacy, European law is the most prescriptive in the world. It is based on a clear principle, namely that our personal information belongs to us and us alone, and no one can use it or benefit from it without our free, informed and explicit consent.

Once the government set out that principle or objective, it then provided a mechanism for achieving it. That mechanism is the GDPR. The GDPR is becoming the standard to follow when it comes to privacy, because it is the legal standard with the clearest objectives and the most binding application. Simply put, the GDPR does a good job of protecting privacy. That is one reason why it is the standard we should be emulating; the other is that the EU is projecting its standard-making power beyond its borders.

In order to protect the personal information of European citizens, the European Union will soon prohibit European businesses from sharing this information with foreign businesses that do not offer comparable protection. This does not affect us yet, but next year, the EU will be reviewing Canada's laws to see if they offer sufficient protection.

The existing legislation on personal electronic information protection dates back to 2000. That was 22 years ago. We were in the dinosaur era, the pre-digital era, an era we barely remember now. Also, it is far from clear whether Canada passes the comparable protection test required under the GDPR.

Information exchanges between Canadian businesses and their European partners could become more complicated. This is particularly true in areas that deal with more sensitive information, such as the financial sector. It is therefore absolutely necessary to redraft the Personal Information Protection and Electronic Documents Act, which is completely outdated. It has not kept pace with technological change and the data economy, where we are both the consumer and the product. It has not kept pace with the legal environment, where Canada is a dinosaur compared to Europe, as I was just saying.

Nevertheless, my colleagues will have figured out that the Bloc Québécois is in favour of the principle of Bill C‑27. Nevertheless, I would like to make a general comment about Bill C‑27. For some reason, the government has put into one bill two laws with completely different objectives. The bill would enact the consumer privacy protection act and also the artificial intelligence and data act. Although there is a logical link between these two acts, they could be stand-alone bills. Their objectives are different, their logic is different and they could be studied separately.

I have a suggestion for the government. It should split Bill C‑27 into two bills. We could create what I would call the traditional Bill C‑27, which would deal with personal information and the tribunal. Then, what I would call Bill C‑27 B would address artificial intelligence. As I was saying, there are logical reasons for that, but there are also practical reasons. Let me be frank and say that the artificial intelligence act being proposed is more of a draft than a law. The government has a clear idea about the mechanism for applying it, but, clearly, it has not yet wrapped its head around the objectives to be achieved and the requirements to be codified.

The mechanism is there, the bureaucratic framework is there, but the requirements to be complied with are not. Apart from a few generalities, the law relies essentially on self-regulation and the good faith of the industry. I have often faced these situations, and I can say that the industry's good faith is not the first thing I would count on.

Apart from a few generalities, this relies on good faith, but that is not a good way to protect rights. I am not convinced that this bill should be passed as written; I think it needs to be amended. Bill C‑27 probably deserves the same fate that Bill C‑11, its predecessor, encountered in the last Parliament. The government introduced it, debate got under way, criticism was fierce, and the government let it die on the Order Paper so it could keep working on it and come back with a better version. I think that is exactly what should happen to the artificial intelligence act.

The government has launched a healthy discussion, but this is not a finished product. If we decide that the government needs to keep working on it and come back with a new version, we will also be delaying the modernization of privacy and personal information legislation. Given the European legislation, which I talked about earlier, that is not what the government wants to do. That is why I would cordially advise the government to split Bill C‑27.

I am going to focus primarily on personal information protection because that is the part of Bill C‑27 that is ready to go and has the most practical applications. As I said before, Bill C‑27 is an improved version of Bill C‑11, which was introduced in the fall of 2020.

However, Bill C-27 still does not establish privacy as a fundamental right. Bill C-11 was strong on mechanics, but weak on protection. The principles were also weak and consent was unclear. It was tough on large corporations and much less so on small businesses. When it comes to privacy, however, it is the sensitivity of the data that should dictate the level of protection, not the size of the company.

A new start-up that develops an app that aggregates all of our banking data, for example, may have only two employees, but it still possesses and handles extraordinarily sensitive information that must be protected as much as possible. I cannot help but think of the ArriveCAN app, which was developed by just a few people but has a large impact on the data that is stored.

Finally, Bill C-11 did not provide for any harmonization with provincial legislation, such as Quebec's privacy legislation. The Bloc Québécois was quite insistent on that. A Quebec company subject to Quebec law would also have been subject to federal law as soon as the data left Quebec. It would have been subject to two laws that do not say the same thing and have two different rationales. This would mean duplication and uncertainty. It was quite a mess. Passing Bill C-11 would have diminished, in Quebec at least, the legal clarity that is needed to ensure that personal information is protected.

Here is what Daniel Therrien, the then privacy commissioner, told the Standing Committee on Access to Information, Privacy and Ethics, of which I am honoured to be a member. He said, and I quote, “I believe that C-11 represents a step back overall from our current law and needs significant changes if confidence in the digital economy is to be restored.”

He proposed a series of amendments that would make major changes to the bill. I want to commend the government here. It listened to the criticism. It is rare for this government to listen, but it did so in this case. It buried Bill C-11. We never debated it again in the House and it died on the Order Paper. It reappeared only after being improved.

Bill C-27 shows more respect for the various jurisdictions and avoids the legal mess I was talking about earlier.

Our personal information is private and it belongs to us. However, property and civil rights fall exclusively under provincial jurisdiction under subsection 92(13) of the Constitution of 1867.

What is more, privacy basically falls under provincial jurisdiction. That is particularly important in the case of Quebec, where our civil law tradition leads us to pass laws that are much more prescriptive.

Last spring, Quebec's National Assembly passed Bill 25, an in-depth reform of Quebec's privacy legislation. Our law, largely inspired by European laws, given that we share a legal tradition, is the most advanced in North America. As we speak, it is clear that Quebec has exceeded the European requirements and that our companies are protected from any hiccups in data circulation.

Our principles are clear: Our personal information belongs to us. It does not belong to the party who collected it or the party who stores it. The implication is clear. No one can dispose of, use, disclose or resell our personal information without our free, informed and express consent. Bill C-11 challenged this legal clarity but Bill C-27, at the very least, corrects that.

Under clause 122(2) of Bill C‑27, the government may, by order, “if satisfied that legislation of a province that is substantially similar to this Act applies to an organization, a class of organizations, an activity or a class of activities, exempt the organization, activity or class from the application of this Act in respect of the collection, use or disclosure of personal information that occurs within that province;”.

In other words, if Quebec's legislation is superior, then Quebec's legislation will apply in Quebec.

When I met with the minister's office earlier this week, I asked for some clarification just in case. Will a Quebec business be fully exempt from Bill C‑27, even if the information leaves Quebec? The answer is yes. Will it be exempt for all of its activities? The answer is yes.

There is still some grey area, though. I am thinking about businesses outside Quebec that collect personal information in Quebec. In Europe, it is clear. It is the citizen's place of residence that determines the applicable legislation. The same is true under Quebec's legislation.

It is not as clear in Bill C‑27. Since the bill relies on the general regulation powers for trade and commerce as granted by the Constitution, it focuses more on overseeing the industry than on protecting citizens. That is the sort of thing we will have to examine and fix in committee. I look forward to Bill C‑27 being studied in committee so we can debate the substance of the bill.

I have to say that I sense the openness and good faith of the government. In that regard, I would like to tell the member for Kingston and the Islands to take note that, for once, I feel he is working in good faith.

Bill C‑27 will have a much greater impact outside Quebec than within it, because it is better drafted than Bill C-11. That is not the only aspect that was improved. The fundamental principles of the bill are clearer. Consent is more clearly stated. The more sensitive data must be handled in a more rigorous manner, no matter the size of the entity holding them. That is also more clear.

If the principles are clear, the act will better stand the test of time and adjust to the evolving technologies without becoming meaningless.

We will support it at second reading after a serious debate, but without unnecessary delays. However, we believe and insist that the real work must be done in committee. Bill C-27 is complex. Good principles do not necessarily make good laws. Before we can judge whether Bill C-27 is indeed a good law, we will need to hear from witnesses from all walks of life.

When it comes to privacy, it only takes one tiny flaw to bring down the whole structure. This requires attention to detail and surgical precision. The stakes are high and involve the most intimate part of our lives: our privacy.

For a long time, all we had to do to maintain our privacy was buy curtains. That is how it used to be. It kept us safe from swindlers. Then organizations started collecting data for their records. Bankers collected financial information, the government collected tax information and doctors collected medical records. This sensitive information had to be protected, but it was fairly simple, since it was written on paper.

Today, we live in a different world. Whereas personal information used to be a prerequisite for another activity, such as caring for a patient or getting a loan from a bank, it has become the core business of many companies. Information has become the core business of many companies, which are also large companies.

Computerization enables the storage and processing of astronomical volumes of data, also known as big data. Networking that data on the Internet increases the amount of available data exponentially and circulates it around the globe constantly, sometimes in perpetuity, unfortunately.

For many corporations, including web giants, personal data is crucial to the business model. Citizen-consumers are now the product they are marketing. To quote Daniel Therrien once again, we are now in the era of surveillance capitalism. Speaking of which, The Great Hack on Netflix is worth seeing. This is troubling.

Furthermore, for our youngest citizens, the virtual world and the real world have merged. Their lives are an open book on Instagram, Facebook and TikTok. They think they are communicating with the people who matter to them, but they are in fact feeding the databases that transform them into a marketable, marketed product. We absolutely have to protect them. We need to give them back control over their personal information, which is why it is so important to amend and modernize our laws.

I would like to close my speech with an appeal to the government. Bill C‑27 does a lot, but there are also many things it does not do, or does not do properly. Consent is all well and good, but what happens when our data is compromised, when it has been stolen, when it is in the hands of criminals? These people operate outside the law and therefore are not governed by the law. All the consent-related protocols we can think of go out the window. To avoid fraud and identity theft, we will have to clarify the measures to be taken to ensure that anyone requesting a transaction is who they say they are. This really is a new dynamic. In that respect, we are somewhat in the dark, even though, curiously, this is a growing problem.

There is another gap to fill. Bill C‑27 provides a framework for the handling of personal information in the private sector, but not in the public sector. The government is still governed by the same old legislation, which dates back to the pre-digital era. The legislation is outdated, as we saw with the fraud related to the Canada emergency response benefit. The controls are also outdated. I therefore call on the government to get to work and to do so quickly. We will collaborate.

Finally, there is another thing the government needs to work on and fast. We addressed this issue in committee when we were looking at the geolocation of data. Bill C‑27 indicates what we need to do with personal data, nominative data. However, with artificial intelligence and cross-tabulation of data, it is possible to recreate an individual based on anonymous information. As no personal information was collected at the outset, Bill C‑27 is ineffective in these cases. However, we started by recreating the profile of a person with all their personal information. It is not science fiction. It is already happening. Nevertheless, this is missing from Bill C‑27, both in the part on information and the part on artificial intelligence.

I am not bringing this up as a way of opposing Bill C‑27. As I said, we will support it. However, we have to be aware of the fact that it is incomplete. As legislators, we still have some work to do. The time has come to treat privacy as a fundamental right.

Mr. Speaker, once again, I am disappointed. I guess the Liberals and NDP do not really care about privacy rights for children, which we are talking about today. This is fundamental to the bill.

The minister did a lot of hard work putting this bill together and there have been a lot of consultations. This is the second iteration. Bill C-11 died only because there was an election called. Now we have Bill C-27, which is very serious. It talks about the rights of our children and Canadians that have been trampled on. I gave a lot of different examples where we just have not gotten it right in protecting children.

I am surprised that the NDP also does not seem to think that privacy is a fundamental right and something that we should protect. The Conservatives will certainly protect it. We are the only ones speaking about it today.

Mr. Speaker, 34 years ago, the Supreme Court said that “privacy is at the heart of liberty in a modern state”. In the words of Justice Gérard La Forest of the Supreme Court of Canada in 1988, it is worthy of an individual and “it is worthy of constitutional protection”. All Canadians are worthy of having their privacy respected.

It is our duty as parliamentarians to do our best to protect Canadians' privacy rights, especially as we struggle so much for it today.

Bill C-27, formerly Bill C-11, is designed to update Canada’s federal private sector privacy law, the Personal Information Protection and Electronics Documents Act, or PIPEDA, to create a new tribunal and to propose new rules for artificial intelligence systems. It is a reworking of Bill C-11, and it has three components: the consumer privacy protection act; the personal information and data protection tribunal act, creating a new tribunal; and the artificial intelligence and data act.

The bill applies to Canadians' private rights. It does not apply to CSIS, RCMP or CSE. That and other government-held data is governed by the Privacy Act. Privacy laws for Canadians have not been updated in 22 years, and Europe updated the General Data Protection Regulation in 2016.

When we last updated this act, 22 years ago, the member for South Shore—St. Margarets was turning 21 years old, and society was going through big changes. The world had just gotten past the Y2K scare. We were looking at what was going to happen to computers when the clock changed from 1999 to 2000. In certain areas, we did not know if the power would go out or what would happen.

People listened to music on CD Walkmans. Apple was over a year away from launching a cutting-edge new technology called the iPod. Less than 30% of Canadians actually owned a cellphone. The most popular cellphones were the Motorola Razr, which was a flip phone, and the Nokia brick phone, with texting that used the number pad and almost no web browsing capabilities. The most sophisticated app was called Snake. A fledgling Canadian telecommunications company was just starting, and it was called BlackBerry.

That is how long it has been since we updated our laws. Today, 22 years later, data collection is getting more sophisticated, and surveillance is more of the norm than the exception.

Apple Watch announced a few weeks ago that it can track and tell when a woman is ovulating. What is concerning, and we are going to talk a lot about data for good and data for wrong, is that this technology can tell if a woman skips a cycle, and then can identify if there has been a miscarriage or an abortion. This is very concerning.

Our Fitbits, our web history and our Apple phones can tell us how many steps we did in a day. Sometimes when we are in Parliament it is about 10, and if we are door knocking it is about 25,000. That does not sound important, but that information is also letting those regulators know where we have been, where we are going and where we live.

Facial recognition technology can identify a face like a fingerprint. Sometimes that is good. We have heard from law enforcement that it can be used for human trafficking. Sometimes that is wrong, when people are identified in a street and when people are identified with their names, their data and where they have been. Let us think of Minority Report, where everywhere someone goes, they are identified. It did not matter where they where going or where they had been. That is something that could happen with facial recognition technology.

Google and Amazon listen and collect our data in our bathrooms, living rooms, kitchens and cars. How many times have we been in conversations and Siri asks, “What was that?” Siri is always listening. Amazon is always listening. Speaking of cars, they are cellphones on wheels. When we connect to a rental car, and a lot of us rent cars, we see five or six other phones in the history. That car has downloaded all the data from our phone into that car. A lot of times, if we see that in the rental car, that car holds our information. It is very concerning.

There are many examples where it has hurt Canadians in the last several years. Two summers ago, Tim Hortons had a data breach, where every time someone rolled up the rim, it told Tim Hortons where they went afterwards, if they went home or where they were staying. It collected all that data, and it was a big problem.

In the ethics committee, we studied facial recognition technology. There was a company called Clearview AI, which took two billion images off the Internet, including a lot of ours, and just gave them to the police. There was no consent. The information just went and ended up in the hands of law enforcement.

There is Telus's “data for good”. During the pandemic, Telus collected our data. It knew where we went and if we went to the grocery store or the pharmacy, or if we stayed home. It just gave that to the government. It was called “data for good”. They called it de-identification. I am going to talk about how that hurt everyone later.

Lastly is doxing or using personal information to try to out people. GiveSendGo is a big one. It gave a U.S. company the information of people who donated to different causes or events. At one point, Google identified all those donors on a website showing exactly where they lived. Everyone's information, when they donated to a company, was identified and outed. That was terrible.

Surveillance has not just resulted in a wholesale destruction of privacy but a mental health crisis in children and youth as well. I am glad to hear the minister speak about children and youth because data has certainly affected them and continues to.

Canada’s federal government has repeatedly failed to take privacy seriously and construct a legal framework that protects the rights of Canadians in the digital age. This bill normalizes surveillance and treats privacy not as a fundamental human right and not even as a right to consumer protection. To make this point very clear, nowhere in the document for Bill C-27 does it state that privacy is a fundamental human right. However, this should be the crux of new legislation to update privacy laws, if not the outward premise, with the statement hammered from the preface until the end of Bill C-27 and following through the entire document. However, it is not there. It is nowhere and, therefore, holds no value.

This bill does not use that statement from the onset. It should be the pillar by which the bill is designed and led. Only a strong bill will ensure that Canadians' privacy rights are protected. Because of its omission, the bill is very weak, making it easier for industry players to be irresponsible with people's personal data. This is ironic as Canada has signed on to the UN Declaration of Human Rights and the International Covenant on Civil and Political Rights. That is where the bill starts and ends, with its failure to properly address privacy for Canadians.

Conservatives believe that Canadians’ digital privacy and data need to be properly protected. This protection must be a balance that ensures Canadians’ digital data is safe and that their information is properly protected and used only with their consent, while not being too onerous to be detrimental to private sector business. It is a balance.

Let us be clear. We need new privacy laws. In fact, it is essential to Canadians in this new digital era and to a growing digital future, but Bill C-27 needs massive rewrites and amendments to properly protect privacy, which should be a fundamental right of Canadians. The bill needs to be a balance between the fundamental right to privacy and privacy protection and the ability of business to responsibly collect and use data.

It also needs more nuance, but parts of this bill are far too vague. The definition of tyranny is the deliberate removal of nuance, so to create more equality or fairness on those privacy rights and to ensure businesses and AI use data for good, we need more nuance with more detail and more explanation, not less. There was a saying I used to love that my grandfather would say: “If you're going to do something, make sure you do it right or don't do it at all.”

Besides the omission of privacy rights as a fundamental right, the bill needs a massive rewrite. First, the bill doubles down on a flawed approach to privacy using a notice and consent model as its legal framework. The legal framework of Bill C-27 remains designed around a requirement that consent be obtained for the collection, use and disclosure of personal information, unless one of the listed exceptions to consent applies. Those exceptions are called “legitimate interest”.

What is scary about legitimate interest is that the businesses themselves will determine what legitimate interest means and what will be exempt. A quote on this from Canada’s leading privacy and data-governing expert, Teresa Scassa, says that this provision alone in the bill “trivializes the human and social value of privacy.” The legitimate interest provision allows Facebook, for instance, to build shadow profiles of individuals from information gathered from their contacts, even those with no Facebook access or accounts, without asking for their permission.

Have colleagues ever seen the “people you may know” feature on Facebook? Sometimes people turn up there, although one might not know where they had ever met and even though neither party is actually on Facebook. That is because Facebook builds profiles and shadow profiles from other members' contacts. Facebook has a feature that will suggest that one share their contacts: It will be great. People will give all their friends' information to Facebook: their emails, addresses and sometimes their private phone numbers. The U.S. found that information was turning up in Facebook. Here are a couple of examples. An attorney had a man recommended as a friend he might know who was a defence counsel on one of his cases, when they had only communicated though a work email. Another time, a man who donated sperm to a couple, secretly, had Facebook recommend their child as a person he should know, despite not having the couple, whom he once knew, on Facebook.

Legitimate interests needs more nuance. It needs to be more defined, or it is useless. Legitimate interests allow for too much interpretation. In other words, it allows something to be something unless it is not. It is far too broad.

Additionally, consent is listed as having to be “in plain language that an individual to whom the organization’s activities are directed would reasonably be expected to understand.” Bill C-27 makes it hard to determine what legitimate interests are, and that goes back to privacy as a Human Rights Commission complaint.

If we compare this section to the European Union's privacy law, the GDPR, which is, as the minister stated, the gold standard, the legitimate interest exemption is available unless there is an adverse effect on the individual that is not outweighed by the organization's legitimate interest, as opposed to the interest or fundamental freedom to the individual under the GDPR. If adverse effects on the individual can be data breaches, which are shocking and distressing to those impacted, and some courts have found that the ordinary stress and inconvenience of a data breach is not a compensable harm since it has been a routine part of life, probably for the last two years at least, then the legitimate interest exemption will be far too broad.

However, Bill C-27 would take something that was meant to be quite exceptional for consent in the European Union's privacy laws and make it a potentially more mainstream basis for the use of data without acknowledging consent. Why would it do this? It is because Bill C-27 places privacy on par with commercial interests in using personal data, something that would not happen if privacy was noted in the bill as a fundamental right for Canadians.

Additionally, we need to be wary of consent. As a mandatory, consent should be made easier. Has anyone ever looked at their iPhone when agreeing to consent and scrolled down? Has anyone actually read all that? Has anyone read Google's 38 pages of consent every time they sign up or use Google?

Consent is not easy. It is not simple, and certainly this proposed law would not make it any simpler. We need to be wary of consent, and we need to ensure that consent is consensual, both in language and intent, and that we all know exactly what we are signing up to do, to give and to receive.

There is another term I want to explain as well called “de-identification”. The bill talks a lot about de-identification, and its definition is that it “means to modify personal information so that an individual cannot be directly identified from it,” and then goes on to say “a risk of the individual being identified remains.” Therefore, an individual would lose all their information, but a risk of identifying an individual would remain.

Members will remember my Telus data for good example. Telus gave this information to the government during COVID, even though a risk of the individual being identified remained. It should be scrapped, and instead we should be using the word “anonymize”, which is also in the bill. This is what the GDPR does. In the bill, it “means to irreversibly and permanently modify personal information, in accordance with generally accepted best practices, to ensure that no individual can be identified from the information, whether directly or indirectly, by any means.”

I would ask members which one they would prefer. Would they like to be re-identified, as there is a possibility, or would they like no identification by any means?

Another major flaw in Bill C-27 is the creation of a bureaucratic tribunal instead of giving the Privacy Commissioner more bite. The creation of a tribunal is a time-waster, and the Privacy Commissioner should be allowed to levy fines. The Privacy Commissioner should be given more power and more bite. This is unclear because the EU, the U.K., New Zealand and Australia do not have tribunals that mediate their fines for privacy violations. Furthermore, it would no doubt cause those who have had their privacy violated to have to wait for years for the right of action.

I will put this straight. First we would have the Office of the Privacy Commissioner, or OPC, make a ruling. Then the government said that it would have a tribunal, which could then reverse the ruling of the Privacy Commissioner, and then we would have the Supreme Court, which would be allowed to rule on the tribunal's ruling. We would have a decision, another decision and a third decision, and each one of them could be countered.

Let me guess how long it would take. What do members think it would take? Would it take 48 hours or six months? Right now, the average is one year for the Privacy Commissioner, and we could add another year for the tribunal plus another year for appeals.

I ask this: Is it fair to have the average Canadian who has had their data breached, with their limited resources, have to go up against Facebook and Amazon and then spend three years in court? Does this protect fundamental privacy rights? Is this not just adding another layer of government that we certainly do not need?

The absence of rights-based language in the bill might tip the scale away from people in Canada, and the OPC and the tribunal weigh the privacy interest of people against the commercial interests of companies. Again, what does this come back to? Privacy was not listed as a fundamental right of Canadians.

Lastly, the AI portion of this bill is a complete rewrite. It needs to be split into its own bill.

I want to commend the minister for bringing this forward. He wants to be the first one in the land to bring this part of the bill forward, but to be honest, consultations only started in June. We have met with many individuals who certainly have not had any input into this deal, and although AI is there, there are many parts missing.

First of all, its findings conclude that there will be no independent and expert regulator for automated decision systems, nor does it have a shell of a framework for responsive artificial intelligence regulation and oversight. Instead, it says that the regulations will be determined at some future date and decisions will come from the Minister of Innovation, Science and Economic Development or a designated official.

Again, part of this includes a new tribunal and puts decisions where they should not be, onto the government, with enforcement and decision-making by the minister or the minister's designated ISED official. This would be political decisions on privacy. Does everyone feel comfortable that we are now shifting from a tribunal to the government?

This part of the bill will shift all of that to the government, to the minister or his designate. It reminds me of the proclamation, “I'm from the government, and I'm here to help.”

There is no mention of facial recognition technology, also, in this part of the bill, despite reports that have come from the ethics committee, the examples I gave from before on FRT. Certainly, that is worth more study.

There are some parts of the bill that have good aspects and certainly ones we can get behind, including the protection of children's privacy. As a father, I know it is so very important. Our children now have access to all kinds of different applications on their phones, iPads and Amazon Fires.

Our children are being listened to and they are being surveilled. There is no question that businesses are taking advantage of those children and that is something that we definitely need to talk about.

The attempt to regulate AI, though, as I have stated, needs major revisions. Without a proper privacy statement, it does not have a balanced purpose statement establishing that the purpose of the CPPA is to establish rules for governing the protection of personal information in a manner that balances the right to privacy and the need for organizations to collect, use or disclose personal information.

We should be shooting beyond the European Union's privacy act, shooting to be the world leader in the balance of ensuring privacy protection and that businesses and industries use data for good. In doing so, they would attract investment and technology, all the while protecting Canadians' fundamental right to privacy.

Canada needs privacy protection that builds trust in the digital economy, where Canadians can use new technologies for good while protecting them from the bad, profiling, surveillance and discrimination. The minister said that he wants to seize the moment, that we need leadership in a constantly changing world. Most importantly, the minister said that trust has never been more important.

If we do not get this right, and if we do not make sure that privacy is a fundamental human right, and declare that in the document and build the document around that right, we are doing two things: We are not prioritizing Canadians' privacy, as we are certainly not putting privacy at the forefront of the bill, and we are certainly not showing leadership in an ever-changing world.

As I noted at the onset, the technologies of 22 years ago have changed so significantly. The technologies now are changing more significantly. In the next 22 years, we are going to have technologies that are more embedded, not less, in our lives. We will have AI that do good.

One of the stakeholders that we met with actually talked about AI for good. They talked about embedding AI into the government's system of passports. That might actually mean that we could get passports within 48 hours. Could we imagine that? Could we imagine imbedding technology for good into a system that would allow Canadians to get the things that they need more often?

We love technology. We want to embrace it. We just want to make sure that, number one, privacy is protected. We want to make sure that we do the hard work of building frameworks alongside Canadians' fundamental human right to privacy and being protected in equal balance with the economy, democracy and the rule of law. This bill does not do that, not yet.

Let us work to make sure we come back with a bill that does that.

Mr. Speaker, it is a pleasure to see you in the big chair.

The answer to my hon. colleague's question is absolutely.

There are parents listening to us at home today. The greatest gift we could give children is to refer Bill C-27 to a committee so that the questions my colleague raised can be properly studied. What she said in her introduction is correct. There are three simple things behind Bill C‑27. First, we want to give individuals more control and power over their online information. Next, as a parent, I feel it is fundamental that there be better protection for our children in the digital age. Finally, it will regulate artificial intelligence so that it is used responsibly and serves the public.

I believe it is time to bring our 20-year-old legislation into the 21st century. That is a good thing, and it is what Canadians want. It may reassure my colleague to know that during the study of Bill C‑11, we listened to many experts and collected comments to ensure not only that we have a good law, but that we are among the best in the world and that we set an example on the international stage.

I am pleased to hear that, like me, my colleague thinks that the best gift we can give our young people before Christmas is to send Bill C‑27 to committee to get it passed as quickly as possible.

One recent concern that stands out in my mind is Canada Proud tweeting @ElonMusk, hours after he became the owner of Twitter, to ask about Bill C-11, which we know was the subject of significant disinformation in the last election.

What role do social media companies have in being responsible actors during and leading up to elections?

That sounds great.

I think the biggest criticism of Bill C-11 in the past has been its ability to stifle innovation as much as protect it. You said earlier to Mr. Bezan that privacy is not opposed to innovation and that we can have both. How do you think we can have both? What do you think is an appropriate balance of privacy and innovation?

Thank you very much, Mr. Chair.

Through you, and to echo the sentiments from the rest of our colleagues, it sounds like we have the right person in the role. Thank you very much for coming today.

I wanted to get a bit more into the old Bill C-11. Privacy is obviously a lot harder to protect these days, because it is digital. You mentioned looking at consent, proportionality and the GDPR. Is there anything else you've seen in your work as a law clerk on the assessment of the old Bill C-11, and how effective it is? Do you see that modelling the GDPR from Europe at this point?

Do you have more to comment on Bill C-11? I'm glad you brought that up, because it's certainly one that we seem to have gotten bogged down on. I'm wondering if you would share any perspectives on Bill C-11, the former one.

Thank you so much.

Mr. Therrien, I want to ask about exceptions for consent. Bill C-11 mentioned some exceptions for consent, and you mentioned telecommunication carriers. What other examples have you seen for exemptions for those looking for consent from Bill C-11?

Thank you, Mr. Chair.

Mr. Therrien, thank you. I'll join the rest of the committee in thanking you for your service, sir.

You made a great statement in the text of your remarkts that it is “neither realistic nor reasonable to ask individuals to consent to all possible uses of their data in today’s complex information economy”, and you specifically mentioned AI. You also said, “While disruptive technologies have undeniable benefits, they must not be permitted to disrupt the duty of a democratic government to maintain its capacity to protect the fundamental rights and values of its citizens.”

We're going to start with a case study just to kind of go through this. What I'd like to do is to try to relate this to changes that we need to make to Bill C-11, whenever it comes back to us. Yesterday you made a statement regarding mass surveillance of Canadians through the Tim Hortons app. Canadians who downloaded this popular app learned that their movements were being tracked every few minutes. You rightly pointed out that this kind of tracking can reveal to the company where people live, work and go to school, even where they may take medical appointments.

When it comes to Bill C-11, what changes do we need to see so that this doesn't happen further to Canadians?

Madam Speaker, I am very proud, as always, to rise in the House to speak for the incredible people of Timmins—James Bay.

We are here to talk about Bill C-11. We have to step back into the last Parliament where we had Bill C-10, which this is the update of, and what was then Bill C-11, which was supposed to be about addressing the long outstanding need to bring Canada's laws up to standard in dealing with the tech giants.

This Bill C-11 was the old Bill C-10, which should have been pretty straightforward. Who does not want Facebook to finally start paying tax? This is a company that made $117 billion in profit last year, up $31 billion in a single year, and it is not paying tax. That is what Bill C-10 was supposed to do, but then it was our modern Minister of Environment who was then the minister of heritage who turned it into a total political dumpster fire. It was so bad the Liberals had to call an election, just to get that thing off the table.

Now the Liberals have brought it back. At the time, then Bill C-11 was supposed to be the privacy bill, a pretty straightforward thing. However, that was another dumpster fire, because the Privacy Commissioner had to come out and say that the Liberal plan to update privacy rights would actually undermine basic Canadian privacy in the realm of digital technology. Particularly, the Privacy Commissioner found this American company, Clearview AI, broke Canadian law for their illegal use of images in facial recognition technology. In response, the Liberals were going to rewrite the rules so it would be easier for Clearview AI to break the law, rather than for the Privacy Commissioner to protect Canadians.

The Liberals had to call an election to erase all of that. Now the Liberals have been given, as they have so many times in the past, one more chance. The deus ex machina comes down and gives them a chance to do things all over again.

Now we are looking at this Bill C-11. I can say one thing about this Bill C-11 is that it fixed a lot of the problems with the previous dumpster fire, maybe by moving the minister, although God help the planet now that he is looking after the environment. That is just my own personal thoughts from having read his ridiculous environment plan today. What he was going to do for culture, he is now doing to our environment.

Having said that, I would say that there is a couple of key issues we need to be looking at. We need to be looking at the need for Canada's legislation to actually address the right of artists to get paid in the digital realm. For too long in Canada we sort of pat our artists on the head. We all talked about the favourite TV shows we had growing up. One of the Liberals was talking about the Polkaroo.

Arts policy should not be that we just pat our artists on the head. This is an industry. It is one of our greatest exports. We are not promoting arts as an export or promoting our artists to do the work they need to do. We saw from COVID the devastating impacts on Canada's arts industry, on theatre, on musicians and on the tech people, the highly skilled tech people who went over two years without working. We really need to address this. One of the areas where they have been so undermined is online.

Let us talk about Spotify. It is basically a criminal network in terms of robbing artists blind. The number of sales one needs to have on Spotify to pay a single bill is so ridiculous that no Canadian artist could meet it.

We have streaming services that are making record fortunes. Therefore, it is a reasonable proposition to say that they are making an enormous amount of profit and they have a market where they do not have any real competition, so some of that money, and this was always the Canadian compromise, needs to go back into the development of the arts so that we can continue to build the industry.

The one thing I have also come to realize is that what the digital realm gives us and what streaming services give us is the ability to compete with our arts internationally on a scale that we never had before, if we are actually investing. Let us not look at it in a parochial manner, like what was done with the old broadcasters, where it was one hour on prime time a week they had to have a Canadian show on. Let us actually invest so that we can do the foreign deals. Why is it I can watch an incredible detective show from Iceland on Netflix, yet people in Iceland are not seeing an incredible detective show from Canada?

This is what we need to be doing. This is a reasonable position to take. With the profits that Facebook and Google are making, they can pay into the system. That is simple. They have unprecedented market share.

I will go to the second point, which is dealing with the tech giants. It is something I worked on in 2018. Our all-party parliamentary committee came up with numerous recommendations. I have to speak as a recovering digital utopian because there was a time when I believed that when we let all these platforms come, if we stood back and did not put any regulations on them, they would create some kind of new market promised land, but what we saw was that those dudes from Silicon Valley who were making YouTube in their parents' garage morphed into an industrial power that is bigger than anything we have ever seen.

There is a term, “kill zone of innovation”, where these companies have become so rich, so powerful and have such unprecedented corporate strength that it dwarfs anything we have ever seen in the history of capitalism, companies like Facebook. When Facebook gets a $5-billion fine, it does not even blink. It does not bother it. When the Rohingya are launching 150-billion U.K. pound lawsuit for the mass murder caused because of the exploitation of Facebook's platform, we realize we are dealing with companies that are so much beyond that they do not believe that domestic law applies to them. There has to be some level of obligation. I have worked with international parliamentarians in London, and there were meetings in Washington, trying to see how we can address the unprecedented power.

There is one thing that changed fundamentally when we saw the growth of this power. There used to be a principle that the telecoms would always tell parliamentarians, which was that we should not be blamed for what is in the content because, as they say, the pipes are dumb. We just send out the content and people choose, but people do not choose the content on Facebook and YouTube because of the algorithms. It is the algorithms that make them culpable and responsible.

I refer everyone to Congresswoman Carolyn Maloney, who demanded Facebook explain how many of these stolen bot pages were driving misinformation during the convoy crisis here in Ottawa. Congresswoman Maloney wrote, “Facebook’s history of amplifying toxic content, extremism, and disinformation, including from Russia and other foreign actors” is well known. It is no wonder that some members on the Conservative backbench are so defensive about this bill. My God, this is their main source of news. What are they going to do if we start dealing with bot pages that they think is something that came down from the promised land?

As parliamentarians, we have an obligation to address bot accounts. We have an obligation to hold these companies to account. What does that mean? Number one, it is about algorithm accountability. I do not care what someone watches on Facebook or YouTube, that is their business, but if the algorithm is tweaked to show people what they would not otherwise see, Facebook is making decisions for them.

I would refer my colleagues to Tristan Harris, the great thinker on digital technology. He spoke to the committee in 2018 and said, “Technology is overwriting the limits of the human animal. We have a limited ability to hold a certain amount of information in our head at the same time. We have a limited ability to discern the truth. We rely on shortcuts” like thinking what that person says is true and what that person says is false. However, what he says about the algorithm is that the algorithm has seen two billion other people do the same thing, and it anticipates what they are going to do so it starts to show people content. What they have learned from the business model of Facebook and YouTube is that extremist content causes people to spend more time online. They are not watching cat videos. They are watching more and more extremist content. There is actually an effect on social interaction and on democracy. That is not part of this bill.

What the all-party committee recommended was that we needed to address the issue of algorithmic accountability and we needed to address the issue of the privacy rights of citizens to use online networks without being tracked by surveillance capitalism. With this bill, we need to ensure that these tech giants, which are making unprecedented amounts of money, actually put some money back into the system so that we can create an arts sector that can compete worldwide.

Like all of us, I have one of these with agreements on them and so forth.

Dr. Scassa, through the chair to you, I really appreciated your comments on understanding that the client consumer relationship when it comes to these devices has dramatically changed in terms of the volumes of information that we're dealing with, and also of how they've become a part of our daily lives.

Perhaps you could provide a written answer to this. What recommendations would you want to see us consider going forward in tabling something like C-11, or recommendations for this committee to provide on upcoming legislation?

Thank you, Mr. Chair, and thank you, Madam Clerk, for circulating the motion.

Mr. Chair, this is an incredibly important issue for Canadians. Since news broke prior to Christmas and over the course of the last couple of weeks, Canadians have become more aware of the situation. The purpose of calling this meeting, and the request that came from the opposition parties, is one of accountability.

Here's what we know, Mr. Chair, and I'm not going to take up too much time, because Conservatives are here to work: We're ready to work this morning. To that end, yesterday I notified the clerk, the chair and other parties, including the Liberal Party, of my intent to move this motion, which would call on Ms. Tam as well as a couple of ministers to appear before this committee today if in fact this motion is passed.

There are three things that we really need to focus on and to dig deeply into on this issue. Number one is the data collection contract that existed, whereby the Public Health Agency of Canada was collecting data without the knowledge of Canadians, effectively doing it in secret. We need to know what security measures were in place to protect the privacy rights of Canadians.

It has come to our attention, Mr. Chair, that over the course of the last week there has been confusing information between Public Health Canada and the Privacy Commissioner and his office concerning to what extent the Public Health Agency did contact the Privacy Commissioner to discuss how the safety and security and the privacy rights of Canadians were to be protected as a result of this information. It is critically important that we find answers to these questions.

The second issue we need to focus on, Mr. Chair, is the request for proposal that was initiated by the Public Health Agency to effectively continue this practice of collecting Canadians' data. The request for proposal was published on December 17, the day after Parliament adjourned for the winter break, and was scheduled to close on January 21 of this month, 10 days before Parliament is to return. I'll note that, curiously, just yesterday the request for proposal was amended to conclude on February 4. We have to find out why this occurred, Mr. Chair, and why this request for proposal was put out when there was no opportunity for parliamentary scrutiny.

It wasn't until this request for proposal was found that the Public Health Agency admitted they were tracking the cellphone data of 33 million Canadians. Canadians weren't aware of that, so we have to get to the bottom of that. That's why the study is so important.

Third, it's not just a matter of looking back but also of looking forward, Mr. Chair. This provides a perfect opportunity for this committee to call in privacy, security and surveillance experts from across Canada and around the world to talk about an important issue, and that is privacy and data protection in the digital age. I don't want to just look back. I don't want to just look at what caused this problem, who made these decisions, why it was done and what metrics they were trying and hoping to achieve as a result. I think we also have an opportunity, Mr. Chair, to look at privacy of data in the digital age and to make recommendations in this report.

As I said earlier, many Canadians have become concerned about this issue, and not just this issue, but a pattern of issues of government overreach, of government extension into the privacy rights of Canadians. We've seen it with StatsCan collecting the banking data of 500,000 Canadians without their knowledge. We saw the proposals in the last Parliament of Bill C-10 and BillC-11. If you start connecting the dots, Mr. Chair, it becomes increasingly concerning that government is seemingly using this pandemic as a means of and a cause for massive overreach into the privacy rights of Canadians.

As we are parliamentarians, it's incumbent upon us to make sure that we protect those rights and that there is proper scrutiny and oversight of not just the privacy rights but also the constitutional rights of Canadians, Mr. Chair.

I hope Mr. Fergus meant what he said the other night on Power Play when he was on CTV with Evan Solomon, which was that the Conservatives and the opposition parties are pushing on an open door here, and I hope that we can get right down to the study now and get to work on this very important and critical issue for Canadians.

Thank you, Mr. Chair.

In the RCMP documents on Project Wide Awake, they have a [Technical difficulty—Editor] their officers, “You have zero privacy anyway, get over it.” It suggests to me a disregard for the law. As well, the RCMP took the position that they weren't responsible for the fact that Clearview AI, as a private sector partner, broke the law. If they were using it, it wasn't their problem. You stated, “In our view, a government institution simply cannot collect personal information from a third party agent if that third party's collection was unlawful in the first place.” That would seem to me to be a pretty clear reading of what Canadian law should be, and yet they seem to think they weren't obligated.

We have this new law, Bill C-11, which is supposed to clarify the uses of technology, but Minister Bill Blair, when I asked him about this, said they were certainly looking to give the police tools to use. Are you concerned that Bill C-11 would allow the RCMP to ignore these basic principles of privacy law and would allow them to contract with third party operators like Clearview AI?

With respect to Bill C‑11, my understanding is that we cannot be against motherhood and apple pie, because steps need to be taken. Clearly, we, as legislators, should quickly put forward the reform. We see reports from other countries that have moved forward, and we are a little behind. What I understand is that, regardless of current events or partisanship, if we are concerned about fundamental rights, we should make this a priority.

There is also the issue of facial recognition, the data and images that are used. I am very concerned as an individual, but also as a legislator. When I'm asked about what we have done to properly protect people, I'm a little embarrassed.

Do you agree?

Thank you, Mr. Chair.

Mr. Therrien, let's continue in French. I have a few comments to start with.

First, I would like to thank you for your impartiality and to congratulate you on your role as commissioner. We need your input to do our work. I am very grateful for that.

I am also grateful for your co‑operation with our counterparts in other provinces, for going to see what is going on elsewhere and also for seeking to understand legislation in other countries.

In 2019, I did hear your request about fundamental reform. As a committee, we clearly had to adjust.

However, I am very concerned. Yes, [Technical difficulty—Editor] in the first part of the session, my motion had been clear that we need to stop checking people's social security numbers and make sure that we use other means to check identity. Many private companies are already doing this.

We didn't get to see Bill C‑11 go through, but how would that bill have contributed to your desire for reform? At the same time, how do you see the coming months, as your precious time is running out in the coming year?

Those are the first questions I want to ask you.

Would you not say that our fines are among the highest in the world? That would be a subsequent question I have for you.

More importantly, I would also like to ask you the following question. You've called for Bill C-11 to be grounded as a law in human rights. Should Parliament wish to amend it to do this, how can it best do so without infringing on provincial jurisdiction and the risk of constitutional challenges?

Thank you, Mr. Chair.

Thank you, Monsieur Therrien, for being with us once again today.

Some of my questions are with regard to the possible enactment of Bill C-11, which would significantly increase the power of your office in terms of the fines that you can recommend be levied and your ability to certify the data protection codes of practice of companies or organizations as compliant. I understand that you're concerned about a new panel that would in fact levy the fines you recommend and that would be appealable, but given that you have been calling for stronger enforcement laws for years, isn't Bill C-11 a positive step in that direction?

Madam Speaker, I would like to inform the House that I will be sharing my time with the chief whip of the official opposition in the House of Commons.

Let us be clear from the start. We have no problem with extending work hours at this time of the year, as in fact our standing orders provide.

However, we are extremely concerned about the motion introduced by the government and voted on a few moments ago, because we know that facilities are limited, given the current pandemic situation. A lot of technical efforts are being made and government officials have made generous offers to co-operate with us, and we greatly appreciate that. However, when we get to this time of year, there is a kind of bottleneck. That is why we have to strike a very fair and reasonable balance between extending the work hours in the House of Commons and keeping parliamentary committees running. That is where there is a disconnect with the motion put forward by the government.

I would remind members that the House of Commons is part of Parliament, and as its very name suggests, Parliament is a place for parley, in other words, for discussion. We in the official opposition discuss things with our counterparts on the government side and with the other opposition parties. I would never, ever go into the details of those discussions. However, one thing is certain and indisputable, that is, that we had honest, good-faith discussions with our counterparts and could not come to an agreement. That is the point.

As we saw, when my colleague, the chief whip of the official opposition, asked the Parliamentary Secretary to the Leader of the Government in the House of Commons a very specific question, that good man, whom I like and respect a great deal, was unable to give anything even remotely resembling the merest hint of an answer. As parliamentarians, we cannot give carte blanche in terms of which committees will survive this proposal and which will not.

It should be immediately obvious why we have some very serious concerns about the lack of clarity on the parliamentary committees. We need only look at this government's track record over the past few months in terms of parliamentary work.

However, it was funny to hear my Liberal colleague for Winnipeg North talk about everything being in limbo because of Conservative opposition members, that their tactic on a daily basis is to delay, delay, delay, and that there is a filibuster each and every step of the way on each and every bill. This is anything but true.

When we talk about filibustering, I think that the king of filibustering is the Liberal Party of Canada, especially in this session, and there is a record of that. I do not think that the member for Winnipeg North and his colleagues would be very proud of what they have done in committee.

Let us look at what the Liberals have been doing in parliamentary committees over the past few months. They were the ones who accused us earlier of filibustering, as in talking for hours and hours in order to waste time rather than get to the bottom of things.

We can look at the Standing Committee of Procedure and House Affairs where the Liberals had filibustered for 73 hours.

The Liberals filibustered for 73 hours, preventing the committee from doing its work. Why?

It is because we wanted to get to the bottom of things and allow witnesses to appear and explain why the government prorogued Parliament. The Liberals filibustered for 73 hours to prevent witnesses from testifying. Now they are the ones accusing us of being the bad guys holding up the works. It is ludicrous.

However, it does not end there.

We can look at the Standing Committee on Access to Information, Privacy and Ethics where the Liberals filibustered for 43 hours. Why? It was to block getting to the truth about the WE Charity scandal.

There is a common thread in all this, however. When we want to get accurate information on Liberal scandals, they filibuster. They are very unhappy about that and accuse us of wanting to delay parliamentary work, when we are just doing our job.

These are concrete examples, but it does not end there. At the Standing Committee on Finance, the Liberals filibustered for 35 hours, once again to prevent parliamentarians from getting to the bottom of the WE Charity scandal.

At the Standing Committee on National Defence, the Liberals filibustered for over 16 hours. The committee chair, who is a member of the government party, unilaterally suspended the meetings 23 times.

This is starting to really add up: 63 hours at one committee, 43 hours at another, 35 hours at a third, 16 hours at a fourth. I have not even mentioned the Standing Committee on Foreign Affairs and International Development, where the Liberals filibustered for 10 hours, between February and April, on the study we wanted to conduct on the COVAX facility, which was created by rich countries to provide poor countries with access to vaccines. Sadly, members will recall that Canada, a rich country, helped itself to the supply for poor countries because it did not have the vaccines that the Prime Minister had announced at his December dog and pony show. That is the reality.

I hear government members accusing us of being the bad guys and filibustering, when they are the ones who filibustered for 63 hours at one committee, 43 hours at another, 35 hours at the Standing Committee on Finance, 16 hours at the Standing Committee on National Defence, and 10 hours at the Standing Committee on Foreign Affairs.

In light of the Liberals' dismal parliamentary record, we feel it is perfectly valid to want to be sure of what is planned for the committees before we give the government carte blanche to extend the committee and House sittings. However, the government refuses to tell us its plans and instead demands a free hand. We think this is unacceptable.

I heard my colleague from Winnipeg North explaining the status of some bills, so we will take a look at that assessment.

He talked about Bill C-3, regarding judges, which is modelled on a bill originally introduced by the Hon. Rona Ambrose. We are very proud of that legislation, but the Liberal government used the strongest weapon in its arsenal to delay its passage or concurrence, namely prorogation.

Let us not forget that last summer, when the Liberal government was in a real jam over the WE scandal, the Standing Committee on Access to Information, Privacy and Ethics met day after day in July and again in August. The official opposition members strenuously challenged the government's moral authority, because it had adopted a despicable strategy for dealing with this scandal.

What did the government do when it was in trouble? It prorogued Parliament. This was the worst thing it could do to slow down the work of parliamentarians. Once Parliament is prorogued, everything goes back to square one. That is what happened with Bill C-3.

What about Bill C-11? I heard the member for Winnipeg North say how important this legislation is, and he is absolutely right. I even remember the member and Minister of Innovation, Science and Industry calling out the Conservatives on Twitter in February, accusing us of delaying Bill C-11 and saying that it was awful.

I quite like the member for Saint-Maurice—Champlain, who is the minister responsible. I have a lot of respect and regard for him, but when I saw that on Twitter, I found myself thinking that I had not seen Bill C-11 in a long time. When I checked, I saw that the last time the government had brought Bill C-11 forward in the House was on November 24, 2020. The bill then sat around for three months, through November, December, January and February, before the government brought it forward again. However, the government went after us in February, claiming that we were delaying it. That is completely absurd.

The member also mentioned Bill C-14, on the economic statement, since there was no budget. The government accused us and is still accusing us of filibustering it, when two-thirds of the official opposition members did not even speak on it.

I am proud to be the House Leader of the Official Opposition. Our caucus has 120 members who duly represent eight Canadian provinces and regions in the House of Commons. We are the only truly national party. I am very proud of the calibre of people I work with, and that is why, when they ask to speak, I am happy to add them to the political debate. However, it is utterly ludicrous to accuse us of filibustering when two-thirds of our caucus did not even speak.

That is why the motion, as currently presented, is unacceptable to us. We are ready and willing to work longer hours as long as the parliamentary work in the House of Commons can be done without compromising the work of the committees, but that is absolutely not the case with this motion.

Thank you, Mr. Chair.

I want to see this bill get moving along, as well. I was surprised that when we hit clause 3, proposed section 4.1, there was a Conservative Party amendment to it, and after the amendment failed, there was a move to remove section 4.1. There was no debate. There was no call for a recorded vote. We didn't deal with that section at that time, and we're stuck in this ongoing filibuster.

The minister has given an explanation. We should get through the rest of these amendments. There is a stage at report stage where section 4.1 can be added back in. If enough parliamentarians think that it's an important thing to have added, then that's what we should do.

I believe in freedom of speech as much as the next person, but I find that the whole system of algorithms with these private platforms doesn't really lend to freedom of speech at all. I get countless emails from constituents who say that there is no freedom of speech on Google, YouTube or Facebook, and that their comments are being blocked or that things are being blocked, so that's another issue we need to deal with.

We're dealing with private platforms that are censoring people, and determining what gets bumped up and what gets bumped down. It's mostly for commercial interests and advertising, and to inflame people, to weaponize our anger at each other. I think we need to look at this.

We're coming up to Bill C-11 where we're going to be talking about these things, but we should get this Broadcasting Act done. If there's an amendment at report stage to fix and bring back section 4.1, that would be the time to do it. Let's get the rest of the amendments through.

Mr. Speaker, Privacy Commissioner Daniel Therrien is raising serious alarm bells that Bill C-11 would undermine the fundamental privacy rights of Canadians. As a case in point, Clearview AI broke Canadian law when it took millions of photos of Canadians without their consent for its controversial facial recognition technology. The Privacy Commissioner is saying that Bill C-11 would actually protect the interests of companies like Clearview over the rights of Canadians.

Why are the Liberals using Bill C-11 to rewrite the privacy laws and stack the deck in favour of corporate outliers such as Clearview over protecting the rights of Canadian citizens?

Thank you, Mr. Chair.

Mr. Therrien, one thing I thought was really profound in your findings against Clearview AI was that you said it would essentially subject the citizens of this country to a perpetual police lineup.

What we're talking about is not dystopian science fiction. We should know, as citizens, that when our children go to the mall, they aren't being photographed and put into a database; that racialized citizens are not being targeted on the streets where they walk; and that the right to go into a public place is a public right and we should not be profiled, targeted or put into some form of database for collection.

The Clearview AI case was a really good opportunity for Canada to get this right, because it was so egregious. What you're telling us is that the laws were written, in a way, to protect these outlier companies, ignoring the growing awareness that's happening internationally.

With Bill C-11, if the government is refusing to make the necessary changes to put a human rights frame on the rights of privacy, and if it is going to insist on protecting the interests of corporations that may not have the best interests of our citizens at heart, would we be better off with the status quo than putting more weight on the side of companies and outliers like Clearview AI?

As I see it, Bill C-11, a pivotal piece of privacy legislation, is incomplete or ill-considered. We'll see. Quite a few deficiencies could have been avoided had you been involved in the legislative process from the outset. Wouldn't you say?

Thank you, Mr. Chair.

Thank you, Mr. Therrien, for your testimony this morning. It was quite informative.

What I'm drawing from it is that there's a constant need of striking a balance between individual human rights, public confidence and economic growth. It's going to be quite a difficult task, because technology is forever evolving and it's going at a very fast pace. In my opinion, a restudy is more than warranted as we do not know when we will get Bill C-11.

On the question of cross-border data, that's of interest to me because given the nature of cross-border data, as it flows, it adheres to international best practices and standards, which will be instrumental for ensuring Canadian competitiveness.

Is it correct to say—and I want to go back to that European notion you were talking about earlier—that the EU data protection regulation remains the international gold standard? How can Canada ensure equivalency with this regulation? That would be my first question.

Why is it in Canada's interests to retain the equivalency with the EU?

Thank you very much.

Mr. Therrien, when we first learned of the Clearview AI case, it seemed to be the worst possible scenario. Here we had this company that scraped millions of photos of Canadians without their consent—our kids' birthday parties, our backyard barbecues, us at work—and then created a database that they were selling to all manner of organizations.

They claim it was for police, but we know that individual police officers had it without oversight. We know that a billionaire, John Catsimatidis, used it to target his daughter's boyfriend. You launched an investigation. Clearview AI's attitude was “Too bad, so sad. You're just Canadians and we don't even feel obligated to follow the law.”

We had a new law, Bill C-11, come in. My understanding, my gut feeling, was that Bill C-11 would fix these things so that we would have more powers and we'd be able to target these companies to make them respect the law. Are you telling us that under Bill C-11 the weight of support would actually go to rogue outliers like Clearview AI over the rights of citizens?

Are you saying that, on the monetary penalties we've been told about that would ensure compliance, a company like Clearview AI would be completely exempt from that? Is that what we're seeing under this new law?

Thank you, Mr. Chair.

Mr. Therrien, the more I listen to you, the more I realize that studying Bill C-11 is quite a chore. The privacy situation is really concerning. It's something that everyone is concerned about, here in Quebec at least, and I'm sure it's the same in the rest of Canada, if not the entire planet.

I'm a little concerned about what you're telling us with respect to Bill C-11, which might not cover all the angles, some of which would be quite important. I note, among other things, your caveat about facial recognition data being immutable. Once we have that data, it will be there for life. I also note the issue of exchanges between countries, where we must be even more careful, because the protections are not the same in all countries. In this day and age, with more and more trade between countries, I guess you have to be more and more careful, and put more time and effort into it. Those are some of the concerns we have.

When Bill C-11 was being developed, did you intervene? Was the Conflict of Interest and Ethics Commissioner called in to advise the minister, and did he try to include the various safeguards that you feel are missing from the current version of the bill? Have you prepared a report or other document?

Without any empirical evidence that facial recognition technology could be harmful, particularly to a racialized community, is there anything in Bill C-11 that we can do to provide a guardrail to make sure that the vulnerable communities don't get harmed as facial recognition technology develops?

Thank you very much, Mr. Chair.

Monsieur Therrien, I want to thank you for your wisdom. With Bill C-11 coming down the pipe, it's so important that we lean one way versus the other way.

I know with facial recognition, when you first see it, it's so cool. We all heard about the issue with Cadillac Fairview, the shopping mall issue. Maybe we'll get to that today, but even sites like Facebook, they have these tag suggestions and they insert them as default settings. Theses sites are collecting our data, our faces, and many times people are totally unaware of it. That's where I want to start our conversation today.

I come from Oshawa. Oshawa is one of those communities that historically built cars and sent people back and forth across the border, things along those lines. I want to talk to you a little bit about the international utilization of facial recognition. I've heard that border efficiencies could be improved. I was wondering if you could comment on the opportunity, perhaps, for these opt-in, opt-out options if we're going back and forth across borders for business or as individuals.

Are there any international conversations about the right to delete and destroy information that may be gathered from Canadians as they cross borders into other countries?

I'm calling this meeting back to order.

For the second hour of this meeting, we're launching our study on facial recognition software and concerns related to it. Today we have the commissioner, who has agreed to remain here for an additional hour so that he can answer some questions as we launch into the investigation of this matter.

Thank you, Commissioner, for remaining with us.

We also have Mr. Homan, who is remaining with us as well, and Lara Ives, who is the executive director of the policy, research and parliamentary affairs directorate. Thank you so much for being here. Finally, we have Regan Morris, who is joining us as legal counsel.

Thank you as well for being here.

Commissioner, I'll turn it back to you for an opening statement to allow you to begin the discussion. Then we'll have questions for you.

Thank you again, Mr. Chair.

Facial recognition technology has become an extremely powerful tool that, as we saw in the case involving Clearview AI, can identify a person in a bank of billions of photos or even among thousands of protesters. If used responsibly and in appropriate situations, it can provide significant benefits to society.

In law enforcement, for example, it can enable police to solve crimes or find missing persons. However, it requires the collection of sensitive personal information that is unique to each individual and permanent in nature. Facial recognition technology can be extremely privacy invasive. In addition to promoting widespread surveillance, it can produce biased results and undermine other human rights.

The recent Clearview AI investigation, conducted jointly with my counterparts in three provinces, demonstrated how facial recognition technology can lead to mass surveillance and help treat billions of innocent people as potential suspects. Despite our findings that Clearview AI's activities violated Canadian privacy laws, the company refused to follow our recommendations, such as destroying the photos of Canadians.

In addition, our office is currently investigating the Royal Canadian Mounted Police, or RCMP, use of Clearview AI technology. This investigation is nearing completion. We are also working with our colleagues in all provinces and territories to develop a guidance document on the use of facial recognition by police forces. We expect to release a draft of this document for consultation in the coming weeks.

The Clearview case demonstrates how citizens are vulnerable to mass surveillance facilitated by the use of facial recognition technology. This is not the kind of society we want to live in. The freedom to live and develop free from surveillance is a fundamental human right. Individuals do not forgo their rights merely by participating in the world in ways that may reveal their face to others or enable their image to be captured on camera.

The right to privacy is a prior condition to the exercise of other rights in our society. Poorly regulated uses of facial recognition technology, therefore, not only pose serious risks to privacy rights but also impact the ability to exercise such other rights as freedom of expression and association, equality and democracy. We must ensure that our laws are up to par and that they impose limits to ensure respect for fundamental rights when this technology is used.

To effectively regulate facial recognition technologies, we need stronger protections in our privacy laws, including, among other things, a rights-based approach to privacy, meaningful accountability measures and stronger enforcement powers. The federal government recently introduced two proposals to modernize our privacy laws. These are important opportunities to better regulate the use of facial recognition and other new technologies.

Last November, the Department of Justice released a comprehensive and promising consultation paper that outlined numerous proposals to improve privacy legislation in the federal public sector. It proposes enhanced accountability requirements and measures aimed at providing meaningful oversight and quick and effective remedies. It also proposes a stronger collection threshold, which would require institutions to consider a number of factors to determine if the collection of personal information is “reasonably required” to achieve a specific purpose, such as ensuring that the expected benefits are balanced against the privacy intrusiveness, so that collection is fair, not arbitrary and proportionate in scope.

In the private sector, Bill C-11 would introduce the consumer privacy protection act. In my view, as I stated in the last hearing, that bill requires significant amendments to reduce the risks of facial recognition technology. The significant risks posed by facial recognition technology make it abundantly clear that the rights and values of citizens must be protected by a strong, rights-based legislative framework. The Department of Justice proposes adding a purpose clause to the Privacy Act that specifies that one of the key objectives of the legislation is “protecting individuals' human dignity, personal autonomy, and self-determination”, recognizing the broad scope of the right to privacy as a human right.

Conversely, Bill C-11 maintains that privacy and commercial interests are competing interests that must be balanced. In fact, compared with the current law in the private sector, PIPEDA, the bill gives more weight to commercial interests by adding new commercial factors to be considered in the balance without adding any reference to the lessons of the past 20 years on technology's disruption of rights.

Clearview was able to rely on the language of the current federal act, PIPEDA, to argue that its purposes were appropriate and the balance should favour the company's interests rather than privacy. Although we rejected these arguments in our decision, some legal commentators have suggested that our findings would be a way to circumvent PIPEDA's purpose clause by not giving sufficient weight to commercial interests. Even though we found that Clearview breached PIPEDA, a number of commentators, including the company but not limited to the company, are saying that we actually misapplied the current purpose clause.

If Bill C-11 were passed in its current form, Clearview and these commentators could still make these arguments, buttressed by a purpose clause that gives more weight to commercial factors. I urge you to make clear in Bill C-11 that where there is a conflict between commercial objectives and privacy protection, Canadians' privacy rights should prevail. Our submission analyzing this bill makes specific recommendations on the text that would achieve this goal.

Demonstrable accountability measures are another fundamental mechanism to protect Canadians from the risks posed by facial recognition. Obligations to protect privacy by design, conduct privacy impact assessments, and ensure traceability with respect to automated decision-making are key elements of a meaningful accountability framework. While most of these accountability measures are part of the Department of Justice's proposals for modernizing public sector law, they are all absent from Bill C-11.

Efforts to regulate facial recognition technologies must also include robust compliance mechanisms that provide quick and effective remedies for individuals.

Our investigation into Clearview AI revealed that the organization had contravened two obligations under Canadian privacy law. On the one hand, it collected, used and disclosed biometric information without consent, and for an inappropriate purpose.

Remarkably—and shockingly—the new administrative penalty regime created by Bill C-11 would not apply to these and other important violations of the legislation. Such a penalty regime renders meaningless laws that are supposed to protect citizens.

I therefore urge you to amend the bill to remedy this fundamental flaw.

In conclusion, I would say that the nature of the risks posed by facial recognition technology calls for collective reflection on the limits of acceptable use of this technology. These limits should not be defined only by the risks associated with specific facial recognition initiatives, but by taking into account the aggregate social effects of all such initiatives over time.

In the face of ever-increasing technological capabilities to intrude on our private lives, we need to ask ourselves what are the expectations we should be setting now for the future of privacy protection.

I thank you again for your attention.

I welcome any questions you may have.

Thank you so much.

I want to begin by saying that I am in complete agreement with my colleague, Mr. Sorbara, on the importance of getting Bill C-11 right, because it is about the rights of 38 million Canadians, and we all have that obligation.

Our committee previously brought forward a number of recommendations about the order-making powers of the Privacy Commissioner as well as the need to be able to levy huge fines. The vast majority of infringements on privacy we believe are accidental or without malice, but we do have some bad operators. We had Facebook say they didn't feel they had to follow Canadian law. We certainly see the same instance with Clearview AI, so the need to give you more tools was clear.

What concerns me, when I look at Bill C-11, is this idea of creating this regulatory tribunal that these companies could then go to about a decision.

I'd like to ask you, number one, whether we have any example of this kind of regulatory tribunal that can override a privacy commissioner's decision in any other jurisdiction, and how you feel about it. You state you believe that this tribunal would encourage companies to choose a route of appeal rather than finding common ground with the Privacy Commissioner's decisions, and it would actually delay and obstruct justice for consumers and privacy rights.

Could you give your thoughts on this regulatory tribunal balloon that has been floated by the government?

Thank you very much for that. I really appreciate it. I understand that you are investigating, so I won't ask you any more on that. I just wanted to clarify that.

In the last Parliament, our committee sent the government a number of recommendations on strengthening the role of your office and ensuring that we get stronger protections for Canadians' privacy rights, the rights of our citizens. I have spoken with many people in the privacy and data field who have looked at this new legislation, Bill C-11, and they're raising concerns that this legislation may actually hinder a number of the objectives that we had laid out at our committee in the previous Parliament. One of those is the issue of meaningful consent.

You state that the consumer privacy protection act “leaves out an important facet of our current legislation, the idea that meaningful consent requires that the person giving it understands the consequences of what they are consenting to.” You further state that you believe this law “would result in less consumer control than under the current law”.

Can you explain your concerns?

Leaving aside Bill C-11, as it stands now, would you say that you have the budget to carry out your mandate, apart from what may happen next with Bill C-11?

I think we live in a very exciting time, in many ways, but the questions I get at my office about personal privacy and data collection seem to become more and more important as time goes on.

You mentioned there was an increase of 15% with the budget this year and that you are preparing for legislative changes. You mentioned Bill C-11.

One of your comments I found a little bit curious. You mentioned that you make your briefs available on the website, but you mentioned that the brief on Bill C-11 was not on the website. Was there any issue? Why is it not on the website?

I'm certainly supportive of these efforts. We do need to get this report done. The Canadian people expect it from us. We have to get it to Parliament. I would like to get this done as soon as possible. As I said, the next thing is to clear up the Pornhub/MindGeek study, which is also very important, and get that to Parliament.

I would like to remind my colleagues that we did agree to facial recognition technology. I don't know when Bill C-11 is ever going to come to our table, but we could be looking to get some good work done in the next few weeks.

With that, I'm ready to vote.

Good morning, everyone. Again, happy Monday.

I think this is the first time in a number of days that I've had an opportunity to speak during the committee's proceedings. Obviously, I have a lot of thoughts on the work the committee has been doing in discussing Mr. Fortin's motion, which is in front of the committee, but also on the committee's direction overall.

I understand MP Gourde's sentiments. I have a lot of respect for MP Gourde in terms of his role as an MP but also for his work, more importantly. I do know that he's an individual with a lot of integrity. I agree with Mr. Gourde's suggestion that the committee has a lot of work ahead of it. The committee definitely has a mandate to do the good work that our constituents sent us here to do, and to do the good work of all Canadians and for all Canadians, of course.

We've spent a lot of time discussing Mr. Fortin's motion. Perhaps I will take a step back to how we arrived at Mr. Fortin's motion in terms of the proceedings during this committee and also testimony during the finance committee over the last, I would say, almost year, or eight or nine months.

I look at Mr. Fortin's motion, and I don't see....

First of all, as we've stated a number of times, and as has been set by the precedent of the former government, ministers do need to appear, but not ministerial staff. I think that needs to be pointed out.

Second, on point 6—and I know Mr. Fortin pointed out point 5 on his motion—Minister Fortier “also ordered witnesses Amitpal Singh and Ben Chin not to appear before the Committee, as mentioned in her letters to the Chair dated March 30 and April 7, 2021.”

I don't know where that came from. If I am missing something, then please, someone, do point that out to me. At this moment in time, I'm not too sure—and I cannot confirm from the information that I've received and the information that probably all of us on committee have received—that Minister Fortier, in any sort of way, told anyone not to appear. She appeared here as a minister. She appeared as a minister of the Crown to answer questions. The opposition or the other parties decided not to ask the minister questions, and that was their prerogative. I believe the meeting was ended, so I'm not too sure about the nature of that.

I'm just looking at my notes. Again, it's the responsibility of the ministers to appear here before our committee, not the individuals representing individual offices.

I'm not too sure what Mr. Fortin's intention is with this motion. Is it to provide information to the House that ministers appeared in lieu of their staff or staff members? We know that has been done in other governments. Is it that ministerial responsibility is the correct thing? Is it that we're being prevented from finalizing the report on this study that we've undertaken and that we're close to concluding?

I personally have invested a lot of time in looking at the other studies the committee has been and will be tasked with. Obviously, there is the MindGeek/Pornhub study, which is an ongoing, very important study for our committee. I understand that in the province of Quebec there are even heightened sensitivities that are important to that study. I know that many, if not all, Quebeckers, much like all Ontarians here in Ontario, want us to resume that study, want us to make recommendations, and also want us to ensure that we hear from the other individuals on that study.

Then we obviously have to return to Bill C-11 as well.

That's where I stand.

With regard to Mr. Fortin's motion, if we were to proceed to being able to write a report and put our recommendations down, why couldn't this motion be amended—these are just my humble thoughts—and looked at in the light? If Mr. Fortin wanted to have this appear in the appendix of the report, for example, it could be something very simple on the fact that the ministers were able to appear here.

I'm not saying that I'm putting forward an amendment. I'm just speaking my thoughts.

In the testimony that I've been privy to or had the privilege to see, we've had the Kielburgers show up for seven hours. We've had Katie Telford show up for several hours. We've had the Prime Minister show up for several hours. We've had witnesses come back to us. We asked questions. We've received literally thousands of documents on this study.

We need to finalize this. I agree with Mr. Gourde. We need to move on. I don't think any one of us wants to be debating Mr. Fortin's motion until the end of June. I don't think that's really the will of the committee.

At the same time, I do have significant concerns with Mr. Fortin's motion. In my mind, I can't see why some sort of conversation can't take place.

The ministers of the Crown came to this committee and appeared on behalf of the government. Minister Rodriguez answered several questions from our committee for an extended period of time. Minister Fortier was ready to answer further questions from the committee, but then the committee chose not to; the committee was closed and that was it.

This government followed the precedent set by the prior government in terms of having ministers appear. I think that was the right thing to do. I think that ultimately ministers are accountable.

I know on my team I express all the time that for everything that happens with regard to my being a member of Parliament, I have to be accountable. I have to be accountable for whatever happens in my office and be knowledgeable of it. That's the way I operate, and I think that's the right way to operate organizationally for any such entity.

Again, to Mr. Fortin, I look at this committee, and I've read, understood and heard all the conversation taking place with all our colleagues. In terms of the words, “That the Committee report these events to the House of Commons in order to express its dissatisfaction”, I don't see why it couldn't just be that this be reported in the appendix of the report, if that was the committee's will.

I think that's something we need to examine. I think that's an alternative. Because we've had so much testimony at this committee, as I stated....

Mr. Chair, I don't want to be verbose this morning. I don't want to repeat myself. We have a lot of work in front of us. There's stuff on the notice paper in the House of Commons. There's the budget, which we know is going to assist all our residents. I don't want to veer into the budget, obviously, because that's not part of today's motion.

We have a lot of work to do as parliamentarians in the coming weeks. We're obviously still in the third wave of the pandemic here in Ontario. We need to ensure that we get the support out to all our businesses, workers and employees. Quebec is facing another wave, as is B.C., as is Nova Scotia now and many other provinces.

We know we have a lot of work to do. Part of that is the study in front of us, which is the WE study, if I can refer to it as that.

I think if it's something I do wish to put forward and maybe we can get the language to you, Chair, I could put forward an amendment to Mr. Fortin's motion. We'll see if we can arrive at a way to proceed forward. I want to gather my thoughts before succinctly thinking about where I want to get to.

Gathering our thoughts is how we as a committee can move forward. We do know, again, that we have spent endless hours on this study. I think about how we even got to this point, where a note was sent in.... Over the weekend I was looking at my LinkedIn account. I think I have over 2,000 contacts over LinkedIn, and I receive notes from a number of people. Also, we all work with stakeholders and stakeholders reach out to us.

I know, for example, to the chair and to my Conservative colleagues, that MP Baldinelli and I and others have worked extensively with the wine industry—and I'll take this back to the conversation at hand, Chair. We've been able to work with the wine industry to ensure that we have a prosperous wine sector and there is something in the budget there. We only did that in interacting with the representatives from that sector and reaching out to the various ministers' offices to raise issues. That's part and parcel of our job.

Again, on this one here, a LinkedIn note that was sent said, “Thank you for hearing me out. Thank you for our conversation.” That was the catalyst for the various individuals to say, “Oh my God. Something untoward happened.” Well, not really. We all deal with stakeholders all the time and we all deal with entities that reach out to us to inform us. I'm sure, Chair, many of your members from the beautiful provinces of Alberta and Saskatchewan deal with the beef farmers, dairy farmers or chicken farmers or whoever else in the agricultural sector for lentils, barley, or wheat. That was the catalyst for how we got to this motion and why these individuals appeared and why specifically Ben Chin was asked to appear, because there was a LinkedIn note. Funnily enough, on Saturday I was reaching out to the residents of my riding and asking them how they were doing and I was looking at my LinkedIn account and that's how Ben Chin was asked to appear. That's how Ben Chin's name is now in this motion that Mr. Fortin presented to us.

I agree with Mr. Gourde's comments. We need to move on. We need to finalize this study. I do agree. At the same time, I think, as a committee, unfortunately, we've become potentially and possibly bogged down in looking at this motion and saying, (a) what purpose does this motion serve, and (b) how does this motion relate to the study at hand? I'm having a hard time with that, Mr. Fortin.

I do respect every MP equally and try to cordially always have a great working relationship with all MPs on all sides of the aisle and of all political views, even my colleague on public accounts, MP Green, whom I may differ vociferously with on many, many things in terms of policy, but obviously always in respectful disagreement.

I'm looking at this motion, MP Fortin, to maybe break the logjam. We're going to look at it from other points of view in due order so we can complete this study and then move on to a further study. We need to wrap this up and get to the MindGeek/Pornhub study. I know that the individuals in that study, the individuals we had, have reached out to me personally and so they really would like to continue to present. They would love that opportunity, of course.

On this study here, on WE, we've exhausted our time. We need to wrap this study up, but we need to do things, I think, in a manner that's prudent and a manner that obviously reflects the will of this honourable committee and my honourable colleagues.

The reason, if I can even take a big step back, is that in the motion here, the idea of calling parliamentary staffers, bringing them in or not, and any government of any stripe saying no, which the Conservatives did in the prior Parliament because of ministerial accountability, and then getting to the point where this is reported back to the House could potentially be repeated in a future government. The ministers are accountable and do appear. Questions aren't asked, because the parties say, “I don't want the minister to be here; I want this or that particular staffer.”

Again, I go back to the fact that Ben Chin's name is here because someone, the Kielburgers, sent a note to him saying, “Thank you very much”, just saying thank you. Well, now we need Ben to appear here for six hours to ask him every question under the sun, and we want to go into that fishing expedition.

I think that's what really sort of got to me, because, since we are parliamentarians, many people reach out to us. MPs from various parties reach out to me as the parliamentary secretary to the national revenue minister. A member from Mr. Johns' New Democratic Party, the honourable member for Windsor has reached out to me several times on various issues dealing with international taxation issuance. We've collaborated very effectively on that issue and other issues relating to Canada and the U.S.

It's at the point that I think we'd be having Ben Chin or this individual or this staffer come in because a note was sent, when there was really nothing wrong with that, with just saying, “Thank you for listening to us.”

I get the fact, and believe me when I say that transparency and accountability are two pillars within my DNA. I say that in terms of democracy and in terms of any committee's operations and in terms of how we operate as a society, a civil society. Transparency and accountability are the only things that count for me at all levels. For me, transparency and accountability start with the ministers, and that's where they end, with the ministers. That's the only place we can go and the only thing we can do.

It's just so important that we focus on that. That is why the original motion to call these parliamentarians—I was offside—and then the motion now to report this back to the House is something that has left me—and Mr. Fortin used this word “dissatisfaction” at the end of the motion. I'm actually dissatisfied with the original motion, and now with this motion I'm dissatisfied because it points us in the direction, in terms of the accountability and transparency, of saying the staffers should be responsible, not the ministers. The minister should be responsible.

I have a wonderful team that works for me. I think one of them is on the committee right now. At the end of the day, they do great work for me and they work extremely hard, but at the same time I think—our office is not open, but somebody's knocking at the door and I cannot answer that—we need to ensure that the accountability stops with the ministers. That's been my point of view all the time. I believe it was former House leader Jay Hill— I think it was him and if I'm mistaken then please correct the record on that—and I think it was even John Baird who appeared before a committee, and I think that is something that we really need to think about. That's why I think this motion here, going to that point and saying, “We're going to report to the House that these parliamentary staffers did not appear”, is a very, very dangerous thing. I think that's something on which we need to have a collective rethink and so forth.

I understand it is at the will of any member to put forward a motion and they can do so. I think the original idea of bringing these parliamentary staffers—and, remember, I always go back to the catalyst being a thank you email on LinkedIn. Actually, the way LinkedIn accounts work, it's actually already set up. When you log in and you respond to somebody, it's already set up; you don't have to type it. It's just there. It's there: “Thank you for reaching out” or “Thank you for...” or “Congrats”. It's actually quite easily set up. I know I have received emails from individuals from literally all over the world, usually from Europe or here in North America, that say “Let's connect”, “Thanks for connecting, Francesco”, “Hopefully we can work together”, “Hope you're enjoying...”, “Hope you're well”, “Great initiative on the part of the government”, or even questions relating to initiatives. I receive those all the time, probably 10 to 15 messages a day.

That's why I'm saying that to specifically single out Ben in that email between folks.... That's what LinkedIn accounts are. That's why we're here today. That's why we're here on this motion.

Again, Mr. Fortin, I respect the work you do. I respect your advocacy and so forth, but at the same time, I think we need to come to a conclusion on this study, because I want to move on. I definitely want to move on to the MindGeek/Pornhub study. I have 45 briefs that my team and I are going through at this moment, making recommendations, because we know how important that is.

We know how important that is to all Canadians. We know how important that is with the presence of MindGeek/Pornhub in the greater Montreal area, in Quebec, la belle province. We know how important that all is, but we also know how important it is to conclude this study with this motion currently in front of us. We know how it is so important to get this done.

Like I said, my thoughts continue to percolate in terms of putting forward something that I hope we can work with. If we were to present this scenario, if we presented a report and when we concluded the report, we can conclude it with—

Mr. Speaker, indeed, I did say that the member for Saanich—Gulf Islands was always right, but what I find even more honourable about her is how she apologized when she was wrong. I have a ton of respect for that member, and I will always listen attentively to what she has to say.

The reason I kept raising the point of order is that the preceding two speakers to this member kept going on and on about how the government is not responsible: The government sets the agenda; it has all been the government, and the government can do what it wants. However, in reality, we have seen that the opposition and this member came forward and maybe for 30 seconds out of the 10 minutes actually spoke about Bill C-11. His agenda, and we all know this from being in the House, is totally on another matter.

I get jaded, perhaps, when I see members from the opposition coming in here and saying, “It is the government. Why has the government not done anything? We would never play these games.” Then, literally right after they are done speaking, this member comes in here and plays this game. That is where my concern is born from.

Mr. Speaker, while I am thrilled that members are listening so intently, I do think it is a bit telling that they cannot even get through a 10-minute speech without their tactics. It is disappointing, to say the least.

However, I left off speaking about the report that bears the Prime Minister's name. Now, the member opposite heckled when I said that, saying that if the member for Saanich—Gulf Islands is raising the point, one knows one is really out of order. Well, we see that is not the case. While the member opposite has to speak for his team today, what I can say is that the official opposition recognizes that the tactics being used by the government by attempting to send Bill C-11 to the ethics committee are part of a coordinated cover-up.

Liberals do not want to deal with the privacy of Canadians. They have had six years to do it. They do not want to deal with the privacy of Canadians. They refuse to take simple steps like banning Huawei, like Five Eyes partners. They do not want to take the necessary steps. They do not want to send this to a committee that is going to deal with this uninterrupted.

When the report bearing the Prime Minister's name comes to committee, we are going to put Bill C-11 to the side and we are going to address that report from the Ethics Commissioner. If the government really wants this legislation to be dealt with in an earnest way, then it is going to send it to a committee, as suggested by the opposition, that ought to be dealing with it, because the industry committee deals with the industry minister, and the ethics committee deals with the Ethics Commissioner.

When we have a bill that the government members profess is designed to protect the privacy of Canadians and is so important to them, we would expect that they place it at a committee where it can be given its due consideration and not time it with their hope that it will be able to displace the work of an officer of Parliament. The committee is surely going to deal with that matter; it is of great public interest.

While I look forward to members asking questions that are germane to Bill C-11, and of course we are not going to hear any questions that stray away from the meat of this bill, it is incredibly important that people recognize that as the defence committee has filibustered, as the ethics committee has filibustered, as PROC has filibustered and as Parliament was prorogued, this bill is being used in an attempt to avoid embarrassment for the government, for the Prime Minister. When a report from the Ethics Commissioner lands at the ethics committee, it will be dealt with and Bill C-11 will be put to the side, and Liberals will say that the opposition does not care about the privacy of Canadians.

We do now, we did before and we will then, but the government has a choice to make, and today it can decide to send that bill to the industry committee and it will receive due consideration. I would be happy to give our full attention to Bill C-11 and its merits, debate those and make amendments at the industry committee, but if government members are looking to disrupt the work of the ethics committee, they are going to be unsuccessful in doing that.

It is very kind of the hon. member; I appreciate her so doing.

Back to the hon. member for Leeds—Grenville—Thousand Islands and Rideau Lakes, I have been, as I indicated I would, listening carefully to the hon. member. In fact, his argument, as I have been following it, has to do with the delay of the scheduling of this particular bill before the House. I suppose that is a legitimate point of debate in the House.

I see we still have about three minutes left, and I am sure he is going to link those ideas together and conclude with his arguments being relevant to Bill C-11. We will let the hon. member finish.

The hon. member for Leeds—Grenville—Thousand Islands and Rideau Lakes.

Mr. Speaker, I do not want to interrupt the member again when he starts speaking, so I thought this would be the best time to do it. On the same point of order I raised earlier, since you made your ruling, he mentioned the title of Bill C-11, talked about Huawei for about 15 seconds, and then immediately went back to the Ethics Commissioner report.

Now we are rising on a point of order to talk about a report that is completely unrelated to Bill C-11. I know the member indicated that one can supposedly loosely relate, but that is not the case. It is only the case sometimes with special bills like budget bills.

I would encourage you, Mr. Speaker, to encourage the member to stay on topic and not stray away again, because you already ruled on this once.

Mr. Speaker, as I was saying, the concern the government has with the content of the testimony of those individuals who were ordered to appear is so great that ministers of the Crown ordered individuals not to appear at committee, in contravention of an order of this House. We have seen the lengths to which the government is prepared to go to avoid talking about issues that are embarrassing to it and that are damaging to it.

We now have Bill C-11. We have legislation where, for many months, the opposition has been calling on the government to take a major step to protect Canadians' privacy, and it could achieve that by banning Huawei. We heard very troubling reports today about a country where we learned that via Huawei, communist China was able to listen in to a NATO partners' phone calls happening in that country and listen to the phone calls of a prime minister. This certainly is vindication for everyone who has called for Huawei to be banned. That is a concrete step that the government could take, with the support of this House, to protect the privacy of Canadians, but that has not happened.

We are six years into the mandate of the Liberals. They got a new mandate two years ago. Now they have this legislation. The industry minister has put it forward, but they do not want it to go to the industry committee. They want it to come to the ethics committee.

Why did they wait until this spring before they wanted it to arrive at the committee? Interestingly, last summer, the Ethics Commissioner said that he was investigating the Prime Minister for the Canada student service grant debacle, after the Prime Minister had said he failed to recuse himself from discussions related to the awarding of that contract. Members of the Prime Minister's family had received half a million dollars from the WE organization, and then the Prime Minister voted to give that same organization a half-billion-dollar grant, which would have included more than $40 million in benefit or revenue for the WE organization.

After the Ethics Commissioner said that he was going to conduct that investigation, the Conflict of Interest and Ethics Commissioner's office put out a tweet. The tweet highlighted the timeline that it usually takes for a report to come back on a potential violation of the Conflict of Interest Act. The first two reports issued by the Ethics Commissioner with respect to the Prime Minister were “The Trudeau Report” and “Trudeau II Report”. There will be a third report bearing the same name, which is due this spring. So—

I appreciate the interventions by hon. members. Indeed, relevance is a legitimate point of order when it is raised, and I compliment each of the hon. members for their knowledge of the Standing Orders in this respect.

I have heard from each member. I will listen carefully to the hon. member for Leeds—Grenville—Thousand Islands and Rideau Lakes in respect to his comments on the matter. Yes, there is certainly latitude given to members, for example to make comparisons with respect to the topic before the House. I recognize he is just a little over three minutes into his speech, and I am sure that he will continue to keep his comments relevant to the matter before the House, that being Bill C-11.

The hon. member for Leeds—Grenville—Thousand Islands and Rideau Lakes.

How is this debate? I am bringing a point of order that the member is not talking about this. That is the only thing I have been talking about.

Mr. Speaker, perhaps you could encourage the member to stay on topic and discuss Bill C-11 specifically.

Mr. Speaker, I rise on a point of order. The debate we are having today is on Bill C-11, the digital charter implementation act. Although I thought at the beginning that the member was going to briefly reference the ethics committee, he is now completely talking about an unrelated matter. I guess he trying to justify why this is going to a certain committee, but that is certainly not the content of the bill, which is what we are supposed to be discussing now. Perhaps you could—

Mr. Speaker, it is a pleasure to join the debate on Bill C-11. It is important to start with the conversation that has been had around where this legislation is going to be debated. The legislation belongs to the industry minister, so we would expect the industry committee would deal with it. In spite of an offer from the opposition by way of unanimous consent to have this sent to the industry committee, the government will instead send it to the ethics committee.

What else the ethics committee has been dealing with and will be dealing with this spring are germane to the rationale for the destination of this bill. Up to this point, the ethics committee has looked at the pandemic spending, particularly the issues around the failed Canada student service grant and the half billion dollars destined for the WE organization. That study has faced some significant obstruction: first, by way of Parliament being prorogued in the midst of a pandemic; and, second, upon returning from prorogation, the committee was filibustered for the equivalent of 20 meetings, more than 40 hours. When the agreement on having witnesses appear was finally reached in December, many months followed where the witnesses would not appear. Finally, summonses were issued.

The potential damage to the government and the Prime Minister the testimony that the committee is looking for is great. Not only did the Prime Minister prorogue and the Liberal members filibuster for the equivalent of more than 20 meetings, but when an order of this House was issued for witnesses to appear, which passed with majority support, the Liberal members said they did not like the decision, they did not support that Canada's Parliament had spoken that it was within its powers to exercise an order for people to appear at committee and instead wanted others to go, so they told those individuals to defy an order of Canada's Parliament. Who told them that? Ministers of the Crown told individuals to dodge, to duck an order—

Mr. Speaker, I see Bill C-11 as legislation that offers world-leading privacy and data protection. It also has some of the strongest fines among the G7 privacy laws. This is legislation that Canadians would support and it even seems that members on all sides support the legislation.

The government does not have a process like opposition days where things are voted on automatically. We are very dependent on opposition parties recognizing the importance of legislation and allowing it to get to the committee stage. I wonder if my friend could provide his thoughts on whether he believes the bill should move forward. We have had many days of debate, for example—

Mr. Speaker, I am pleased to joining the debate on Bill C-11.

“One who wants to know is better than one who already knows” is a Yiddish proverb, and members know I have a great love of them.

However, I want to go through the legislation before us, because a lot of constituents have written to me with major concerns. It is not that they dislike the legislation per se. They agree, as many members have said, with the principles and content, but the bill falls far short of their expectations.

As the member for Cypress Hills—Grasslands has said, it is an issue of control, who controls the information. My personal belief is that property rights are a human right, and our digital presence, our cookies, the way we look is their digital private property and it should really be treated that way. We have a come to time where we should extend our conception of what is a property right to our digital presence.

I remember knocking on doors in Mahogany in my riding. A gentleman who worked for a large IT company was very concerned about deepfakes, the ability for people to create some really lifelike images, voices and mannerisms of other individuals and the possibility for it to be used for a nefarious purpose, to mislead, misdirect and also to get money out of people. Imagine what type of use people could get out of deepfakes. I think of the past few years where we have seen a lot of companies make immense strides in providing a digital picture of people who never existed, but they look so lifelike that it is so difficult to tell if they are actually deepfakes. They trick our eyes and brains to think they exist.

On the issue of control, I have had constituents bring up issues of Clearview AI harvesting through facial recognition technology, the Cambridge Analytica and Facebook scandals. Closer to home in Calgary, is Cadillac Fairview and what constituents have termed “secret mall surveillance”. There was a panel put up in different parts of the mall, one of the biggest malls in Calgary, that were collecting information off the images of people going in. I cannot remember what the purpose was, but it was stopped once many people started to raise issues with what the information was being collected for.

It is an issue of control. There are principles in this digital charter, and I do not want to go over them too much. However, I want to raise issues specific to things like the right to opt out of the sale of personal information. That is a really big one. The GDPR does this already as does the European Union.

Sometimes when people go online, depending on the country source for the product or service purchase, after having clicked through terms and agreements, because many people do not read those, it will ask whether they are opting out of the sale of their personal information. That is missing in this legislation, and it really should have been in there.

Many constituents, like Chris MacLean in my riding, raised this as an issue, saying that they would like to have more control to consent to where their information would go. I could imagine certain situations where people are fine with their personal information being sold, perhaps some of what they give a particular company is not much and they feel it could have some type of purpose or there could be some controls put in place. However, this legislation does not have that.

Then there are the consent exemptions. I want to focus a little more on this one. This issue has been of major concern to people in my riding. As I mentioned, Chris had issues with it, Kevin Silvester, Shelley Bennett and Randall Hicks had issues with it. There is a lot of them. The issue is “for a public interest purpose” is how the government has defined it, that is socially beneficial purposes, clause 39 is one of them.

It kind of lists off government institutions, public libraries, post-secondary educational institutions, any organization that is mandated under federal-provincial law or by contract with a government institution. What if it contracted out a large government youth program, like the WE charity, and then it ran it. What kind of personal information would be collected? I know it has been embroiled in its own scandals of late. The ethics committee met this morning and discussed it even further.

It continues on to point four. This is subparagraph 39(1)(b)(iv) under the disclosures made to any other prescribed entity. Then there is paragraph 39(1)(c), the disclosures made for socially beneficial purpose. That is such a broad definition. Who gets to decide what is a socially beneficial purpose? I could drive two Hummers through that definition, working for a contracted out organization, perhaps collecting information, processing a program, a service on behalf of the federal government. I have major issues with the way that is structured, because it allows so many exemptions to be provided in interactions.

When we read about these organizations, it is a lot compared with any other prescribed entity. There are no limits on this prescription. There are no limits on what the federal government could prescribe as an outside entity and then our information would be shared with them. That is a consistent concern that my constituents have. They mostly focus on the business angle of it, but we know that the federal government oftentimes has a lot of contracting out of services, including IT services and procurement services. For the construction of ships, for example, the government does not own shipyards; it contracts that service out and asks someone else to do it for the government. When they do that, is there not a possibility, because it is for a socially beneficial purpose, that the federal government could decide just to share information quite broadly? I have an issue with it because I do not think it does a great service for Canadians.

There is another issue I have with one of the definitions provided. It is the definition being used in the law for how personal information is defined. It says, “an identifiable individual”. The example that I gave, that many of my constituents give as well, is an example from Calgary when, years ago, Cadillac Fairview, which owns the Chinook Centre in Calgary on the Macleod Trail, was using facial recognition and surveillance information. Maybe they were just tracking the flow of pedestrian traffic through the mall, perhaps to plan where the doors should be; I do not know this, but if the benchmark being used in the definition is “an identifiable individual”, how much effort is a company going to put in to identify someone? That is what makes it identifiable. When I read through the legislation, I have a hard time grasping how far this could go. Is there an expectation that the companies will not keep this information at all because they did not make it identifiable, so it is okay? Is it because the image is too grainy? Is it because their name is so common that it could be just about anybody? It is an imprecise definition that could have really been beefed up from the beginning instead of taking it to committee in such an incomplete format.

Those are the issues I found, just reading through the legislation and after so many of my constituents wrote to me. They still have major issues. What they want to see is a significant number of amendments brought forward to fix the legislation. There are a few ways to do that. The government could just draft a new piece of legislation and table it again and have it go forward. There are a lot of good things in the bill, like many members have said, that make it salvageable.

At the committee stage, that is where they get into it. I do really believe this should go to the industry committee. It may want to bounce the bill around to the different committees. I used to sit on the Standing Committee on Finance in the previous Parliament, and the government would apportion the omnibus budget bill to different committees and look at the parts in order to have the expertise. So much of this is about corporations and businesses that it should really go to the industry committee. Again, it is the industry minister who has tabled the law.

On the issue of identifiable information, the definition should include such information as people's email address, obvious personal information like location information, gender, biometric data, web cookies, political opinions and any pseudonyms they might use so the company or the organization that is collecting it can combine it all together. It does not have to be a private organization; it could be a public one, it could be a charity doing this; who knows? That could have been a much better definition than simply leaving it very open-ended as “an identifiable individual”.

Another matter that a lot of my constituents have raised is the playing field between a Canadian company based here where Canadian law can easily reach it with the fines that would be levied; and then international companies, perhaps based in Latin America, in parts of Africa, in Australia and other countries that have different privacy laws and how we would be able to find them and also collect the fines on them. That whole mechanism and the fact of a tribunal of three to six people and only requiring one expert is another issue.

I have tried to lay out as many issues as I have heard from my constituents in my riding. I mentioned that some of them had very specific concerns.

Much of the legislation is on the right path, but there are so many shortcomings. Like the previous member said, the issues here are data privacy and control, regarding who controls the information and where it can go and that the legislation is still unclear in certain parts, regarding who can deal with it; and exemptions and exceptions being given. Those two different concepts need to be fleshed out more in the legislation. It should be done at committee. It should be done at the industry committee first. If it needs to go to the ethics committee afterwards, so be it; but the industry committee should deal with it first, immediately.

Mr. Speaker, my colleague has brought up a lot of great points, especially around the issue of Huawei.

The House passed a motion requiring action from the government on Huawei, yet we have seen nothing. At the same time, it is bringing in Bill C-11, which has some laudable points in it, but does not address one of the biggest elephants in the room, which is Huawei. The government has refused to ban it from our country. Huawei is well known for stealing information and sharing it with the Chinese communist government.

I wonder if my colleague could tell me why he thinks the government is so reticent to ban Huawei, as the House has demanded.

Mr. Speaker, I am always honoured to participate in parliamentary debates, especially when there is an important and pressing topic such as what we have in front of us today.

Stronger legal protection for both consumer protection and data privacy needs to be improved, and this is impossible to deny. It might be tempting to say that Bill C-11 is timely, but instead, we should be clear with ourselves that it is well past the time for us to address these issues.

The kind of improvements Canadians need are long overdue, and the government has been slow to act. For years the Liberals have done a lot of talking about it, but it always seems to take them a while to get around to doing anything. They have been talking about a digital charter for years.

This bill was introduced back in November. Five months later, we have had very little time to debate it so far in second reading. I hope they are looking at various ways to possibly amend this bill to get it right. As the official opposition, we want to actually get things done for Canadians.

As the world becomes more digital and interconnected, it is extremely important to make sure people are fully protected in every possible way. In this process, filled as it is with the promise and potential of amazing developments with technology, there are also risks. Each new form of connection can also provide openings to be used against people. Besides the usual bad actors who are always looking for any new occasion to commit crimes, there are more subtle trends that, if we are not careful to check them, could work against everyday people's best interests, such as through invasive levels of data collection. To put it simply, people are not products. We have to make sure they are never treated as such.

As Canadians, we must always ensure that our society upholds fundamental rights and truths. Every person, whether they are acting as a customer or a private citizen, should have the ability to manage their affairs as they see fit and decide for themselves who will have access to their property. They should not find themselves in a position in which they are living at the mercy of powerful interests, whether it is the private or public sector.

We should expect to see stronger protections for privacy and for personal information. There is some clear language in this bill concerning corporations and institutions. However, more importantly, what about when people are interacting with the government? Much more importantly, what about when the government decides to interact with the people, whether they want it to or not? We do not have to go too far back in the past to remember when Statistics Canada wanted to look through Canadians' bank accounts and financial information. This makes me wonder how this kind of thing will be handled going forward under this legislation.

Of course, there is a lot more that could be said about the many ethical scandals directly coming out of the government over the last five years. Is it any wonder that people would be second-guessing the government's commitment to handling their information? Let us go back, though, to what is already in the bill for private entities.

More than words, we need better and stronger protection in action. Is that what we can expect? A few weeks ago, the Privacy Commissioner spoke on Bill C-11. He said:

The government has set out important objectives for the bill, including increasing consumers’ control over their data, enabling responsible innovation, and establishing quick and effective remedies, including the ability to impose significant financial penalties. I support these objectives. Unfortunately, my analysis of the bill’s provisions leads me to conclude that they would not be achieved.

With further definitions and allowances made under this bill, he goes on further to say, “this would result in less consumer control than under the current law.” He also points out, “some of the new consent exceptions are too broad or ill defined to foster responsible innovation.” In particular, he says “one new exception is based solely on the impracticality of obtaining consent. Such an approach would render the principle of consent meaningless.”

Again, what will get this done for Canadians? I want to support this bill because of what it should be doing, but these types of points, as expressed by the commissioner, need to be thoroughly addressed at committee. Canadians deserve greater clarity from this process.

Aside from the government's own activities and operations, along with those of its various agencies, we have to question how much of a priority it is to protect Canadians from external threats to their privacy and security. How the government has handled Huawei might be the best example.

While the Liberals talk a big game when it comes to Canadians' privacy, their inaction on one of the most important and recent privacy concerns with Huawei shows that they do not actually take serious action. I ask member to remember last fall, when opposition parties passed a motion calling on the government to decide whether Huawei would be allowed to participate in Canada's 5G infrastructure.

The government has not only ignored Parliament on this issue. It has also ignored Canada's most important strategic allies. The rest of the Five Eyes alliance have taken decisive action to either ban or significantly curtail the role of Huawei in their telecommunications infrastructure, yet the Liberal government has not listened to their warnings. The United States, in particular, has played a vital role in pushing back against Chinese incursions into democratic nations' security and their citizens' privacy.

Based on its security intelligence, it has warned Canada that including Huawei's technology in our 5G networks would compromise our national security and the integrity of the Five Eyes partnership, yet the Prime Minister has done nothing. The Liberal government must finally have the courage to stand up to China and ban Huawei from participating in our 5G network.

While the government may pretend banning Huawei's participation would limit Canada's access to 5G, the reality is that there are safer options.

Last June, for instance, Bell Canada announced a partnership with Ericsson to help develop its 5G network across the country. Ericsson, of course, is based out of Sweden, with which we have excellent diplomatic relations. Both Sweden and Canada are dedicated to advocating for human rights around the world. Telus also partnered with Ericsson in addition to Nokia and Samsung.

Comparatively, Huawei has a proven track record of breaking the law and stealing information. In fact, Huawei was indicted by the American Department of Justice. To quote from its statement at the time, it charged Huawei for “stealing U.S. technology, conspiracy, wire fraud, bank fraud, racketeering, and helping Iran to evade sanctions, amongst other charges.”

The Communist Party of China is the greatest threat to western nations, to national security and to the integrity of our institutions. If the government does not prevent Huawei from playing a role in our 5G networks, it will be giving the CCP a leg up in its quest to establish itself as the world's next superpower. Canadians are nervous about the role China is playing in their lives and the CCP's access to their personal information, and they should be. We know Huawei has close ties to the governing regime. Its founder is even a member of the CCP. This is the same oppressive government that, according to the allegations of its own citizens and residents, has harassed them while living here or has threatened their families in China.

When 5G finally takes off across the country, millions of Canadians' personal information will be transmitted through telecommunication infrastructure. We cannot in any way allow the Chinese government to get its hands on that critical information.

I have something else to say about the failure of the government to provide for rural Canada and for the needs of my constituents. The first principle of the digital charter is universal access. The government has failed to deliver on this need for rural and remote areas. Universal broadband funding has seen delay after delay.

I could speak on and on about various ongoing issues.

With rural broadband, as it is listed in the charter, the universal access side to it is extremely important. At this time of year, many people back home are looking to get into seeding, to get the crops in for the year. We are starting to see more and more how broadband and cell coverage is such an important factor in the practices of farmers, even for ranchers. It is vital infrastructure.

We say that we will vastly protect people's private information, yet we do not even have the infrastructure in place for people to connect to the Internet. If they do, when it is very slow and not responsive to them, it makes it even that much harder for them to be aware of what they are checking a box for or reading through. It makes it that much harder to properly download the information or to figure out what information will be taken from them. That, in and of itself, takes time and it takes a lot of effort. Therefore, when we have a serious conversation on protecting the needs and information of our citizens and we do not even have adequate infrastructure in place, we have to ensure we address some of those concerns first and foremost. This legislation will not accomplish any of that.

Getting to the principle of the bill, it is great we are having a discussion on this. We need to definitely address some of the fundamental concerns that the bill tried to raise. I look forward to continued debate on this. I also look forward to when the bill gets to committee, so we can see some amendments to it and we can start to take a serious approach to the needs of our constituents and of Canadians.

Mr. Speaker, it is an honour to join the debate on this important issue, the data charter implementation act. I will be diving into what is a large bill and addresses a large spectrum of some of the issues we face in the world in which we live that have been exacerbated by COVID in so much of what we do, such as in this place, the evidence of which is that I am participating in this debate from Battle River—Crowfoot in Alberta. The fact is that digital has been transformed over the last number of months with COVID before us and I will be getting into different aspects of the bill, some of the things I think are laudable and some of the concerns that I have.

The previous member for Calgary Midnapore did a great job on her speech. I would note that we saw in the background that there is snow on the ground. That is certainly one of the interesting things about our country. It is often joked that if we wait a few minutes, the weather will change. That has certainly been the case in East Central Alberta. I would like to take a moment of my time to talk about the wildfires that started and were part of what has really consumed a significant amount of time over the last number of days.

It has been very dry in Battle River—Crowfoot since the snow melted and although there has been some moisture that has lessened the likelihood of those fires, I want to take a moment to thank all of the firefighters, volunteers and volunteer professionals. It is often a misconception that volunteer firefighters are somehow inferior to their full-time counterparts in the city. There have been a number of grass fires over the last week or so in my riding, but one particularly large one received a tremendous response. Four or five fire departments from different small communities reached out, worked together, along with hundreds of community volunteers, and put out this particular fire.

I would note how important it is that we take fire safety seriously at a time when moisture is needed. There was a little of it over weekend and I received more than just a few comments. Rarely are people thankful for snow in April, but those who saw the threat of fire were thankful for the moisture that came this past weekend. As a reminder to all those watching, they should be careful when they are in rural areas and there is such a threat of fire, as there is today, and thank all those who put their lives on the line to protect folks in this area and across Canada.

I will go on to the substance of what we are debating here today. There are two major parts to Bill C-11. Part 1 would enact the consumer privacy protection act and various aspects involved with the protection of personal privacy. At a time when everything we do is online, it is a significant topic of conversation that needs to be discussed. Part 2 would enact the personal information and data protection tribunal act, which would establish a tribunal to hear appeals related to personal information and privacy.

As the world has become more digital, so much of our lives is detailed online and so much of the information we see goes through a filter. I hear from constituents who talk to me about the things they see on Facebook or other social media platforms, even the advertisements they see when they google something or the fact that we even refer to searching for a term on the Internet as “googling” speaks to the extent to which our information is online. We certainly see the need for stronger protections to ensure that Canadians' data, their information and, ultimately, their rights are protected. Certainly, we have had a lot of conversation around privacy as a human right and, further, what the property rights are in terms of data that is online. We see Bill C-11 as an attempt to address that.

I have listened with great interest to some of the Liberal speeches on this matter, and a lot of the points brought up are certainly laudable in their goals. However, the proof will be in the implementation. There is certainly a lack of clarity. There are also no concrete measures outlined here to ensure that the goals and ideas talked about in the preamble, as well as the words spoken by the minister and various Liberal members, are actually translated into actionable items that do what is in the best interest of Canadians. This is of particular concern on an issue like this.

We have seen unprecedented scandal and mismanagement. We have seen a level of access to the highest offices in this land for those who can afford to pay and those who happen to have the Prime Minister and his staff on speed dial. A bill like this, where billions of dollars and corporate interests are at stake, should force every Canadian to pause to think about, when we say this will be implemented and it will be informed by regulation, what the process is between a bill's implementation and ensuring that it is effectively implemented through regulation. What sort of lobbying will take place? Who will benefit? I think these are valid questions that need to be asked.

We have seen that Canadians have very little trust in the Liberals when it comes to ensuring that their best interests are served when the Liberals are getting phone calls from their well-connected friends and the businesses that they associate with.

As this bill will likely go to committee, these are the sorts of questions that have to be asked to ensure that, when it comes to the data and privacy of Canadians, when it comes to being online, and when it comes to some of the transparency mechanisms, every aspect is clearly parsed out, so Canadians can trust that the regulations are not simply being sold to the highest bidder, those who have the most expensive lobbyists, or lawyers who happen to be able to get face time with those in the Prime Minister's Office.

Some will suggest that this is cynical, or that it is simply not true. We could go through a long list of the failures of Liberal scandal and mismanagement over the last five years. None is more obvious on that front than this reality. Using definitive language and a word like “reality” can often get politicians into trouble, but I say the reality is that there is a clear call to ban Huawei from Canada's 5G network, yet the Liberals, the government, have refused to act on that simple demand.

It leaves one to draw conclusions about who is able to influence the government's decision-making process. Conservatives have and will continue to stand up for the rights of Canadians and that includes the right for Canadians to have privacy online.

There are some laudable goals in this bill. I would suggest that all Parliamentarians here believe we need to address the issues that are brought up in this legislation. We have to ensure that we do that. The Liberals will, without a doubt, as they already have done today, blame the opposition for delay tactics, blocking committees and various other things.

The reality is that we have seen time and time again the Liberals bring something forward such as a bill. They will then demand it be passed, even though the very reason for some of those delays are entirely of their own making. However, they later learn that they made mistakes that could have been identified through things such as full democratic discourse and comprehensive committee research.

Earlier today, the Liberals blocked a motion that would have sent this to the industry committee. There is a reason this deserves full consideration, and certainly Conservatives are doing our part to ensure we have a fulsome debate, so Canadians can get the answers they need on this important subject.

Mr. Speaker, I would like the member to expand on two points.

Bill C-11 leaves out an important aspect regarding online identity protection to prevent fraud, such as identity theft. In addition, the government is not addressing its own problems, since the bill does not apply to the federal government, even though the government's online identity checks are clearly inadequate.

Mr. Speaker, it is a pleasure for me to be here today and to contribute to this debate on Bill C-11. I have been here for four years. It is hard to believe, as I just had my anniversary on April 3, that I have been serving the good people of Calgary Midnapore for four years, which I am so fortunate to do. At this point in my political career, if I do not believe that the messengers themselves are sincere, I have a hard time believing the message. It is really hard for me to think about and understand a policy if I do not have a lot of good faith in the individual or entity from which it is coming.

There stems one of the two struggles that I have with this bill: I do not genuinely believe in the sincerity of the current government to protect Canadians. I have seen this from many perspectives, both past and present. My second concern is a sort of generalization, but it still remains that I see the government doing things in a half-hearted effort. This is along the same lines as my first point about insincerity.

When I refer to my past experience with this, I am drawing upon my time as the shadow minister for democratic institutions. Bill C-11 is relevant to that because, during my time as shadow minister, the Digital Charter was announced. If not legislation, this was certainly an important policy announcement that was supposed to carry a lot of weight. At the time, we were debating Bill C-76, which would have major implications for future elections. The digital conversation, along with foreign interference and foreign influence, had a lot to contribute to the discussion around Bill C-76.

When the Minister of Innovation, Science and Industry made his announcement at that time, along with the minister of democratic institutions, it felt very flat. It felt as though it was one of those commercials for children on a Saturday morning or, since the current government likes to insult Conservative institutions so much, perhaps a video from PragerU. It really did not come across with a lot of sincerity or a lot of teeth. It just seemed to do what the government likes to do, which is a lot of virtue signalling.

This bill also reminds me of the tribunal composition. It always concerns me a little when the government creates a body that has any type of implication in the direction of Canadians' lives or industry. I am thinking of the Leaders' Debates Commission, which I believe significantly impacted the debates framework in the last election. I recall the question from the member of Parliament for Provencher to the previous speaker. If we look back now, the debates commission included one of the Kielburger brothers. It is very interesting that we find this here today.

One thing I am concerned about within the framework of the Bill C-11 legislation is that the current government members always find a way to take care of their friends. We have seen this with SNC-Lavalin, which we are still dealing with the implications of here today as we go through the pandemic; with Mr. Baylis, the former member of Parliament; and, as has been alluded to before, the WE Charity scandal, which the previous speaker indicated. Unfortunately, this legislation is being sent to ethics rather than industry in an effort to delay that. Even in the context of Bill C-11 and what this is supposed to do, I worry about government members taking care of their friends.

I mentioned that the second part of my concern was that the current government does everything half-heartedly. I believe that includes this legislation, without question.

We look at the possibility of information being shared with other parties. The bill would allow an organization to transfer an individual's personal information to a service provider without their knowledge or consent. Regarding the right to have the collecting party delete collected information on request, it somewhat deals with that, but when I have tried to unsubscribe, in some situations it has definitely been unsuccessful.

We also see in the bill the right to opt out of the sale of personal information where an organization may transfer an individual's personal information to a service provider, again, without their consent or knowledge. This is a theme that I am seeing in terms of the government addressing things half-heartedly and Bill C-11 definitely falls within this.

Also, we have seen this half-hearted response with the pandemic from the very beginning in terms of the government's eliminating the warning system prior to the pandemic's arrival; the return of personal protective equipment, which showed such a lack of foresight for the necessity of its use not months later; and the slow closing of borders that we saw at the very beginning, and in my position as shadow minister for transport I have seen incredible, draconian measures that were inserted at a result of poor response earlier on. It is the same with any situation when the longer we allow something to fester, the greater the response it requires later on. Unfortunately, Canadians are paying the price of the inaction. There is also the rapid testing and of course vaccines, which is a complete failure of the government and of the Prime Minister .

I want to say to any Canadian who is listening to this speech, if they are upset because their business is closed, their children are at home and not at school, they have not seen their family in 18 months, there is a third wave, it is the fault of the Prime Minister for so poorly preparing for the later stages of this pandemic. This is another half-hearted response that I have referred to.

We have also seen this unfortunately within the defence committee. The government was willing to turn its back on women all across the country in not believing the stories and yet it is willing to investigate the unfortunate situation of the member for Pontiac, who is an incredible individual might I say. My husband and I had the good fortune of travelling to Israel with him and I will stand in solidarity with him.

In kindergarten, I was painting a picture and when I was done, I had taken off my smock and was standing there in my slip when my good friend, Kim Crocker, who I later had the pleasure of serving with in student council with in high school said to me, “You're standing there in your slip” as all the fine women of Calgary Midnapore did wear at that time. My point is the Liberals have turned their backs on women at the defence committee as well.

If there is something good to be said about this piece of legislation, in my capacity as shadow minister for transport, many right-to-repair organizations and the small repair shops across rural and suburban Canada have said that Canadians have the right to own their data.

Colleagues within the Conservative Party will argue that this is a property right and a human right. As we advance in the digital age, I believe more and more that this is a human right, that our history of data will one day be almost synonymous with our DNA.

I will leave it there. I do not believe in the government's sincerity of protecting Canadians. I believe that so much that the Liberals do is a half-hearted effort. For both of these reasons, I stand here today in regard to Bill C-11 with a lot of questions about the legislation, but the belief that I am not certain whether this legislation goes far enough.

Mr. Speaker, I want to thank the hon. member for Prince George—Peace River—Northern Rockies for bringing to the attention of the House some of the errancy of Bill C-11. In particular he noted that this bill should be heading to the industry committee, and it has found its way back here because the Liberals are trying to prevent the ethics committee from doing its work on other very important issues, such as scandals. I acknowledge that.

The member also talked about some exceptions in the bill that would make it less effective than it should be, and I am wondering this: Are there any exceptions in particular that he finds particularly grievous?

Mr. Speaker, regarding Bill C-11, the Privacy Commissioner has stated that he is concerned with the government's new definitions of commercial activity and consent rules. The current bill actually has much less protection of privacy than the previous definition.

I wonder whether the member could comment on that. Does he share those concerns? Should the government be making amendments in this regard?

Mr. Speaker, I am honoured to speak to Bill C-11 and data privacy.

Many in Parliament know of the previous work that has been done by the access to information, privacy and ethics committee. We dealt with this in 2018 around Facebook and Cambridge Analytica. We came together in London for the first meeting of the International Grand Committee, which represented nine nations and close to half a billion people. We have all seen how data manipulation can be misused by big tech, and our efforts in the International Grand Committee were really to set the stage for what we can do together to push back on some of big tech's practices and hopefully reform those practices. As chair of that committee, I was especially pleased with the efforts of all the parties in the room. In their speeches, the member for Beaches—East York, the member for Timmins—James Bay, my own colleague from Thornhill and many others took this on, as we care about all Canadians' data and privacy.

It is laudable that Bill C-11 attempts to combat some of the concerns that we have and crack down on some of those practices that have been concerning for many years. It deals with things like algorithm accountability, which has been mentioned by some colleagues today, personal access to data, de-identification of information, and certification programs for big tech so that there is a certain set of standards to be followed. Some of these moves have already been taken up by some in big tech who are doing this on their own to some extent. Stiffer penalties are recognized in Bill C-11, as well as private right of action.

However, there are many other things I am concerned about that are simply not in the bill, or there are huge exemptions that a freight train could run through, which would neutralize the bill in many respects.

First, privacy as a human right is the number one thing that I do not see in the bill. Many have said, from our efforts, that privacy as a human right needs to be foundational to any legislation. Conservatives recently passed a policy that deals with this exact principle:

The CPC believes digital data privacy is a fundamental right that urgently requires strengthened legislation, protections, and enforcement. Canadians must have the right to access and control collection, use, monitoring, retention, and disclosure of their personal data. International violations should receive enforcement assistance from the Canadian Government.

Clearly, this is a concern of many. We have heard from countless witnesses and experts. Jim Balsillie, who has been mentioned already this morning, warned us of what can happen if we do not take this seriously.

I will talk about the exemptions in the bill that concern me, and my copy of the bill is very well highlighted for some of the errors that are in it.

There is “Exceptions to Requirement for Consent.” A meaningful consent is another principle that we really need to address in the bill, and it has been mentioned already. If children have an app they like to play games on, all that has to be done to basically hand over their data is just a little check box in order to play the game, and we call that “meaningful consent”. Bill C-11 says that it attempts to fix that, but I will go over the exemptions.

“Exceptions to Requirement for Consent” states:

An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for a business activity described in subsection (2)

This is the list of activities in subsection (2) that are exempt from meaningful consent:

(a) an activity that is necessary to provide or deliver a product or service that the individual has requested from the organization;

(b) an activity that is carried out in the exercise of due diligence to prevent or reduce the organization’s commercial risk;

(c) an activity that is necessary for the organization’s information, system or network security;

(d) an activity that is necessary for the safety of a product or service that the organization provides or delivers;

(e) an activity in the course of which obtaining the individual’s consent would be impracticable because the organization does not have a direct relationship with the individual; and

This is the big one:

(f) any other prescribed activity.

I appreciate the Liberal members stating that this bill is an effort to get us to a better place around data privacy in Canada, but exemptions like that in the legislation need to be addressed. That is why our party talked about getting Bill C-11 to the industry committee to have a fulsome discussion of its good parts and of what needs to be fixed and strengthened. Sadly, the current government has decided to send it to the ethics committee instead of where it should go. Some of the audience today might understand why. Because of the government's many ethical lapses and failures, it would like to use up all of the time it possibly can with other legislation, such as Bill C-11. Only ethics violations should really be discussed at the ethics committee. It is unfortunate that this is going to be pushed to the ethics committee. My hope for legitimate changes to the legislation may be muted by a rush to get through it, and it may not be given due diligence, as many Canadians are expecting it should.

I want to thank the Canadians who have come to me over the years to talk about their concerns around the way our data is collected. Many years ago I coined the phrase that our online data is essentially our digital DNA. It is who we are online, and we need to do all we can to protect the information and data of Canadians. In this new era of social media being in the public square, we need to do our due diligence as legislators to make sure that it is protected as much as possible. Unfortunately, although the effort is laudable, this legislation simply falls short. That is why, from our perspective, we want to see it go to committee and hopefully changes can be made there.

There is an old saying: “Don't let the perfect be the enemy of the good.” I do not think we can call this legislation good quite yet.

I wanted to thank some of the guests we had before us. There has been some discussion that not enough has been heard regarding privacy and digital issues online, but we had countless experts from Canada and heard from experts around the world. We heard from Shoshana Zuboff and many witnesses at our International Grand Committee who really set the blueprint for what can be done with digital and data privacy. We have a way to make it better.

Our Privacy Commissioner made many suggestions. We see some of those in this legislation regarding increased fines and stiffer penalties for big tech if they misuse people's data or have lapses with that. However, the legislation still falls short. My hope is that it gets to committee so the committee can get a really good eye on it and have the chance to propose some fixes to those exemptions and other holes in the legislation.

I look forward to any questions.

Mr. Speaker, as we know, big corporate data privacy breaches are becoming more common every year, and Canadians are concerned about how the big tech giants like Facebook are collecting and using information. Privacy is now a household issue that really affects everyone.

My concerns are around the private rights of action, which would allow individuals and groups of consumers to seek compensation in court. This has been effectively used in the United States to remedy violations. However, it is unnecessarily so burdensome in Bill C-11 that it effectively makes it unusable. For example, if the Privacy Commissioner does not investigate and rule on a complaint, an individual has no right of action. If the Privacy Commissioner does investigate and rule on a complaint but the tribunal does not uphold it, the individual has no right of action. Additionally, if a two-year timeline is exceeded for whatever reason, individuals lose their right of action, basically making it a right only in theory but not in practice.

Does my colleague agree that the bill needs to be amended to fix this?

Mr. Speaker, it is an absolute honour for me to rise in the House to speak on behalf of the residents of my riding of Davenport. I am speaking in support of Bill C-11, an act to enact the consumer privacy protection act and the personal information and data protection tribunal act and to make consequential and related amendments to other acts. It is also known as the digital charter implementation act.

From the earliest days of my first run for office, the residents of Davenport have approached me to tell me how concerned they are about the security of their personal information. They are literally running after me in the streets to say that this is an issue of great importance to them. I can assure members that it is not just Davenport residents who are concerned. The Privacy Commissioner published a survey in 2019 that found that 92% of all Canadians were concerned about their privacy, with 37% of Canadians being extremely concerned. This means that nine out of 10 Canadians are worried about their privacy.

I know that the third wave of this pandemic is the most pressing issue for all of us right now, and rightly so, but it has not made our privacy concerns go away. Indeed, this pandemic has had the opposite effect, given that most, if not all, our lives have moved online, from work to worship to shopping to social gatherings. This is a front and centre issue.

Davenport residents are not comfortable entrusting all their data into the black hole of the Internet, managed mainly by big multinational tech giants. These companies have been operating with outdated regulations and limited transparency. As Canadians right now, we have no choice. We are all used to downloading apps or signing up for things online that come with long privacy policies and consents requests. I do not know about everyone else, but most of us do not have time to read all the online terms and conditions that are often in legalise and not easy to understand. That is why I am happy that Bill C-11 would require plain-language consent requests.

We are also too used to being peppered with targeted ads and content based on the websites we visit, with no consent or even knowledge about algorithms that track our actions. It is impossible to keep track of how our personal data and how our online actions are being used or abused, whether it is to misinform others or even more nefarious purposes like identity theft.

That is will I am glad that Bill C-11 is before the House. It marks a huge leap forward in our privacy laws. Canada must do all it can to protect the data of all our residents, and Canadians should know exactly how their data is used with maximum transparency. We should have the right to manage what data is kept online and what is deleted.

Canada must also keep up with the rapid growth of the digital economy, as hundreds of companies and organizations are now handling our personal data. Other countries have already acted on this. The E.U. passed the General Data Protection Regulations in 2018. Its rules require that other countries meet its standards to do business, to exchange data across borders. This means that if we want Canadian businesses to continue to have an edge in European markets, we have to modernize our privacy rules. It is imperative that we move now, as aggressively as possible, and for all these reasons, we must pass the digital charter implementation act.

What would the bill actually do? First, the bill introduces the new consumer privacy protection act that updates the old PIPEDA act, which was first passed in 2001. Second, the bill introduces the personal information and data protection tribunal act to create an oversight and enforcement body for the new privacy rules. Third, it would retain the measures of part 2 of PIPEDA under the new electronic documents act. The measures in the bill are built upon three key goals: consumer control, responsible innovation and strong enforcement and oversight.

Let me just touch very briefly on how the measures in the bill would meet each of these goals.

First, how do we give consumers more control? Bill C-11 would modernize consent rules and would require companies to ask for consent in plain language, which is great. The bill would also give Canadians the right to data mobility. That means they could direct one organization to share certain data with another for a specific reason. For example, they could direct their banks to share financial information with another bank.

Next, it would give Canadians the right to withdraw their consent for the use of their data. It would allow people to direct a company to delete whatever personal information it has about them, including on social media platforms, which would give control of personal data back to Canadians. The bill also clarifies that even information that has been de-identified is still personal information. Even if a company removes people's names from its data, this bill would ensure that the data still belongs to those people. It has to be protected, and companies need their consent to use it.

Finally, the bill requires transparency for use of algorithms and AI. It would give every Canadian the right to request an explanation of how and why an automated system made a choice or prediction about the individual. I am hoping that at some point, we are allowed to relay what companies can and cannot do with that information.

The second goal is enabling responsible innovation. We want our country to stay globally competitive, support innovation and unlock the potential of data to create incredible value and improve our lives, but we need to support that innovation in a way that guarantees the right to privacy. The bill would simplify consent rules so that companies are not burdened by seeking consent for every use of information, even when consumers reasonably expect it. This is good for business and also helps Canadians make meaningful choices. Rather that being bombarded by consent requests full of legal jargon, consumers will see plain language requests when it really matters.

Bill C-11 would also allow Canadians the choice to contribute their data for the common good. It would allow businesses to share de-identified data with certain public institutions to power social benefits like public health and infrastructure. Lastly, the bill would allow businesses to submit their codes of practice to the Office of the Privacy Commissioner to ensure they comply with the law. This kind of transparency and streamlined regulation is both good for businesses and good for Canadians.

The third goal is strong enforcement and oversight. With any new regulations, we absolutely need stronger enforcement and oversight. Indeed, I know that is something the Office of the Privacy Commissioner has long requested. What would this bill do? It would give the commissioner that power, including forcing an organization to comply with privacy laws and ordering a company to stop collecting data for personal information. It would also create the personal information and data protection tribunal, and the Privacy Commissioner could also ask the tribunal to impose fines. We would have the stiffest penalties in the G7. For small transactions, the fine would be 3% of global revenue or $10 million, whichever is greater, and for more serious violations, the penalty is up to 5% of global revenue or $25 million, whichever is greater.

I mentioned earlier that Davenport residents have been raising this as a concern to me for five years now. I have received a number of letters, so I want to pay tribute to all those who have written to me through the years to indicate that this continues to be an issue. I know they will be very happy to hear that we are moving forward on this legislation.

This bill is the first of many steps our federal government will take to protect Canadians' privacy and harness our country's potential in the digital age. Our current privacy laws were passed in 2001, and in 20 years the pace of change has left those laws badly out of date. We will need to keep doing more to stay on top of rapid changes, looking at both the threats and the opportunities. Davenport residents and, indeed, all Canadians demand that we continue to do all we can to keep our privacy and data security laws updated in a way that protects them, while still enabling data to be used for innovation and economic growth.

In 2019, we set out a vision for the Internet in the digital charter. That vision is of an Internet that serves the public good and guarantees certain rights, like the right to control and consent, the right to transparency and portability, the use of data for the common good and the need for strong enforcement and accountability.

I am proud that our government has introduced this bill to implement the digital charter and guarantee these rights to Canadians. We have seen big new challenges, and we have stepped up with real solutions. I ask all of my colleagues for the speedy passage of this bill.

Mr. Speaker, I rise on a point of order. There have been discussions among the parties and I hope you will find unanimous consent for the following motion: That, notwithstanding any standing order, special order or usual practices of the House, at 3:59 p.m. today, or when no member rises to speak, whichever comes earlier, Bill C-11, an act to enact the consumer privacy protection act and the personal information and data protection tribunal act and to make consequential and related amendments to other acts, be deemed read a second time and referred to the Standing Committee on Access to Information, Privacy and Ethics.

Mr. Speaker, I am certain that you will find unanimous consent for the motion that, notwithstanding any standing or special order or usual practice, at 3:59 p.m. today or when no member rises to speak, whichever comes first, Bill C-11, an act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other acts, be deemed to have been read a second time and referred to the Standing Committee on Industry, Science and Technology.

Mr. Speaker, I appreciate the question from my good friend.

This afternoon, we will complete second reading debate of Bill C-15, an act respecting the United Nations Declaration on the Rights of Indigenous Peoples. Tomorrow morning we will start with the debate of Bill C-6, an act to amend the Criminal Code (conversion therapy), followed by the debate at second reading of Bill C-12, an act respecting transparency and accountability in Canada's efforts to achieve net-zero greenhouse gas emissions by the year 2050 in the afternoon.

On Monday of next week, we hope to complete second reading debate of Bill C-11, an act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts. As all members are aware, at 4:00 p.m. that day, the Deputy Prime Minister and Minister of Finance will present the budget. Tuesday, Wednesday and Thursday will all be days reserved for budget debate.

Finally, on Friday, we will continue with second reading debate of Bill C-21, an act to amend certain Acts and to make certain consequential amendments (firearms).

I was trying to work my way through Mr. Barrett's stream of consciousness, so I'm not sure exactly where I found myself at the end of all of that, but I think it goes back to Mr. Fortin because it's his motion. If we are moving forward with new language on the motion, I think we want to have the law clerk.

The motion as it was, to me, is very straightforward. It is important for us to recognize that the witnesses that were called for by Parliament did not appear. That's a fact. That needs to be part of our report. Whatever further instructions we give the House, I'm uncomfortable moving at this point without the law clerk, so I'm happy with the original motion that we had, I think, which is the original six points.

If we're going to go with a further instruction to the House, I would like the law clerk to give an opinion, but I'm willing, if Mr. Fortin modifies his motion, to vote on it because.... I agree with Madame Shanahan. We've done a lot of work on this. We need to get this thing done. I don't want to go into next week and be still arguing about this, because we have other committee work, and we have Bill C-11 coming.

I think we're at the point.... I don't see any other witnesses, but it is incumbent upon us to remark that the witnesses we asked for did not appear. That will be in the report. That's something that we need to be able to say. If we can agree on the motion and move on, I'm ready to have that. If not, I'm willing to wait until we get [Technical difficulty—Editor] or advice.

Thank you very much, Chair.

I've been listening carefully on the question and answer...and I must say that there's not much new information coming forward. The fact of the matter is that we've been at this study going back to last year.

Viewers should also understand that there's a parallel investigation taking place right now by the Ethics Commissioner, who, by the way, in my opinion, has the most appropriate authority in looking into it. I look forward to his findings and his recommendations.

I was told in the beginning of joining my colleagues in Ottawa that committee work is non-partisan in nature, but more and more what I've been seeing is that it's similar to what's taking place in the House of Commons during debates and question period. It has really, I would say, threatened the work and the outcome of this committee.

I echo what Mr. Angus said earlier, that we have a very important study that is being stalled, quite honestly, by the Conservatives.

We all knew what the schedule of the committee was going to be. We have the Pornhub study. We are also anticipating Bill C-11 coming forward, which was mentioned earlier. Also, there is the new information that we may be able to get through our conversation or correspondence with Mr. Li. To me, that's the most productive part. That's the contributing part to the study that we're talking about today.

I don't know why the Conservatives are so addicted...or believe so much that they are going to gain their positive political objectives through this process of endless questioning. I haven't heard anything new that I haven't heard previously.

With that, since we have the minister here on behalf of the government, I want to clarify something.

First of all, Mr. Shugart testified that no one in the public service raised any red flags about WE Charity's financial well-being and resources before the CSSG proposal went to cabinet on May 22.

Did Mr. Theis see or hear about any red flags being raised about WE Charity's finances and resources? I think it was talked about previously, but the minister didn't get a proper chance to respond to that.

You're not really here for the Canada summer service grant, because you weren't there, but you are the director of the House, so when is Bill C-11 coming? I know it's going to upend all our work. Are you bringing it in a day or two days? If your Liberal colleagues are going to filibuster, I'm trying to fit my calendar in and see how long I have to listen to them before we get to the legislation. Could you tell us when we're going to get Bill C-11?

Madam Speaker, I am pleased to participate in the second reading of Bill C-11, the digital charter implementation act, 2020. I will be splitting my time today with the member for Davenport.

When Canada's privacy law was introduced in 2000, Parliament intended that it would achieve two objectives, which were privacy protection for individuals and the growth of electronic commerce. Over 20 years later, our government is introducing this legislation to provide an updated strategy for protecting privacy in our new digital world.

I have heard loud and clear from the constituents in my riding of Mississauga—Erin Mills, and they want to see strong privacy laws. These privacy laws not only protect consumers and help build trust in the digital marketplace, but with the consumer privacy protection act, a principled and agile privacy enforcement regime would create a vital safeguard as companies engage in the digital economy.

Today, I would like to provide further insight into a key aspect of the bill that will not only provide guidance for businesses for protecting individuals' personal information, but will also support responsible innovation. I am speaking today about provisions in the new consumer privacy protection act to formally recognize codes of practice and certification systems as a means of demonstrating compliance with the law.

A key strength of our current private sector privacy law, commonly known as PIPEDA, will be maintained in the new consumer privacy and protection act. That strength is a principled approach to rule setting. Our private sector privacy law applies to all organizations in all industry sectors of all sizes and levels of sophistication. This level of general application is crucial in order to establish a baseline of privacy protection that applies across the marketplace.

While comprehensive, this law must also be flexible, non-prescripted and technology-neutral so that it can be applied in all circumstances. These characteristics have long been recognized as a key strength of the existing law and there is widespread support for maintaining this approach. However, it is sometimes a challenge for organizations, especially smaller businesses without dedicated legal resources, to understand how to implement these high level obligations within their specific context.

For example, consider a situation where an organization is using a cutting edge technology which has not yet been the subject of a finding by the Privacy Commissioner or where an organization must handle complicated data flows with complex accountability, such as in connected and automated vehicles. These challenges are becoming more commonplace in a data-driven economy.

To help address these problems and to provide assurance to businesses and consumers alike, the consumer privacy protection act would allow any entity to apply to the office of the Privacy Commissioner for approval of a code of practice that provides a specific set of rules for how organizations can operate in compliance with the law. This approval would be particularly useful for organizations using a new technology or operating with a new business model.

This type of regulatory certainty is very much needed in today's rapidly developing economy. It gives organizations and their business partners a level of comfort that they are operating on the side of the law. It also supports a level playing field in areas where there is no jurisprudence or specific guidance for organizations. It also makes it more transparent to Canadians how their personal information is being used in these circumstances. To take it—

Madam Speaker, the member does tremendous work on human rights, whether it be for Canadians here or people across the world. I am going to quote from the Privacy Commissioner in response to Bill C-11's tabling. He said:

Bill C-11 opens the door to new commercial uses of personal information without consent, but does not specify that such uses are conditional on privacy rights being respected.... [T]he Bill essentially repeats the purpose clause of the current legislation, which gives equal weight to privacy and the commercial interests of organizations. In fact, the new purpose clause places even greater emphasis on the importance of the use of personal information for economic activity.

The previous speaker from Powell River talked about the public uses of information and getting the balance right. What does the member think about the need to have a balanced framework for human rights within Canada, particularly around economic ones?

Madam Speaker, in 2019, during the summer, I was very surprised to receive a text message on my government cellphone from a volunteer from the Conservative Party of Canada, asking me if I wanted to vote Conservative and to reply back via text.

Some members from the New Democratic Party and the Green Party would like Bill C-11 to apply to political parties. What does the member have to say about that?

Madam Speaker, it is a pleasure to join the debate this afternoon on Bill C-11. The bill raises important issues about the privacy of Canadians. It is legislation that seeks to reform aspects of our privacy framework in Canada concerning the use of Canadians' data. I look forward to the debate and the study that is going to take place at committee because I know this bill raises many important issues. It is a very technical area: Canadians will want to delve into the details, find out what the impacts of the provisions are and whether the bill would do the things the government says it would do.

I have some initial comments about the issue of privacy and some of the main threats facing the privacy of Canadians, but I also have a couple of comments on the provisions of the bill. It would provide the Privacy Commissioner with important new order-making powers, it would bring in fines and give individuals the right to demand that their data is destroyed. It would bring in some new powers and provisions for the privacy protection of Canadians, as well as for the Privacy Commissioner. These are some important things to look at, and some study of the details is required.

Certainly, the Conservative caucus is very committed to protecting Canadians' privacy and ensuring that the details all check out with what the government has claimed. I am looking forward to the depth of conversation that I know is going to happen and needs to happen on a piece of legislation in an important policy area such as this.

I want to flag some concerns I have in terms of the process of this legislation, as well as the broader framework of privacy in this country.

This bill was initially tabled in the fall and it has had very limited debate between then and now. It underlines the confusion we have about the government's legislative priorities. It looks very much like the government is trying to set itself up to complain about its legislation not passing by scheduling a bill for an hour here and an hour there, rather than having the kind of focus we would typically expect from a government that is trying to pass legislation. Generally, if a government identifies a bill as an area of priority, it will schedule that bill for enough time to be able to complete debate and then it will proceed to committee. However, today alone we have had an hour of debate on a pandemic election bill, and this afternoon we have gone on to a completely different topic rather than the government picking one issue to move the debate forward.

On a process point, the other thing that is interesting to me about this bill is the committee the government is planning to refer this bill to. The industry, science and technology committee has an important role in looking at the regulation of business, promoting business development in this country and so forth, and the minister who just spoke and is leading this discussion is the Minister of Innovation, Science and Industry, but will this bill be referred to the industry committee? No. Once this passes second reading, the bill will be referred to the ethics committee. The ethics committee has a mandate that includes privacy, but I note in particular that there is a lot going on right now at the ethics committee. It is doing important work trying to get to the bottom of the WE Charity scandal.

If I was cynical about the government's motivations, I would think it was interesting that it had decided to bring forward legislation and then refer it to the ethics committee, given the tradition we have in this place of legislation receiving priority at committee. However, we have critical issues of government ethics and scandal that we need to get to the bottom of. It looks like a manoeuvre to try to push the WE scandal off the agenda. It is very striking to see that the government has been so desperate to avoid discussion of its own ethical lapses, around the WE Charity scandal in particular, that it has done all kinds of things to damage its own legislative agenda simply to cover itself on the ethical front.

In fact, the government prorogued Parliament, going back to last summer. There was important information that was coming out as part of the committee studies that were going on in relation to the WE Charity scandal, and the government prorogued Parliament.

Then this issue comes back in the fall, and we are trying to restart the study of it. The government threatens to declare something a confidence issue in order to avoid having a separate committee that could study it. If we had a separate committee, this would not be an issue, right? If we had a separate committee that was looking at these various issues of government corruption, then we would not have an issue with seeing this legislation studied at the ethics and privacy committee.

However, with this renewed discussion and with new information coming out right now as well, we see the government bringing back Bill C-11. It makes me wonder if the House leader thought, “We want to kill this discussion of the WE Charity situation at the ethics committee, but we can't prorogue Parliament again, right?” I mean, I suppose they could, but it sort of gets more and more obvious what they are doing, so they thought, “Let's bring back this bill that we haven't done anything on in months and try to get it sent to the ethics committee.”

These are just more of the kinds of games, I think, that we see from the government. If it was serious about our being able to get to the bottom of these ethics issues as well as moving forward with this legislation, it would be a simple matter of either allowing the creation of that special committee to look at the WE Charity issue or having this bill go to the industry committee. Again, it just raises the question: What is the government trying to hide here?

The government's ethics failings are well known, and it seems the next step in its plan to avoid discussion of its terrible ethical record will be to call an election, a particularly extreme step to kill all of its legislation and shut down important discussions in Parliament on a wide variety of issues, including government ethics.

If we have an early election, of course we are not going to get anywhere on this bill, so hopefully the government will resist the urge to put politics and its own political interests first and instead focus on the kind of policy work that we are doing and are prepared to do in this place to move important issues forward.

In this speech, I want to also zero in on an important issue of privacy, that being the threat to Canadians from foreign actors who are trying to access our data and who are, in many cases, trying to interfere in Canadian institutions, trying to intimidate Canadians and potentially trying to steal intellectual property. In the interest of Canadians, we need to take the threat to privacy that comes from foreign actors very seriously. It is my view that the defining national security threat of our time is interference and intimidation in Canada by foreign state-backed entities.

I have had the opportunity to work with many Canadians who have themselves been direct victims of this kind of intervention, threatening their security and privacy. We had a press conference here on Parliament Hill when I launched Motion No. 55, which is a private member's motion that I am putting forward with respect to foreign state-backed interference and intimidation. We had four people participating in that press conference who were from different backgrounds, from different parts of the world originally, who are now Canadian. They shared their own stories of foreign state-backed intimidation, and all of them expressed frustration at the nature of the response. They felt they were being referred back and forth among different institutions and that we did not really have the capacity to support them effectively and identify who is really responsible for addressing these issues. Is it CSIS? Is it Global Affairs? Is it the RCMP? Is it the local police? Who do they go to? Who responds to it, and then what is the response from the government?

The response from the government has been quite weak. In the case of this minister who is now responsible for this legislation, we had many of these discussions in his previous role as the foreign affairs minister. I would ask him about what he was doing in response to the likely and in some cases very evident involvement of foreign diplomats in the interference with and intimidation of Canadians, and he would kind of look at the camera and tell the diplomats not to interfere in Canadian affairs.

It is great to say that, but we need to have a policy framework and a strategy in place to protect the privacy of Canadians when it is threatened by malicious foreign actors, which are often state-backed or directed actors.

It is with this in mind that Conservatives put forward an opposition day motion, which passed, calling on the government to put in place a comprehensive plan to protect Canadians from this kind of interference and intimidation. The government just failed to respond effectively to that.

My private member's motion, Motion No. 55, reiterates the call of that opposition day motion, but it also particularly focuses on the issue of support to Canadians who are victims. My motion is saying that we need to do more to support Canadians who are victims of foreign state-backed interference and that the federal government's approach to privacy in this area needs to involve cross-jurisdictional co-operation.

It also says the federal government should seek to work collaboratively with provincial, territorial and municipal governments on responding to foreign interference, recognizing we do see manifestations of this foreign interference happening at other levels of governments, such as efforts to capture elites, control institutions, misdirect funds to their interest, and so forth. We see those attempts at intimidation happening at other levels of government, and the response needs to involve effective engagement of those other levels of government as well.

This is another area where the government could be doing more, and needs to do more, to respond to this primary issue of our vulnerability in terms of national security.

In the midst of us saying the government needs a plan and a strategy on this, the simple thing it could do would be to take on this principle of first doing no harm. If it really recognized the threats regarding security in this area, the first thing it would do would be to just say no to Huawei, because we know there are threats to Canadians' security and privacy associated with Huawei being involved in our 5G network.

There is really no disputing the close relationship between Huawei and the Chinese state. We know all private organizations based in China have a high degree of vulnerability to influence and control by the Chinese Communist Party, such as the requirement to defer to party committees, the requirement that information be shared with the Chinese military, and the requirement to respond to requests by the Chinese military.

We know the vulnerabilities that exist across the board, but it is especially the case when we look at a company like Huawei. Clearly, there is a long-standing and very close relationship between the state and this company. Nobody else in the world has trouble figuring this out. Four out of five Five Eyes countries have understood the importance of saying no here.

Our own interests are at stake here, as well as the opportunities for ongoing effective co-operation with our partners, who see these risks. We do not want to be perceived in Canada as being a point of vulnerability. If we want to be able to maintain the levels of co-operation that are so important for our interests, we have to work effectively with our allies and give them reason to have confidence in us.

Yes, the government needs to have a comprehensive plan to address foreign interference and protect Canadians' privacy, but why not just start by doing no harm and saying no to Huawei. As well, the government has just been absent in answering these very basic questions when it comes to the involvement of Huawei in our 5G network.

Going back, we had a previous public safety minister, Ralph Goodale, who said that they would make a decision before the election. We are not talking about the election the government is planning now, we are talking about the last election in 2019. The government said there would be a decision on Huawei before that election. We probably will not see a decision on Huawei at this rate before the next election, or maybe even the one after it, if Liberals stay in government. If Conservatives form government, there would be a decision very quickly when it comes to Huawei, but the government has put it off.

The Liberals have continually said that the decision is coming. Part of our opposition day motion dealt with Canadian intimidation and privacy issues around foreign-state-backed actors. Our opposition day motion included the requirement that the government make a decision with respect to Huawei, but the deadline came and went. The Liberal government, by the way, has a track record of ignoring the motions that are passed by a majority of Parliament.

I think the Liberals' effort to create this narrative about Parliament is not working. The reality is that Parliament is generally working, but sometimes it does things they do not like. Sometimes the opposition works together to pass motions the government does not want to see pass. Sometimes the opposition puts an issue on the agenda and pushes it so much that many government members support it, as we saw with the Uighur genocide, even though the government abstains.

To me, that is a sign of a Parliament that is lively, that is working and that is doing its job because it is holding powerful people to account. That is a big part of what Parliament is supposed to do. The government wants to spin this narrative of Parliament precisely because it is working: it just does things sometimes that the government does not like. Some of that is borne out of the leadership of our party. Some of it is borne out of the very good co-operation that has been on display among the opposition parties.

The point is, we had a motion pass that called on the government to make a decision on Huawei and it still has not. This is a huge issue for Canadian security, for Canadian privacy and for the protection of our national interests at this critical time in global affairs. We are seeing heightened competition, and Canada needs to be clear and principled in terms of standing up for, and standing with, other countries that believe in freedom, democracy, human rights and the rule of law. Part of protecting the rule of law, of human rights, is emphasizing the importance of protecting the privacy of Canadians and excluding actors from our systems who we know will not respect that privacy: actors who say they have a legal obligation to provide data to a foreign military when asked.

Regarding Huawei, there is this issue of looking at the kinds of human rights violations that they and other Chinese-state-affiliated companies are involved in. We see, with the Uighur genocide, the technological enabling of human rights violations by companies such as Dahua and Hikvision: companies that the Canadian pension fund at one time invested in.

We are talking about the involvement of Huawei and other companies that are complicit in detailed monitoring, tracking and controlling. We see these horrific violations of privacy taking place inside China right now: horrific violations of privacy that are being enabled by the very companies that the government has not yet refused access to Canada. That should be a huge concern in any privacy debate we are having.

When the same companies are part of things like the social credit system, whereby individuals are tracked in terms of whether the government thinks they are behaving well, and their ability to travel and participate in events is determined automatically by algorithms based on intense monitoring and evaluation, a very Orwellian system is being brought in.

Then we have some of the actors who are involved in developing these kinds of technologies and deploying them. Those same actors are looking to do business here in Canada. That should concern us. The government needs to make some clear choices. It needs to decide where it stands on these issues and needs to start standing with us, in the opposition, who are taking a principled stand in defence of human rights, in defence of privacy and in defence of our national security. We are recognizing and responding to the very real threats that we see from various actors.

One of the other issues that I hope to see taken up at committee is people's privacy in terms of their intimate images, and some of the horrific abuses of people's human rights that we have seen perpetrated through the Pornhub platform. We have heard testimony at committee that people's intimate images, even involving minors, were posted repeatedly without their consent. That is another privacy issue that Parliament must act on urgently, without delay.

Madam Speaker, this is my first opportunity to address the minister since he has changed portfolio, and I cannot start without thanking him once again for the enormous personal effort at rescuing various constituents who were on cruise ships some months ago.

My question is, of course, on Bill C-11. I have read the commentary, as I am sure he has, of Daniel Therrien, our Privacy Commissioner, who is disappointed in Bill C-11's failure to ensure that privacy is recognized as a right. A rights-based approach would deal with a lot of the criticisms that will come up.

I know the government is taking the view that this is a constitutional matter and there are limitations, but the Supreme Court has made important comments on privacy. Is the minister open to changing this? I do not know if—

Madam Speaker, privacy is essential. Trust in the digital economy is essential. Together as parliamentarians we need to find the right balance for Canadians to be safe and at the same time have innovation.

I am so pleased that colleagues have worked together to bring in Bill C-11 so we can offer, as a legacy to future generations, a framework that they will be proud of, that will protect their information, that will spur innovation and that will protect their data, as they expect this Parliament to do in an age where the digital economy and the data economy are becoming more and more present in our lives.

Madam Speaker, Bill C-11 references innovation and the strengthening of privacy for Canadians. As he references in his comments, it is 20 years in business. How important is that in the modern-day world?

Madam Speaker, I thank the minister for his speech.

The Bloc Québécois thinks that strengthening privacy protections is a good thing. However, we are concerned about the massive number of fraud cases related to CERB. That is a government issue, but Bill C-11 does not apply to the government.

Does the minister not think this bill should also apply to the federal government? If not, what does the federal government plan to do to improve identity checks when people apply for programs?

Many members of the House have had to help distressed constituents who were the victims of fraud.

Mr. Speaker, the Privacy Commissioner indicated that there are concerns about Bill C-11's new commercial activity definition and consent rules. The concern is that it would open up the door to new commercial uses of personal information without consent. There seems to be an approach that people are suggesting, and it is to restore the language that was in place previously. Would the minister support such an amendment?

Mr. Speaker, I want to indicate that Jim Balsillie noted with regard to this bill that “the privacy bill fails to curtail [the] surveillance economy or protect Canadians” and that “The government's proposed legislation would not curb the mass surveillance or behaviour manipulation the tech industry currently engages in with impunity.” In fact, he specifically says that Bill C-11 demonstrates that the Liberal government is not fully aware of the power of the data economy and the impact it has on the lives of Canadians.

This is considered a fundamental flaw in the bill. What can we do in order to address this issue?

Madam Speaker, I am proud to continue second reading of Bill C-11, the digital charter implementation act, 2020. I am proud because our government set out to deliver an ambitious and comprehensive reform of Canada's framework for protecting the privacy of Canadians while fostering innovation amongst Canadian businesses.

That is exactly what we have done. There are strong imperatives for advancing this important package of reforms to our framework for privacy protection. Canadians deserve and expect strong protections, just as businesses deserve and expect clear rules of the road so that they can confidently deliver the products and services consumers want in an increasingly digital society.

Prior to my time in government, I spent 20 years in the business world. I know how critical trust and confidence can be in business: trust between manufacturers and their suppliers, between exporters and importers, and between businesses and consumers.

In today's digital economy, protecting personal information is key to earning and maintaining that trust.

In that spirit, Bill C-11 includes robust privacy protections for Canadians, and rightly so.

Harsh penalties could be imposed for violations. This new law will also provide a solid framework for businesses seeking to prosper in the digital economy. These businesses will be well placed to earn and keep their customers' trust, without compromising their ability to innovate and meet the demands of an increasingly well-informed customer base.

Bill C-11 seeks to strike the right balance between these imperatives and the need to boost Canadians' confidence in the digital economy.

There are important reasons to move forward with this legislation, and I hope all of my colleagues in the House will be supportive.

As we have noted in the previous debate and members are well aware, the consumer privacy protection act proposed in Bill C-11 would serve to bring Canada in line with other international jurisdictions. In particular, the CPPA would support interoperability of Canada's privacy regime with that of the European Union, a very important partner for Canada. I will speak more about the importance of that in a moment.

This bill would also support a strong and coherent national framework for privacy so that Canadians and businesses would know what to expect from coast to coast to coast. We are not alone in seeing the urgency of modernizing and strengthening privacy laws in the current environment. The provinces do, too. While Quebec continues to advance proposed new provincial legislation, Ontario and British Columbia are also considering new legislation or substantive amendments to their existing provincial laws.

Moving forward with our legislation now allows us to continue to provide leadership in this area and ensure a harmonized approach to privacy protection across our nation. This is really crucial for business and to encourage investment in Canada. It is also crucial to ensuring that all Canadians can have an equivalent level of privacy protection, wherever they decide to conduct business.

The past year has clearly demonstrated how fundamental digital and data-driven technologies have become in our economy and our society at large. Never before, as a society, have we been more reliant on secure, efficient and accessible technologies as a means of conducting a range of everyday activities.

As I noted previously, the foundation for such a robust digital and data-driven economy is trust.

Canadians have been clear in saying they want strong legal protections for their personal information, backed up by meaningful enforcement and oversight. They have indicated to us these principles are essential to their participation in the digital economy. Businesses also recognize this, and are seeking clear and consistent rules in this area.

Our previous legislation has served us well for almost 20 years, but the digital economy, as we all know, is constantly evolving and we must evolve with it. A modern privacy framework will set the right foundation not only for a post-pandemic recovery, but for many years to come.

I noted how important privacy protection is to the various levels of government, including the provinces and our international partners. The federal private sector privacy law is based on one key objective: bringing in national guidelines for organizations that do most of their business on the Internet, a global network that knows no borders.

We want to build a strong, innovative national economy. In order to get there, privacy rules have to be harmonized at the national level. Businesses and consumers are counting on the leadership of the federal government to set national standards in this area.

In the past few years, a parliamentary committee has examined the private sector privacy law, and I thank the committee for its work. During its study, many business representatives and experts underscored the importance of maintaining adequate protection under the European Union General Data Protection Regulation. We must ensure the free flow of data from the European Union to Canada. The same goes for data from the United Kingdom, whose data protection system is comparable to that of the European Union.

The European Commission clearly indicated that Canada had to make changes to its privacy protection regime to retain its preferred status. As a former minister of international trade and minister of foreign affairs, I can say that this is of crucial importance to Canada.

I am convinced that the proposed reforms to the personal information protection legislation for the private sector will help us attain this objective without giving up our singularly Canadian perspective.

My department's mandate for economic growth and development has required that we consider many factors when determining how to modernize and strengthen a privacy law that applies to the marketplace. One of the goals of Bill C-11 is for businesses to understand their obligations so they can build strong privacy protections from the outset in their business. Our current law and the new law that is proposed apply across sectors, businesses and activities. This means the bill must meet a diverse range of needs and be equally easy to follow for any line of work, particularly for small and medium-sized businesses. To achieve this we must first provide businesses with certainty and clarity regarding their obligations. That is why we are proposing to change the way the law is drafted.

PIPEDA, the framework that has been routinely referred to by the acronym, was based on a series of principles. The new law has translated these principles into clear legal requirements. We have also clarified the application of the act in a number of key areas.

Second, we must help businesses better understand how these obligations concretely apply to their activities and operations. The consumer privacy protection act would provide businesses with the opportunity to consult the Office of the Privacy Commissioner of Canada without fear of repercussions. Businesses would be able to fully understand the requirements and to comply before problems arose. The bill includes a framework for the recognition of codes of conduct and certification programs. These provisions will specify how the law applies in particular sectors or areas.

These measures are especially important for our small business owners. They need to be able to focus on what matters most: quality products, good customer service and growing their businesses, while having confidence that they are following the rules. We also need to make sure that we do not add unnecessary administrative burdens, particularly on those who may not have the time or resources to invest in complex legal analysis and advice.

Our approach ensures that fundamental protections are established and enforced in a way that is fair and accessible to all businesses, no matter their size. We must provide sufficient incentives for compliance to ensure a level playing field across the marketplace. In recent years, the Privacy Commissioner has called for a stronger enforcement regime under the private sector privacy law. Bill C-11 responds to this.

The Privacy Commissioner of Canada is at the heart of the Canadian privacy regime. The commissioner and his office help businesses understand the act and intervene to protect Canadians in the event of a breach. It stands to reason that the new legislation enhances the role and powers of the commissioner.

The commissioner already plays an education role, which will continue and be strengthened under the new regime. The commissioner will retain his key research and guidance role, as well as being assigned the new task of reviewing organizational privacy practices. The commissioner will also review and approve codes of practice and certification programs. This will give organizations and individuals confidence that personal information is being managed in strict compliance with the law.

Clear guidelines help to protect personal information and prevent breaches. This clarity is essential to the proper functioning of the privacy framework. The bill sets out harsh financial penalties for companies that break the law. The fines and administrative financial penalties are a clear demonstration of the government's commitment to ensuring the protection of Canadians' personal information.

That being said, such sanctions should only be imposed following fair and accessible proceedings. That is precisely why Bill C-11 also creates a tribunal to decide on these matters. This means that companies will not have to appear before the Federal Court of Canada. The tribunal will allow all parties to pursue remedies at a lower cost and in a more accessible manner. Over time, the tribunal will also develop a body of privacy jurisprudence.

Let me summarize the approach that the government has taken in modernizing our private sector privacy law. Bill C-11 acknowledges the strengths of our existing law, referred to as PIPEDA, in particular its non-prescriptive, flexible and balanced approach to privacy protection. It reinforces individuals' control over their personal information where it matters most, and it enables innovation.

Moreover, it introduces serious financial consequences for the most egregious behaviour. It ensures procedural fairness and recognizes the role of the federal government in regulating the economy, while respecting the important role that provincial governments also play in private sector privacy regulation. This is the continuation of a made-in-Canada approach that recognizes both the right to privacy and the needs of organizations to use personal information for appropriate purposes.

I am confident Canadians will agree that the law offers them the protection they are seeking, together with all the benefits that a growing digital economy can bring. I am happy to take questions from my colleagues.

Mr. Speaker, I thank my colleague and friend for his question.

This afternoon, we will obviously continue the debate on the opposition motion. We will proceed to the supply votes a little later this evening.

Tomorrow morning, we will resume debate at second reading of Bill C-19, an act to amend the Canada Elections Act, COVID-19 response, and then in the afternoon, we will study Bill C-11, an act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other acts.

I would also like to wish all hon. colleagues a productive and safe two weeks working in their constituencies.

Obviously, members have a lot of work to do in their ridings, but I hope they will take some time for themselves and spend some time with their families. That is important.

Madam Speaker, it is no surprise that I want to speak on this item, and not only in my new role. I and several of my colleagues have been discussing the conditions in long-term care homes and are outraged by them. My riding in particular was hit very hard, with over 70 residents passing away from COVID in the first wave at Orchard Villa, and we saw, even after the second wave, a continuation of our community members getting sick and dying.

We also saw the horrible conditions. My riding was one of the ridings that had the Canadian Armed Forces in their long-term care homes, and we had to read about the unbelievably deplorable conditions that our community members and elders had been left in. Families were feeling helpless and hopeless about being able to provide their family members with care and to be able to be there with them.

We had been advocating support for provinces and territories and for national standards in long-term care and talking about those needs, and those are things I continue to advocate to this day. I was really pleased, along with my colleagues, when I saw the Prime Minister in the Speech from the Throne recognize and acknowledge moving forward with national standards on long-term care, and then that was backed up again in the fall economic statement by providing a $1-billion safe long-term care fund.

Unfortunately, opposition members have been holding up Bill C-14—

Thanks very much, Chair.

I'm sensitive to the questions about what we're going to be doing next as a committee. As I previously stated, I think that the items dealt with in this motion can be resolved inside of a week. We dedicated the equivalent of 20 meetings to not doing anything except live through a filibuster. With respect, then, given the amount of time the committee has not been doing other things, it's not reasonable to say that the opposition is looking to rag the puck. These are germane questions.

The issue of the message with Mr. Chin reignites the questions that were raised about the origins of the Canada student service grant.

Mr. Theis and Mr. Singh were both revealed in the document release from last summer to have had contact. Mr. Theis was sent a message by Mr. Craig Kielburger with information about a suite of options with respect to programs that they could choose from. That was last May. The same is true of communication between Mr. Singh and the WE organization. Now we have the question about Mr. Chin and the WE organization.

We're not, then, starting the study over again; we're looking to resolve these questions. That can be done in one day. It could be done Friday of this week. We could have that response from PCO. It was offered many months ago, so I expect that it is prepared.

There have been some unexpected changes, particularly with respect to Mr. Shugart's legitimate absence from his role. Give them a couple of days to get that together. The document would have been created last spring, if it was created, so they could furnish the committee with it. The same is true of Mr. Lee's fulsome responses, following the letter that the committee has instructed the chair to write.

Concerning the question about Bill C-11, the committee hasn't received Bill C-11 from the House. Once that happens, there will be some urgency there, but there are other matters that the committee has expressed an interest in dealing with, and we can do so. As I said before, we could be moving ahead with those as early as next week, should we resolve this matter this week.

Ms. Lattanzio asked whether there would be a commitment that there would be no further questions. Well, sometimes the work we do causes more questions to be asked, but my intention is that we wrap this up, and I think that we can wrap it up with hearing from these witnesses and getting the information we're requesting. Then we can provide instructions to the analysts. I think that's very reasonable.

As to the clarification that can be provided by these individuals to the committee in answer to the questions, yes, sure we could write a letter. If we're doing this in the interest of saving time, however, and are writing letters to three different individuals, and then they write back to us, and on and on, we're not going to have this wrapped up in short order. We'll be dealing with it in June. That is not an outcome I would prefer, and I expect, based on the comments of my colleagues opposite, it's not the outcome that they prefer.

The most expeditious way for us to dispose of this study on pandemic spending and potential conflicts of interest is to just call the witnesses, as we normally do. We made an exception to this practice by writing letters with respect to an individual who is on medical leave. Now I think we should return to business as normal: we call the witnesses. That is why those witnesses specifically are being referred to.

We're not looking to have people reappear, we're not asking for the Prime Minister to come to this committee, and we're not asking for his chief of staff. We're looking for three very specific people based on correspondence and communication, and the evidence of that communication contradicts what we heard previously or evidence in other committees. The multiple communications between Mr. Singh and the WE organization, the communications between Mr. Theis and one of the founders of the WE organization, and the question with respect to Mr. Chin, if he's appearing and has no other information to offer, would be a pretty quick panel for us to dispose of.

We can do that and in the interest of time we can vote on this now. We can give our instructions to the chair and we will be off to the races and hopefully concluding this work, reporting it to the House and moving on to the many other important subjects this committee has decided it would undertake.

Mr. Chair, my colleague, Parliamentary Secretary Fergus actually stated what I was going to say in reference to MP Angus' earlier comments about landing on a spot that we can move forward from to tackle Bill C-11, which I know is important to many colleagues, and to finish up the MindGeek/Pornhub study we're doing.

Thank you, Chair.

Thanks for everybody's work on this and getting to a point where we need to get to in order to move on to Bill C-11 and, actually, to be very blunt, to move back to the Pornhub/MindGeek study we are doing that is receiving a lot of attention from concerned Canadians. I think it behooves us to, as quickly as possible and as prudently as possible, get back to those very urgent matters for my constituents and for yours as well.

On this motion that's been put forward this morning, I would like to move a subamendment. I'm going to ask the clerk that the following be struck and that the following be inserted.

In terms of the material, I would like to see struck the following:

and in light of revelations stemming from Craig and Mark Kielburger’s testimony of March 15, 2021, the Committee do call for Ben Chin, Rick Theis, and Amitpal Singh to appear before the Committee at a date and time determined by the Chair but no later than one week following the adoption of this motion.

In place of that, I would like to have the following inserted: “and that the clerk write to Mr. Ben Chin and ask him to provide in writing that the only communication he had with the Kielburgers was the already public LinkedIn communication, and the clerk write to Mr. Shugart to determine when the document he agreed to provide to the committee will be forthcoming.”

Thank you, and thank you to my colleague for this motion.

I'm certainly interested in it if there's a due diligence report. I don't have a problem looking at it. The issue of due diligence is something that has been important from the get-go.

As for Mr. Shugart, he is off. He is, I believe, taking medical treatments, and I don't think it's fair to ask him to come back. Mr. Shugart did testify last summer. He testified for a good period of time. I was at those hearings. If we asked him now, I don't believe Mr. Shugart would give us anything different than what he gave us then. I don't believe there is anyone else at Privy Council who has stepped in to replace him who would be helpful, because it was under Mr. Shugart's watch. If there's an issue of a due diligence report, I'd say let's just add it to the list.

I hope we can get these things settled, my friends, because we know the Liberals are going to be bringing out Bill C-11, which will upend all our other work. That's going to be coming soon. We also have to finish the Pornhub study. There are a lot of people watching that. We have agreed to the facial recognition study, which I think we need to get to.

I'm really adamant that we have to get this WE report to Parliament. We've been on this for a long time. If there are other documents that could add to it, I think it's time that we actually moved on it. As much as I appreciate Monsieur Fortin's intervention, I don't see that this is an emergency issue that suddenly came up out of nowhere, because it's testimony from eight or nine months ago. If there's a report, I'll take it, but I'm not interested in having Mr. Shugart come at this time.

Gentlemen, I have a number of questions for you. I have taken a breath and I am fully aware, as a legislator, that we have a huge responsibility when it comes to protecting personal information.

Bill C-11, which seeks to protect digital privacy, will be before the House shortly. While we have good intentions, fraud is on the rise. In the Internet age, there is clearly a loss of control. This is our job. I'm going to stop lecturing and I'm going to ask you some questions.

Here's what I understand. An individual who wants to do business can use your system and share content using Viewshare mode. The more views there are, the more revenue they will get. So they can upload content to the site, but that content can be removed quickly, at least that's the way it used to work. In the meantime, some individuals may have already downloaded the content, and may be able to edit it under a false name. For some reason, your high-tech Safeguard system cannot identify those individuals. If that content has been viewed a number of times, it could end up on the platform, even if it has been removed, for any reason that does not comply with the conditions.

Am I to understand that uploading and downloading is a big problem with your model?

Madam Speaker, I know that local content is a big concern all across the country. I think I addressed that well in my speech, particularly the tone and thrust of our content, as well as the perspective from which it is being brought to us.

I know that my hon. colleague shares my concern around just who is bringing this content to us and what kind of content is being produced. That is an important piece. At the ethics committee right now we are having the executives of Pornhub show up, and in the managing of that content I would like to ensure that the privacy of individuals is protected. I know that the government has introduced Bill C-11 as well for that, and I look forward to seeing how these two bills interplay to protect Canadians online.

Colleagues, have a very merry Christmas.

There is no agreement in regard to virtual meetings, so our next meeting will be when the House sits again.

Take the time to have some rest. Obviously, we're going to have some back-and-forth emails in regard to the upcoming Bill C-11. I welcome that as well.

Be safe and spend some time with your family, at least as far as the local laws permit. We'll see you back in 2021.

Merry Christmas and a Happy New Year.

Thank you so much.

I thank my colleague for stepping forward with this motion. I had been looking at this issue as something that we maybe would have looked at under Bill C-11 in terms of privacy rights.

The shocking news that we've seen—and shocking news internationally that has come out—is that Canada is home to a company that has been accused of hosting child pornography, revenge porn and non-consensual acts that have destroyed lives. It is something our committee needs to take very seriously. I think we need to bring in the owners of Pornhub.

I think we need to find a way to allow some of the survivors of this horrific abuse to speak to us if they're willing. If that's the case—and we don't have to debate that now—perhaps we could provide a safe forum where they could testify if they don't want to testify in public, so that they could provide that testimony to us. We should make that offer so that we know what the real-life impacts are.

Another issue that concerns me, a broader issue that Mr. Erskine-Smith and I dealt with to some degree in the last Parliament, is the safe harbour provisions. The safe harbour provisions allow large tech giants to be legally absolved from some content that is extremely destructive. In the past, we dealt with content that was extremist, racist and violent, content that has led to people being hurt and killed in other jurisdictions, but under the safe harbour provisions, you have to go after the person who posted it, which is not always easy.

If we had no safe harbour provisions for sites that post sexual violence and attacks on children and they were liable, that content would be down immediately, and it wouldn't get up there to begin with.

I think our committee can look at this issue. I don't think it needs to be a big study. I think we need a study that reports to Parliament. We could do this in a couple of meetings. Urgency is important. We need to vote on it today so that we're ready in February to deal with it. I would like to suggest two meetings and then a report. We could have more meetings if needed.

This is the kind of thing that our committee needs to be able to report on to Parliament with recommendations that we can move on very quickly.

As for Mr. Erskine-Smith's other suggestion about January, I certainly am very interested in talking about witnesses for Bill C-11, because I think this is going to be a very important study. I'll make myself available as long as we're not.... Maybe more informally, as a subcommittee, we could just talk through some of this and find a way to get ourselves oriented for February.

Those are my comments. However, I'm definitely ready to vote on this motion now.

Thanks very much.

Before I move the motion, I have spoken to Michael and also briefly with Charlie. I have not had a chance to speak with my Bloc colleague.

In relation to Bill C-11, I'm not going to move any motion on Bill C-11. I just hope that we have a common understanding. As we head into the new year, I hope to be a more permanent member of the ETHI committee when Bill C-11 will ultimately be referred to us.

Just so that we take advantage of January as much as we reasonably can, there needs to be a broad consensus that we'll work off-line to develop a work plan and witness list. We can then hit the ground running in a collaborative way when we get back. I just want to put that out there, and I hope there is broad consensus for that.

Specifically, you all have noticed, and I think we have all read, the horrifying stories in relation to the failure of Pornhub and MindGeek to take down illegal content in a timely way, and that has seriously damaged lives. Women's testimony in media reporting has indicated very clearly that they have not been able to come back to living a normal life because of the damage of those videos and the images that have been shared.

As I provided notice, I move:

That the committee call representatives of Pornhub / Mindgeek, namely Feras Antoon and David Tassillo, to explain the company's failure to prohibit rape videos and other illegal content from its site, and what steps it has taken and plans to take to protect the reputation and privacy of young people and other individuals who have never provided their consent.

Mr. Speaker, we live in a country where the right to privacy is fundamental.

Today's youth are vulnerable, and some are victims of traffickers who post content online without consent. Bill C-11 could be amended to protect personal information.

Is the Liberal government prepared to protect these vulnerable members of our society?

Thanks, Madam Chair.

Anthony, you probably recall that, when you attended our privacy committee before, we had a conversation about data portability. It hadn't been in the competition commissioner's early reports, but I know that you have taken data and privacy issues much more seriously now. I think as a consequence of that, we now see it in Bill C-11. I just want to thank your office for that.

When it comes to the Facebook agreement, which I think is also good news, that consent agreement and a $9-million fine with $500,000 also to reimburse the commissioner for costs.... When we look at the States and the fine of $5 billion, even when you adjust for population here in Canada, it would still be significantly more in terms of a fine in the United States than we saw in Canada.

Can you speak to the capacity of the competition commissioner to levy those fines and why it was one-fifth of what we saw when you adjust for population?

I'm finding this very informative. Thank you for being here today.

I want to come back to the discussion related to the dominant tech players, particularly the giants—we're seeing organizations like Amazon, particularly, coming into the market—and the use of data. I know you said you will be reviewing Bill C-11, but I wonder, with that kind of dominance and that control and use of data, if we should be concerned that there aren't enough teeth in your act or in Bill C-11 to deal with things like customer lists. This is stuff that's proprietary and that could really put at risk smaller Canadian companies, small businesses that are using what they think is a service provider but actually could quite likely be a competitor.

Okay. Thank you.

The federal government, as you know, recently introduced Bill C-11 for the protection against commercial exploitation of personal information and the establishment of a data protection tribunal. Clause 14 of this bill would notably amend the Competition Act to facilitate co-operation between the Competition Bureau and the Privacy Commissioner.

How does this bill affect your activities, if Parliament enacts it in the near future in its current form?

I completely agree with you. It's a significant issue, and actually made far worse with the pandemic. Given that market dominance, it has increased significantly.

Has your department spent much time reviewing the provisions within Bill C-11 on data privacy and some of the data regulations? Are the definitions strong enough? Have you done a thorough review? Can you share with us any opinions you might have, either right now or by following up with something in writing?

Mr. Speaker, that question was really well put, probably the best question today.

This afternoon, we will continue debate at second reading of Bill C-12 on net-zero emissions. This evening, the committee of the whole will study the votes under Department of Health. Tomorrow and Monday, we will be debating Bill C-7 on medical assistance in dying.

We hope to complete third reading of Bill C-7 on Monday to give the Senate enough time to pass the bill before the court-imposed deadline of December 18.

On Monday afternoon, at 4 p.m., the Deputy Prime Minister and Minister of Finance will deliver the fall economic statement in the House of Commons.

Tuesday and Thursday shall be allotted days.

On Wednesday, we will resume debate on Bill C-12, the net-zero legislation.

Lastly, next Friday we will resume debate on Bill C-10, concerning the Broadcasting Act, and Bill C-11, concerning personal information protection.

Madam Speaker, it is a great pleasure to speak to Bill C-11 today.

This is an extremely important subject that concerns the security and protection of all citizens' personal information. As my colleague already clearly stated, over the past 10 years and during the current pandemic, there have been a multitude of phishing scams via telephone, the Internet and online shopping platforms, which are increasingly popular.

I believe that Bill C-11 is timely and will correct major problems that we have been seeing for some time in different areas. For example, there have been cases of bank fraud, notably at Desjardins, and the federal government has also been affected. I know that the bill does not apply to the federal government, but this issue remains a very serious concern.

Take, for example, a situation that has occurred in my riding of Terrebonne. For the past month or so, we have been seeing a whole host of complaints related to the Canada Revenue Agency, from people whose identities were stolen by fraudsters who claimed CERB cheques in their name. This shows that there is a gap at the government level, which is very interesting.

I understand that we need to look at what requirements should be established for banks and e-commerce, but I think that there may be some aspects of the bill that we could rework. We are only at debate at second reading for this bill, which means that the bill could be amended and improved to give it more teeth, make it more robust and ensure that it is more responsive to the various threats that could arise in the future. Since we are essentially talking about technology here, the new law should be able to adapt its mechanisms to the changes in technology that will occur in the coming years.

However, there are a number of troubling issues that the bill does not address. For instance, metadata is not included in the bill. I am not an IT expert, but metadata is something that we see regularly. For example, if we spend a few minutes on the Internet searching for a camp chair, it is not unusual to then see ads for various types of camping equipment.

That is worrisome because metadata can be used to target specific individuals. When a group of individuals is targeted, there is a risk of more targeted threats or cyber-attacks. That is why I think it would be a good idea to improve the bill by addressing the issue of metadata.

The federal government, and the Canada Revenue Agency in particular, has quite a lot of work to do on matters of identity theft. The CRA's mandate is to manage revenues on behalf of the Canadian government.

However, what happens in the case of computer fraud as a result of identity theft? In that case, it becomes more a matter of public safety and national security. In many cases, fraud and identity theft, particularly in the banking sector, are committed from abroad using fairly sophisticated electronic means.

Once again, I am not familiar with the mechanisms used to investigate these predominantly computer-based threats or to protect us from them.

I am also referring to the recent debate we had—and I do think this is related—on 5G networks in Canada, in terms of the technological means that will be deployed over the next few years to protect the IT infrastructure itself from all threats and foreign influences.

In some cases, the threat might involve political or public influence. In other cases, it could literally be individual hackers from around the world who use technology, including 5G networks, to circumvent security mechanisms and break into various systems to steal identities and the personal data of the various citizens that we are meant to protect.

It seems to me that the general intent behind Bill C-11 is a worthwhile one, crucial even, as I said in my opening remarks. However, we also need to tackle the technical side. I get the sense that some issues were not considered from all angles so as to ensure that the bill reinforces the back door as much as it does the front door.

Once again, protecting online identity is the most tenuous aspect, and we are trying to rectify that here. I am concerned about a number of aspects of the authentication mechanisms, because that is really what this is about. Currently, many banks, institutions and businesses use a variety of platforms to secure and protect the identity of online customers and consumers.

As a few minutes on the Internet will show, private online commerce companies use many different authentication platforms and mechanisms. It might be a good idea to consider using the bill to standardize those online transaction authentication mechanisms, but the government seems unwilling to do that in the current version of Bill C-11.

The government wants to have companies and financial institutions take on more of the control, responsibility and obligations of protecting personal information. The government should, however, set out some very specific measures in the bill to ensure that all companies can shoulder this responsibility. Not every company has the financial means to set up robust data protection mechanisms. I therefore think that the government needs to set some statutory requirements.

As my colleague from Abitibi—Témiscamingue pointed out earlier, a lot of small merchants and businesses do not have the financial means to improve or modernize their technology infrastructure. This issue may also need to be addressed in the comprehensive approach we are advocating today.

There is the whole issue of jurisdictions. Quebec's jurisdiction over civil law and consumer protection plays an extremely important role. We know that the laws are confined to the jurisdictions for which they were written. This is not just a Quebec and Canadian problem, but also an international one. By the way, I think it will be necessary for the government to define very clearly these famous control mechanisms and make solid political and governmental choices in connection with the new information technologies that will crop up here at home.

That is essentially where this will play out. We cannot give a foreign government control over telecommunications and computer infrastructure. It is extremely important. We are wading into another field, but to be able to protect our constituents we have to ensure that our infrastructure is not threatened by other countries or by foreign nationals, such as the hackers I mentioned earlier.

Then we have to find some form of standardization to help ensure that clients or consumers are protected during online transactions. Let's not forget the entire issue of metadata, which are a formidable tool for any bad actor wanting to target and attack groups that are more privileged or more vulnerable.

In conclusion, the federal government must ensure that Canadians can be guaranteed, in all circumstances, that a consistent international standard will be rigorously applied, and that it will be possible to efficiently identify any and all fraudsters. Identifying fraudsters has always been a problem, and the Canada Revenue Agency could speak at length about this in committee.

Madam Speaker, I am honoured to be sharing my time with the member for Terrebonne.

I am pleased to rise to speak to the fundamental issue of the protection of privacy.

Since March 2020, Quebec business owners have been hard hit by the negative economic impacts of the COVID-19 crisis, namely the lockdown, the closures, the health measures, the labour shortage and the drop in consumption.

SMEs in Quebec have received assistance in the form of tax credits from the Government of Quebec and the Government of Canada to help mitigate these negative economic impacts. Now more than ever, SMEs are struggling under a burden of debt and many of them may never recover. At this difficult time for Quebec's social and economic life, I am worried about Quebec's SMEs, and particularly the small business owners who do not have the time or money to get bogged down in a data protection program that, in some cases, will have to take into account a number of Quebec and Canada laws.

By amending the Privacy Act, the Government of Canada is creating a number of problems for Quebec's SMEs because of legislation adopted by two governments, the Government of Quebec and the Government of Canada. Depending on whether their economic activities extend beyond Quebec's borders, it is very likely that Quebec's SMEs will not know which law governs their data protection plan.

The new federal law proposed in Bill C-11 will have real teeth, which means that Quebec's SMEs are likely to suffer, unfortunately. I am scared to think how this bill will affect Quebec's SMEs.

The pandemic is forcing many retailers to shift to online sales, the kind of electronic commerce referred to in the bill. In his speech to the House this morning, the Minister of Industry acknowledged that the protection of personal information is essentially a provincial responsibility and a matter of civil law. He said his bill respects provincial jurisdiction, but a closer look at the text reveals that to be not quite the case.

It is true that Bill C-11 applies to all federally regulated businesses. However, businesses that are not federally regulated, which describes the vast majority of companies and virtually all SMEs, are not really excluded from the scope of the bill.

The minister can exclude them if the province has substantially similar legislation, as is the case in Quebec, but he cannot exclude them entirely. In fact, he can exclude them only “in respect of the collection, use or disclosure of personal information that occurs within that province”.

Imagine the mess: a Quebec SME will have to comply with the Quebec law if the information does not leave Quebec, but it will have to comply with the federal law if the information does leave Quebec. Information collected from one customer will be subject to two different laws.

Which law do Visa card payments fall under? Does it depends on which territory the Visa server is located in? This seems unenforceable to me. If a business is covered by the Quebec legislation on data protection, that should apply to all its activities, not just half of them, as it would under the bill as currently worded.

Furthermore, Quebec laws are also adapting to the reality. We must recognize that the federal government's bill represents a step forward, because the current legislation has no teeth. Under Bill C-11, a privacy commissioner could establish the specific practices to be adopted in accordance with the principles set out in the legislation. A privacy commissioner would have order-making powers to force organizations to comply with those principles.

Under Bill C-11, a citizen could file a complaint with a tribunal. The privacy tribunal will also be able to impose significant penalties of up to 3% of a multinational's global revenue for non-compliance. In short, the major difference between the law and the bill we are debating, is that the bill's mechanisms are more favourable to citizens when faced with an organization that misuses digital data.

This bill fails to address the important issue of online identity protection to prevent fraud through identity theft, especially when Canadians engage in financial transactions. Bill C-11 does nothing to ensure that financial institutions in Canada verify someone's identity before authorizing a transaction, which exposes Canadians to fraud. Even the federal government has failed to properly verify a person's identity before authorizing an electronic transaction.

I would like to share an unfortunate incident that happened to one of my constituents. This summer, a young man was a victim of identity theft and wound up having to defend his reputation to the Canada Revenue Agency and another financial institution. It was my own office manager who, while talking to a federal official on the phone, realized that fraud had taken place. My office manager took charge of the case and helped my young constituent navigate the unpleasant process that lasted weeks. There was a police investigation and all kinds of documentation. There were numerous discussions with a financial institution and government officials. He had to go to great lengths just to prove that a fraudster had stolen his identity and to defend his reputation to a financial institution and the Canada Revenue Agency.

It was weeks before this young man was able to access the Canada emergency student benefit he very much needed. That is not exactly the kind of introduction a young adult should have to dealing with banks and governments. This whole situation happened because the government did not take the time to verify the identity of the CERB applicant.

The government needs to set an example and take immediate action to combat identity theft. This is a serious problem. Bill C-11 contains some privacy mechanisms, but there is no mechanism to verify the identity of users or consumers to protect their personal information.

I remind members that private information falls under the umbrella of property and civil rights, which is a provincial jurisdiction, as set out in the Constitution. Quebec is in the process of modernizing its act. Unfortunately, it is difficult to assess right now how the federal act and the Quebec act will interface.

However, the Bloc Québécois foresees some problems, and we do not want these problems to affect small businesses in Quebec, which, I remind members, are struggling as a result of the economic issues associated with the COVID-19 crisis.

SMEs carry a heavy debt load at times. Any additional weight on the shoulders of Quebec entrepreneurs is becoming harder and harder to bear. Considering the potential administrative nightmare that could result from how the federal legislation intersects with the Quebec legislation, I would ask that Quebec SMEs be exempt from Bill C-11.

Simon Marchand, chief fraud prevention officer at Nuance Communications, is a certified fraud examiner, a certified administrator and an expert in biometrics and security. He appeared before the Standing Committee on Industry, Science and Technology on May 20. We were discussing fraud-related topics. He mentioned that in the context of COVID-19, telework was a risk factor. This is especially true when it comes to customer service.

All customer service agents who normally work in call centres now work from home, in an unsupervised environment. These agents have limited resources, but now have the opportunity to access sensitive consumer information, whether it is data on their assets or information that could be used by anyone to impersonate someone else.

A second factor is the socio-economic reality, which will no doubt put pressure on many households. When it comes to internal fraud, we know that pressure and opportunity are the two basic factors that drive an employee to go against their employer’s interests and commit fraud.

Some areas have seen a 600% increase in the number of phishing scams involving COVID-19; attachments, links to websites and other methods are being used to lure victims. Fraudsters will be able to get their hands on vast amounts of consumer information, which they will not use in the next few weeks. Rather, they will wait six to 18 months before opening up accounts, taking out financial products and acquiring products from telecommunications carriers. That is what this bill is all about. It provides a modicum of protection, which is a good thing.

In terms of accountability, Simon Marchand said:

I think, though, the focus should be on accountability and the responsibility companies have in relation to the information they use to deliver services.... it calls into question the bank’s responsibility, which is protecting that information.

The first benefit of accountability will be to give the government a clear picture of the situation. It will know exactly how many victims there are, and it will be able to direct measures accordingly to strengthen security, particularly in banks and telecommunications companies.

This will put a burden on businesses, which will have to file reports, but this burden is not unreasonable, since the data they have is already known. All they will have to do is provide them to lawmakers or to a government-supervised body that can present these data more broadly and anonymously so that members of Parliament can access that information and know exactly what is going on in Canada.

This is an important step, because if there is a leak, companies must tell individuals what information was exposed and the risk of harm from the leak. That is what the bill does, and it is absolutely fundamental, because that is a risk that we run.

In conclusion, the lack of accountability for federally regulated businesses is a problem with the current legislation. There is currently no overall picture of how many people are actually victimized by having their identity used once it has been stolen. I am therefore pleased that the federal government is taking greater responsibility and beginning to act by introducing this legislation.

Madam Speaker, I want to thank my colleague for all his clarifications on Bill C-11.

However, I would like to take him in another direction. Quebec is also currently studying proposed legislation, Bill 64, which would provide increased protection for personal information and is heavily based on European law.

I am wondering if the government considered how these two laws will work together, to avoid the confusion that any overlap would cause for the consumer.

Madam Speaker, it is a pleasure for me to stand and resume debate on Bill C-11, now at second reading, on the consumer privacy protection act.

This act, which replaces private sector privacy protections under the Personal Information Protection and Electronic Documents Act, PIPEDA, places consumer protection at the forefront in order to ensure Canadians have confidence in the digital marketplace and can trust that businesses are handling their personal data responsibly.

It is important in an era of global online commerce for Canada to put in place a privacy standard that offers consumers increased control over their personal information as they participate in a modern digital marketplace. The act also includes important changes to enable and support innovation in an increasingly digital marketplace.

Today I will be speaking about how our government is supporting business and protecting Canadians' privacy as they actively participate in the digital economy. Our government is working to establish an enhanced privacy framework where consumer protection is strong and where businesses are supported in their efforts to innovate in a rapidly changing digital landscape.

Bill C-11 makes important changes to the privacy framework for Canadians. It sets out enhanced measures for Canadians to ensure their personal information is protected and it enables new rules and mechanisms for industry in a way that promotes innovation in a digital world.

We understand the need to ensure the privacy of Canadians is protected. There is also a need to ensure that Canadian businesses have the supports they need to grow and prosper in a global marketplace that runs on digital technologies and data. These changes come at a time of great change, not only in terms of rapid advances in digital technologies, but also at a time that is critical for business to adopt and innovate in a digital world.

The need for digital solutions in our daily lives has become essential in the current pandemic environment. In a time when physical distancing has been so important, consumers want solutions that give them access to the products and services they need and firms need to keep doing business and set themselves up to grow.

For many, digital solutions have been the answer. However, we all recognize that new technologies are providing companies with vast amounts of personal information, data that is essential to making business decisions and offering new services to customers.

Innovation and growth are critical, but we must stand up for Canadians and ensure that this innovation happens in a responsible way. Today, I will be outlining the key elements of Bill C-11 that enable responsible innovation done right in the Canadian way.

One of the goals of PIPEDA, our current law, has been to ensure companies are able to handle personal information to meet their legitimate business needs and do this in a privacy-protected way. To achieve this dual objective, PIPEDA's framework is principles-based and technology neutral. This framework ensures that the law continues to apply even as technology has undergone rapid change. The CPPA retains this approach, continuing the success of a flexible and adaptable privacy law in the Canadian private sector context. We all recognize that times are changing rapidly.

To better reflect the realities of the digital economy and to continue the emergence of the new big data technologies and artificial intelligence, the CPPA has a number of provisions that support industry moving forward. The bill would create a level playing field for companies of all sizes. It does this by reducing administrative burdens, critical for the vast number of small and medium-sized enterprises in Canada so essential to our economy.

It introduces a new framework for personal information that is de-identified. It establishes new mechanisms likes codes of practice and certification with independent oversight by the Office of the Privacy Commissioner. It addresses data for research purposes or purposes deemed to be socially beneficial.

I will outline how the bill would do it all. The bill before us today includes a new exception which is consent to cover specified business activities. The goal here is to allow Canadians to provide meaningful consent by focusing on specific activities that involve real choice. This is critical to avoid blanket consent agreements or the long, multi-page contracts that no one reads.

It would also reduce the administrative burden on the business in situations where an individual's consent may be less relevant, such as a company's choice of a third party service provider for shipping goods. The customer wants goods shipped and the company should have the ability to make this happen. The law should not add extra burden to fulfilling the service.

Therefore, the bill provides for new regulations to be developed for prescribed business activities, and that introduces the concept of legitimate interest in Canada's privacy framework. This is something that industry has asked for and the government has answered in Bill C-11.

Second, we are better defining and clarifying how companies are to handle de-identified personal information, that is, personal information that has been processed and altered to prevent any identification of a particular individual. The bill would allow organizations to de-identify personal information and use it for new research and development purposes. Businesses must undertake R and D to improve their products and to offer customers the new and leading-edge services that they are looking for. This provision would give businesses the flexibility to use de-identified data for those purposes, adding value for customers and firms alike.

The law would also allow organizations to use data for purposes of the public good, specifically by allowing companies to disclose de-identified data to public entities. Such disclosures are only allowed where the personal information cannot be traced back to a particular individual and there is a socially beneficial purpose, that is, a purpose related to health, public infrastructure or even environmental protections. This kind of provision would protect individuals while ensuring that we use all the tools at our disposal to address the biggest challenges of our time.

Included in the bill is a clear set of parameters for institutions, such as hospitals, universities and even libraries, that would seek to receive personal information for a socially beneficial purpose. These parameters would help to clarify the rules of the road in a new and important field.

These new provisions would also permit organizations to share more data in a trustworthy manner. This would allow the private sector to work with different levels of government and public institutions to carry out data-based initiatives in a privacy-protecting manner. By taking this approach, the bill accommodates emerging situations where collaboration between public and private sectors can provide broad public benefits, while at the same time retaining the trust and accountability we demand and deserve.

Third, the bill would provide a framework for codes of practice so that businesses, especially those in specific industries or sectors of the economy, can proactively demonstrate their compliance with the law. The bill would do this by introducing coregulatory mechanisms into Canada's privacy landscape that would have businesses and the Privacy Commissioner working together. For example, companies operating a specific type of business could develop a code of practice that demonstrates compliance with a specific part of the law, and the Privacy Commissioner could formally recognize the code. For instance, there could be a code for de-identification.

Lastly, the bill provides for certification and certification bodies. Such bodies could use codes of practice to certify businesses compliance with some or all of the law. This is a useful tool for companies, especially small and medium-sized identities, and would be backed up by oversight by the Privacy Commissioner. This means that the Privacy Commissioner would have the option to decline to investigate a privacy complaint when a company has obtained a certification related to the complaint. This is not only efficient, but also provides an additional layer of certainty for business and consumers alike.

Recognized practices, codes and certifications would make it easier for business to comply with the law and for individuals to understand how they are protected. Bill C-11 would not only help keep the personal information of Canadians safe, but enable tomorrow's innovators by supporting Canadian businesses in every corner of the digital economy.

With the bill, the government has made innovation and economic growth a top priority. It is a major step forward.

Madam Speaker, I did have the opportunity to rise on the Conservative motion with respect to Huawei. As I made clear at that time, there are no providers in Canada at the moment that are using Huawei's 5G infrastructure.

I would also take issue, perhaps, with the word “scheme”. What is presented here in the bill before the House is a very serious framework for the protection of personal information and data on behalf of all Canadians. It is certainly something that I am looking forward to debating more fully today and in the future. If there are specific amendments, as I said, I think we are open to them, but at its core, we have a very sound structure that we presenting in Bill C-11.

Madam Speaker, I will be sharing my time with my colleague from Egmont.

It is with great pleasure that I rise in the House today to speak to the consumer privacy protection act and explain why this reform is important for enhancing the protection of our personal information.

When we talk about consumers, we are talking about all of us. All Canadians deserve the peace of mind of knowing that their personal information is protected.

As the Privacy Commissioner of Canada has said, the pandemic has accelerated the digitization of our lives, which inevitably increases risks to our privacy and the security of our data. This has raised serious concerns about our personal freedoms, our societal values, the public good, and the compliance and oversight measures required to manage this public health crisis.

Clearly, this crisis has laid bare the need for a certain use of available data, including personal information. In this context, we have seen many different approaches around the world. Different countries have deployed an array of technologies to support their efforts.

In some cases, their approach has focused on collecting location data for contact tracing or population monitoring or even for tracking an individual's movements. In other cases, telecom service providers have given the government location data from their network. On that, let me make it clear that our approach, Canada's approach, does not use those types of technologies.

This federal government will always defend our privacy and our personal data. Many stakeholders and experts have noted the potential impacts on the right to privacy arising from technologies being used elsewhere around the world. We heard those concerns, and that is why our Canadian approach does not involve these types of technologies.

For example, in the case of the COVID Alert app, our government worked with a variety of partners to support public health efforts to limit the spread of the virus, while also making sure we protected Canadians' privacy. The application was designed with this very objective in mind. As we have said before, the app has no way of knowing one's location, name, address, contacts or other information. In fact, following a review of the app, the Office of the Privacy Commissioner fully supported it.

I hope that this dispels any lingering myths about the app, and as we are very much still in the midst of this pandemic with rising community cases throughout the country, I would like to take this moment to encourage everybody to download the COVID Alert app.

Bill C-11, before us today, would create a strong framework for the protection of personal information in the private sector. The new consumer privacy protection act would impose requirements for obtaining individuals' consent to collect and use their data. Consent must be granted prior to data collection, and consent forms must be written in plain language that absolutely everybody can understand.

While this is extremely important, I know from my own experience, the experience of my friends and speaking to my constituents, and surely this is the case for many Canadians across the country, that not everybody reads the disclosure and consent page before clicking “I agree”. That is why we have proposed in this bill to legislate that organizations can only seek consent for data that are strictly necessary for their purposes. They can collect credit card information if they are selling something; they can collect an address if they will be delivering something.

Critically, this bill also would further empower consumers. It would give us the unfettered right to ask what information has been collected about us, how it has been used, whether it has been shared, and whether it has been sold. We, as consumers, would have the right to access the information that an organization might have on us and request its immediate deletion.

Another groundbreaking provision involves AI and algorithmic transparency. We are all familiar with these algorithms which make predictions and recommendations with the aim of influencing and impacting our decisions. Whether our experience is seeing advertising on Facebook or Google, which, very strangely, resembles some searches we recently did, or recommendations of videos on YouTube, for example, Canadians are constantly being fed information and suggested purchases based on algorithms that we know very little about.

Without going on too much of a tangent, I watched a few weeks ago a documentary called The Social Dilemma. I imagine many of us in this House who are interested in the topic of privacy protection and the Internet are familiar with the documentary. Let me say it scared the you-know-what out of me.

This bill would make it mandatory for companies to provide answers and an explanation, upon request, about how any predictions or recommendations targeted toward us were obtained. Legislating that right, providing that opportunity for consumers, is itself a deterrent for companies seeking to make use of algorithms for nefarious purposes. This is a critical step forward.

This bill deals with a very complex issue for individuals and consumers and for businesses. It recognizes individuals' right to privacy as well as the need of organizations to collect, use or disclose personal information in the course of reasonable commercial activities.

Our privacy bill is flexible enough to allow companies to apply the general requirements to practices specific to their sector. However, I want to make it very clear that good intentions on the part of private-sector organizations are not enough.

We know that for the new protections included in the legislation to really be implemented, we need binding and effective mechanisms to protect the rights of Canadian consumers. That is why this bill includes serious penalties for those who try to get around it. We are talking about monetary penalties of up to $10 million, or 3% of global revenues, for large corporations that break the law. For more serious offences, fines up can go up to $25 million, or 5% of global revenues.

These measures would be among the toughest in the G7. Our government takes the privacy of Canadians very seriously, and the web giants must do the same. We have seen major innovations and digital solutions that not only serve the public interest, but also protect the privacy of our citizens.

The legislation would allow companies to innovate in a responsible manner and enable Canadians to have more control over their personal information. It is true that the digital environment presents many challenges, but we must not let that stop us. There are tremendous opportunities. Back home in Montreal, I am seeing the potential of AI and responsible data usage. I am thinking about Mila, Element AI, Hopper, AlayaCare and all the start-ups and small businesses that are opening every day in Mile End and Mile Ex. We must continue to encourage the development of this sector while ensuring that the public has confidence in the regulatory and legal framework governing these companies.

As legislators, we must give Canadians our assurance that their data is safe and their privacy is respected. This assurance is necessary not just to foster creativity and innovation, which are essential ingredients for building a strong economy, but also to give us all peace of mind.

Madam Speaker, in her speech, my colleague said that she had some suggestions to improve Bill C-11. This is also the case for the Bloc Québécois.

On our side, we are very concerned about the issue of identity theft. There are ways to verify someone's identity. In Europe, mechanisms have been put in place. Here, however, the banks have no such obligations and, if it costs too much, they do nothing. We would like to see stricter regulations for banks and greater transparency.

Does the hon. member agree with what we are calling for?

Madam Speaker, I would like to inform you that I will be sharing my time with the hon. member for Lethbridge.

Today we are discussing Bill C-11, an act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other acts, which received first reading in the House on November 17.

I am aware of the importance of the issue addressed in the bill. It is 2020. Who would have thought that, in 2020, we would have to come to grips with technology in such a hurry because of a pandemic?

Technology was already evolving at a fast pace, but I can say that we have had to increase our knowledge at great speed. If someone had asked me three months ago if I was comfortable with teleconferencing, I would have said no, but today it is an everyday occurrence. It is important to address this issue.

I would like to remind the House that I represent the fantastic riding of Portneuf—Jacques-Cartier in Quebec. In 2019, the personal data of 2.9 million Desjardins members were leaked. They were victims of identity theft. Their data were resold to people who wanted to use them to do business in the financial sector. Although the leak did not involve banking information, it still exposed the affected customers to identity theft.

On June 20, 2019, Desjardins revealed that the personal information of 40% of its members had been illegally shared outside the organization by an employee, who had since been fired, of course. On July 8, Quebec's Commission d'accès à l'information and the Office of the Privacy Commissioner of Canada announced that they were launching investigations. On July 15, Desjardins broadened its identity theft protection and offered protection to more than 4.2 million individual members and 300,000 corporate members. On November 1, it announced that all 4.2 million individual members had been affected by the data leak. About 173 of the 350,000 corporate members were also affected.

I will reveal that I am a Desjardins customer and that I was part of this group. Even before the pandemic, digital transactions were commonplace. The current context is speeding things up.

Today's bill comes from a good place, because we do need to keep up with the times, but will we be able to apply and enforce it? Are we not putting the cart before the horse? That is the problem with this bill.

Examples in my riding make me wonder. The government is trying to bring in legislation that would impose astronomical fines on non-compliant companies. The government is puffing out its chest, bragging that our country will be giving the biggest, juiciest, harshest and most lucrative fines, but will we be able to collect?

What do we want? We want to protect Canadians and provide them with the necessary tools. Would it not make more sense to invest in a service that gives these tools to our businesses, so they can help Canadians and consumers?

I have mixed feelings about this bill. It obviously comes from a good place, but are we taking the best possible measures to ensure solutions for the coming days, weeks and months? We need something concrete.

My constituents often tell me that I must find it hard to be a parliamentarian, because I am pragmatic. We need concrete solutions. The goal is laudable, but are we taking the right measures? I am not sure.

I hear from many businesses and citizens. They are still calling me to tell me they are having problems with Phoenix. They are federal employees who are having problems with their pay because of Phoenix. Phoenix is a problem that was never fixed. It has been around since the Liberal government's first term in 2015. It is now 2020, and nothing has been resolved.

I agree that we need to enact a law to protect personal information, but there may be other priorities. We are seeing it now with the Canada Revenue Agency. I have constituents calling my office to ask if I can help them, because the CRA is claiming it sent them money that they never received, which is a sign that they are victims of fraud and their identity has been stolen.

Should we be enacting a law to punish large companies when we cannot even solve the problem in our own backyard? I am aware of the importance of this bill, but I wonder whether we are taking the right measures.

I mentioned this earlier, but it is worth repeating: I am the member for Portneuf—Jacques-Cartier, which is in the province of Quebec. Quebec has a program to help people who have a baby: The mother or the father is entitled to parental leave.

Here is another example that boggles the mind. One of my constituents meets all of the EI eligibility criteria, but his claim is being reviewed because there seems to be some problem factoring in the parental leave he took in 2019 and the Canada child benefit claim he submitted during the pandemic interfered with processing his claim.

That only happens in Quebec. The Liberal government seems unaware of the existence of provincial programs, and its Canada-wide employment insurance system prevents it from fixing the problem. In this case, is it because it is a Quebecker? Is it because he is a father? I am asking because I want to stress the importance of finding concrete solutions to systems before we consider a bill that will punish big corporations.

I completely agree that those who are at fault should be held responsible, should accept the consequences and should pay if they break the law. I completely agree with my colleagues on that point. However, I wanted to show how bizarre this situation is, a situation that puzzles me.

Clearly, we need to reflect on this and update the legislation, but is the version being introduced today the best one? I think we need to send this bill to committee for further study and consultation with specialists and experts. We did actually notice that there is only one expert regarding the tribunal.

I do not pretend to be such an expert. I am not computer savvy and, as I said six months or a year ago, I was unaware of my skills and adaptability to technology. Many members here in Parliament have managed to learn quickly, at lightning speed.

That is why we need to think about this bill and, as I said in my speech, not put the cart before the horse. We need to do things right to make sure that the bill really meets Canadians' needs. At the end of the day, the goal is the same: to protect society's interests and ensure that Canadians are respected and protected. We are all working toward this goal.

I will now happily answer my colleagues' questions. On that note, let us be vigilant, because fraud is always lurking around the corner.

Madam Speaker, I thank my colleague for his speech.

Bill C-11 seems to apply only to private businesses, not to the federal government. We all saw many examples of this during the pandemic. I imagine that all members were informed of the cases of victims of fraud or identity theft reported to their riding offices.

It therefore seems to me that this bill could also be applied to the federal government. Before imposing these sorts of measures, which I agree are desperately needed, on private businesses, perhaps the government should have a look in its own backyard.

I would like my colleague to tell me whether his government plans to do that.

Madam Speaker, I am pleased to rise today to speak to this Bill on consumer privacy protection.

The bill, which will replace the Personal Information Protection and Electronic Documents Act, makes consumer protection a top priority to ensure that Canadians have confidence in the digital marketplace and trust that their personal data will be managed responsibly by the private sector.

It is so important, in an era of global online commerce, for Canada to be putting in place a privacy standard that offers consumers increased control over their personal information as they participate in the modern digital marketplace. The act also includes several important changes to enable and support innovation in an increasingly digital marketplace.

I am going to speak today about how our government is supporting business and protecting Canadians' privacy as they actively participate in the digital economy. Our government is working to establish an enhanced privacy framework where consumer protection is strengthened and where businesses are supported in their efforts to innovate in a rapidly changing digital landscape.

Bill C-11 marks all sorts of important changes to the privacy framework for Canadians, and it is long overdue. It sets out enhanced measures for Canadians to ensure that their personal information is protected, and it establishes new roles and new mechanisms for industry in a way that promotes innovation in a digital world.

We understand the need to ensure that Canadians’ privacy is protected. We must also ensure that Canadian businesses have access to the support they need to grow and compete in a global marketplace based on digital technologies and data.

These changes are taking place at a time of great upheaval, namely the rapid evolution of digital technologies. They are also taking place at a critical time for businesses, which must adapt and innovate in a digital world.

The current pandemic has made digital solutions essential to everyday life. At a time when physical distancing is so important, consumers want solutions that give them access to the products and services they need. Moreover, companies must continue to do business and develop. Digital solutions have helped many of them stay afloat.

However, we all recognize that new technologies provide businesses with huge amounts of personal information, the kind of data they need to make business decisions and offer clients new services.

We know that innovation and growth are critical, but we have to stand up for Canadians and ensure that this innovation in a digital world happens in a responsible way. Today I am going to outline some of the key elements of Bill C-11 that enable responsible innovation: innovation that is done right in a Canadian way.

One of the goals of our current law, PIPEDA, which Bill C-11 would supersede, has been ensuring that companies are able to handle personal information to meet their own legitimate business ends. The other is to ensure that companies do this in a privacy-protective way. To achieve this dual objective, PIPEDA's framework is principles-based and technology-neutral. The framework ensures that this law continues to apply, even as technology has undergone rapid change.

Bill C-11, the CPPA, retains this approach, continuing the success of a flexible and adaptive privacy law in the Canadian private sector context, but we have to recognize that “the times they are a-changin'.” To better reflect the realities of the digital economy, and the continued emergence of new big-data technologies and artificial intelligence, the CPPA would allow for a number of provisions that support industry going forward.

The bill would create a level playing field for companies of all sizes by reducing administrative burdens, which is critical for the vast number of small and medium-sized enterprises in Canada. It would introduce a new framework for personal information that is de-identified. It would establish new mechanisms, such as codes of practice and certification, with independent oversight by the office of the Privacy Commissioner, and it would address data for research purposes or purposes deemed to be socially beneficial.

I will outline how the bill would do all this.

The bill before us today includes a new exception to the requirement for consent regarding certain business activities. The objective is to allow Canadians to give meaningful consent by limiting it to specific activities that involve real choice. This is essential to prevent the use of blanket consent and lengthy contracts that—let us be honest—no one reads.

This will also reduce the administrative burden on businesses in cases where an individual’s consent may be less relevant. Let's consider the example of a third-party service provider that ships various goods. The customer wants the goods shipped, and the business should be able to meet that need. The bill should not add to the burden of providing that service.

The bill would provide for new regulations to be developed for prescribed business activities and would introduce the concept of legitimate interests in Canada's privacy framework. This is something that industry has asked for, we have consulted about and the government has answered in Bill C-11.

Second, we are better defining and clarifying how companies are to handle de-identified personal information: personal information that has been processed and altered to prevent any identification of a particular individual. The bill would allow organizations to de-identify personal information and use it for new research and development purposes. Businesses must undertake research and development to improve their products and offer customers the new and leading-edge services they are looking for. This provision would give businesses the flexibility they need to use de-identified data for these purposes, which would add value for customers and businesses alike.

The law would also allow organizations to use data for purposes of serving the public good, specifically by allowing companies to disclose de-identified data to public entities. Such disclosures would only be allowed when the personal information could not be traced back to particular individuals and when there was a socially beneficial purpose; that is, a purpose related to health, public infrastructure or even environmental protection. This kind of provision would protect individuals while ensuring we use all the tools at our disposal to address the biggest challenges of our time.

Included in the bill is a clear set of parameters for institutions, such as hospitals, universities and even libraries that would seek to receive personal information for a socially beneficial purpose. These parameters would help clarify the rules of the road in new and important fields.

These provisions would also permit organizations to share more data in a trustworthy fashion. They would allow the private sector to work with different levels of government and public institutions to carry out data-based initiatives in a privacy-protecting fashion. By taking this approach, the bill would accommodate emerging situations where collaboration between public and private sectors could have broad public benefits, while at the same time maintaining the trust and accountability that Canadians demand and deserve.

Third, the bill would provide the framework for codes of practice so businesses, especially those in specific industries or sectors of the economy, could proactively demonstrate compliance with the law. The bill would do this by introducing co-regulatory mechanisms into Canada's privacy landscape that would have businesses and the Privacy Commissioner working together. For example, there could be a code for de-identification.

I recognize my time is running short so I will simply mention that I would open the door to talking about the process the bill would provide for certification and certification bodies. I think this would be a very important provision that businesses across Canada would use regularly and that the Privacy Commissioner would have the opportunity to work on with businesses.

With that, I am thankful for the opportunity to speak to Bill C-11. I look forward to taking the questions of my hon. colleagues.

Madam Speaker, I hope to see this legislation brought forth to, I believe, the ethics committee, where it would be sent from the House and we would see a vigorous debate on the bill.

I am very happy that for the first time since 2001, when PIPEDA was introduced, we are seeing the modernization of our privacy act, if I can use those terms. It is great to see because we know data, technology and the importance of data have grown exponentially throughout the years and even more so in our daily lives. We need to ensure laws are updated and revamped to protect Canadians. That is what we are doing with Bill C-11. I will be happy to see it go to committee, and as a member of that committee I will be involved in that vigorous debate.

Madam Speaker, I hope to see Bill C-11 come to committee in an appropriate fashion. We are having a vigorous debate here in the House on the merits of the bill, and when it comes to committee suggestions can be put forward.

What I am very happy to see in the current form of the bill is that we would have some of the highest fines in the G7 under the CPPA, which would be introduced with this bill and ensure organizations are maintaining and controlling the data of Canadians in an appropriate and safe manner. It is great to see the bill has highlighted the fines and penalties that could be instituted on organizations if they fail to do so.

Madam Speaker, I thank the member for Rivière-des-Mille-Îles for his question.

COVID-19 has brought many things to the forefront, and data protection and identity protection are first and foremost. What Bill C-11 brings forth is the idea of consent and also the idea of data destruction. If someone is moving their information from one provider to another, they would be able to indicate to the first provider that they wished to have their data and personal information destroyed so it would not be leaked or hacked.

There are several protections built into this. Consent is one of them, and I am happy to see this. I am happy to see the update to a number of laws within Bill C-11 for the protection of data and information for all Canadians from coast to coast to coast.

Madam Speaker, I will be sharing my time with my colleague, the hon. member for Pontiac.

I am pleased to rise today to speak about the digital charter implementation act, 2020.

Digital technology is changing our economy and our society. Data is now a resource that companies can use to be more productive, to develop better products and services, which has unleashed a digital revolution around the world and which is even more evident during this time of COVID-19.

At the same time, the rapid growth of data-driven industries and technologies is opening the doors to the potential of new and innovative uses of data to support the public good. Data drives the development of many of the algorithms and protected models that are key to our understanding of societal challenges. Examples include the use of data to support sound public health outcomes; enable smart city technologies, such as dynamic traffic management; and promote greater energy efficiency and sustainability through smart grid technologies.

In Canada, public discussions around socially beneficial uses of data have focused on the emerging concept of the smart city in light of waterfront Toronto development proposals and other smart city initiatives considered by federal, provincial, territorial and municipal governments.

The COVID-19 pandemic has recentred the discussion on the role of private sector data and innovation in supporting public health objectives. We are witnessing the central role that data is playing in managing the pandemic. Not only is data critical for tracking current outbreaks or predicting future outbreaks, it has also been used to inform how our health professionals manage critical supplies and ensure they are deployed where they are most needed.

While data has proven to be of vital importance, stakeholders have identified the need for greater clarity around the legal frameworks governing data sharing between businesses and public sector institutions in the context of smart cities and public health.

At the same time, Canadians' concerns over the protection of privacy and democratic responsibility underscore the importance of defining the conditions necessary to establish a certain level of confidence in any new framework. Data sharing can lead to innovative solutions that benefit society.

However, Canadians need assurance that their privacy will be respected and that their data will not be misused. That is why the act to enact the consumer privacy protection act introduces a clear framework for privacy protection in data sharing for socially beneficial purposes.

Under Bill C-11, organizations will also be obliged to obtain consent before disclosing personal information to other organizations. This is in line with the existing act and with most of the legislation on privacy protection in the private sector.

However, in order to support responsible innovation, the bill makes one exception that will allow private sector organizations to disclose de-identified information to certain types of Canadian public institutions for socially beneficial purposes, without consent. This guarantees that businesses will be given the opportunity to participate in public sector initiatives that use data to contribute to the public good.

In addition, by abiding by this framework, private sector organizations can take part in these data sharing activities with full confidence that they are complying with the bill. At the same time, the bill underscores the importance of oversight by democratically responsible public authorities.

As I mentioned, information that is disclosed in this manner would have to be de-identified, ensuring that individuals' privacy is completely protected. What is more, the act would prohibit using that information later to try to reidentify the individual. This prohibition would be tied to significant fines.

This framework would allow Canadians to participate in initiatives directed at socially beneficial purposes without compromising their privacy. It would also ensure that Canadians benefit from the full power of data to create better solutions to some of the most complex policy challenges of our time.

The scope of socially beneficial purposes would focus on areas of public interest that provide broad public benefits supported by use cases and lessons learned that have been identified through years of engagement between government, business stakeholders and civil society organizations.

For example, ride-sharing and transportation service companies could potentially disclose de-identified aggregate data on the movement of their users to municipal authorities as modelling traffic patterns to help improve traffic flow, plan for better public transit initiatives and to improve road user safety.

The law would set clear parameters on which public institutions could receive information under the new consent exception, such as health care bodies, post-secondary institutions, public libraries and other public institutions or private organizations with the mandate to carry out a socially beneficial purpose. Many of these public institutions already have robust data governance systems in place to ensure the integrity of information and protection of privacy and would be ready to take on new responsibilities that would be in the public interest.

The framework for socially beneficial purposes would also cover situations where different levels of government direct public institutions or certain private sector partners to carry out data initiatives. As highlighted in the reports of our colleagues on the policy implications of connected and automated vehicles, this type of public-private sharing of information would be critical to ensuring the safety and security of technologies that would bring incredible benefits to all Canadians.

The approach proposed in the bill would ensure that the law would be adaptable as new use cases emerge and pave the way for innovative new uses of data that could provide broad public benefit while retaining trust and accountability.

Canadians can also rest assured that the new act will protect their information before and after they communicate with these institutions. All personal information transferred will first be de-identified, which will ensure that privacy is protected in these data sharing activities. The consumer privacy protection act also contains clear rules that will prevent the identification of this information, as well as severe penalties for organizations that break these rules.

The framework for socially beneficial purposes will allow innovative Canadian businesses and public organizations to take part in resolving the greatest social challenges in areas such as health and environmental protection. This could improve research on the pandemic, enhance environmental sustainability and conservation efforts, and make our roads safer for users.

These actions will be based on clear democratic responsibility and the protection of Canadians' privacy, and will maintain the flexibility needed for future innovative uses of data for socially beneficial purposes.

Mr. Speaker, today, I rise to give my input on Bill C-11, the digital charter implementation bill. I am happy to give this input. It is a timely bill for Canadians because this bill is about access to people's information and, more important, how that information is monetized by others. At a time when big corporations around the world are earning billions of dollars very quickly from information, getting in front of this issue right now for Canadians is very important.

What is being sold? Canadian information is being sold. What do Canadians privately own of their own data? This is the question that should be addressed in this bill. The converse of this, of course, is the targeted marketing and what Canadians get from the fact that they are giving away their information so they are getting back more services that might be tailor-made to them. It is one of those areas where the intent of Canadians not to give away their data and the result of that data that they willingly gave away, in many instances can be very contradictory. Let us tell Canadians first, as my colleague said here earlier, that they are the product.

Phones are listening to us. Computers are listening to us. Sometimes, computers are watching us. Sometimes, when my sons at home have Siri on, they say, “Siri, turn on”. Siri comes on and I tell them, “Siri was listening the whole time because it just turned on when you told it to turn on.” A lot of information is being culled. We do not know which of that is resting with us, and which of that is public information to be monetized by somebody else.

When I read this bill, I saw a bureaucratic solution designed by bureaucrats for use by bureaucrats, with what will be minor effect for the Canadian population in general. As much as we would like to make sure that we actually do deal with the issue around Canadians' private information that is provided online, we do need to make sure that it applies consistently across our country. It is a bubble created by a bureaucracy, and that bubble is lacking any consequences for mistakes and those mistakes will happen within the bureaucracies of the Government of Canada. In essence, from the Government of Canada's level, everything in this bill shows a complete lack of accountability for the government about how it might misplace or misuse Canadians' data.

I recall, years ago, the government's approach to what was the no-call list. There was a lot of telemarketing going on at the time and the government came out with a solution. If people registered their phone number it would ensure they did not receive telemarketing. We all jumped on that because on our land lines at the time we were getting a lot of telemarketing. When that registration came up, of course my land line was registered and it said to put in my cellphone number too. I put in my cellphone number, and the next day I started receiving telemarketing on my cellphone where I never had before. What apparently happened is the Canadian government's site had been hacked and all that information was sold to telemarketers. It is a shame because it got no money for it. My information was given away for free and a whole bunch of telemarketers got something from the Government of Canada that was literally stolen from Canadians. Therefore, my data was somebody else's, without my consent, as a result of my contribution to the Government of Canada.

Consumer pricing protection is something that would fall in the same type of realm. How do we make the Government of Canada accountable for what might happen with the data that we willingly give the Government of Canada? Will there be fines? Do we actually tell the Government of Canada that if it does not protect this information the Canadian government is going to fine the Canadian government and therefore the taxpayers are going to have to contribute to the government's fining itself? It is a bit of an around-the-world kind of trip, much like quantitative easing.

The problem is, who has this information about me? I do not know, but the party I am forced to disclose the most information to, that I know about, is the Government of Canada.

Let us discuss how stopping that government body in charge of the information I provide is mishandled. That would be the Canada Revenue Agency more than anybody else. It has my financial information, all kinds of dates and my social insurance number. Frankly, having dealt with it for years, it is a disaster of an organization. It has the wrong information. It processes information badly. It is the worst organization to try and fix bad information. That is the Canadian government.

Let us look at what happened in the last handful of months here with the CERB. Data was pilfered and Canadian payments during a pandemic were misdirected. How much of the $400 billion spent is legitimate and how much is as a result of data hacks that went to the wrong entities? Canadians are paying for these mistakes. Canadians are paying now and Canadians are going to continue paying for generations.

The legislation looks like it is designed for large organizations. Let us start with banks. Banks are another organization that we provide a lot of information to and they have a lot of information about us because they handle our financial information. They know how much we are worth, they know how much we have on deposit and they know how much we owe on our mortgages. They are pretty deep as far as what they understand about us.

There are all kinds of small businesses here, as well, that we need to apply. I want to read from this legislation something that should scare any small business person. This is about privacy management programs as required under this legislation. It states:

Every organization must implement a privacy management program that includes the organization's policies, practices and procedures

It further states:

the organization must take into account the volume and sensitivity of the personal information under its control.

What does that mean and how do we interpret that? Further, an organization:

must ensure, by contract or otherwise, that the service provider provides substantially the same protection

They have to ensure something nebulous is provided by their service provider when forwarding information.

Let us get on the ground here. Someone can walk into a pharmacy and that pharmacy wants the Alberta health care number, which is private government information. The retailers want that information so they can continue to track certain things someone does. They know how much of a person's spending they have and they know how much they can market other products to that person if getting some kind of prescription. Government data is quickly translating over into retail data. That is not exactly something we want to provide.

I will go further here because seniors are the people most affected by this. There are so many seniors who are bearing the brunt of the pandemic. There are issues we go through as we age, including financial institutions, insurance companies and all service provides. Many take advantage of seniors in many respects because things get very complex. We want to make sure our seniors are taken care of in a system that continuously evolves, advances and gets more complex. That is something this legislation should take care of more than anything else.

I do not like being just critical. There are also good things in this legislation and I am going to point them out. The purposes of this legislation are that an organization must determine:

each of the purposes for which the information is to be collected, used or disclosed and record those purposes.

The information for consent is also required. Forms of consent are also defined within. The withdrawal of consent is there, as is the disclosure to cease that actual consent.

Another good thing is there is a period for retention and disposal of data that we provide organizations. An organization must not retain personal information for a period longer than necessary. These are very good advances in the legislation. I thank the drafters of the legislation for that.

I have questions on some of the other parts of this legislation as well. On the transfer of information to service providers, organizations may transfer an individual's information to a service provider without the client's knowledge or consent. They would still be monetizing data that gets collected by one retailer or provider and—

Mr. Speaker, it is a great opportunity to rise today to speak to Bill C-11.

We are surrounded by data that seems to be out of control, lost by corporations, sometimes stolen from governments. Data that we voluntarily give up about ourselves is being collected billions of bytes at a colossal rate. It has a tremendous impact on our privacy and what is being calculated or inferred about us in our daily lives, such if we have a good credit rating, or if we can buy a car or when we go for drinks with a colleague. All of this is very much apparent today, particularly during this health crisis when people are definitely at home and using the Internet to a greater extent.

Everything we do today has some impact on data. Whether we take an Uber or order a meal, that data is collected. Quite frankly, we need to ensure people's privacy is protected.

Why does privacy matter? It is a question that has arisen in the context of this global debate, made worse by this pandemic, where millions around the world have come to rely on computers to carry out a function for their very lives. When we hear arguments about Internet privacy. A lot of what we hear about this mass surveillance is that there is no real harm due to this large-scale invasion, that people have nothing to hide. Those engaging in bad acts have a reason to want to hide and care about their privacy.

This is presupposed on the assumption that there are good and bad people in the world. Bad people who plot to take down governments and plan public attacks are the people who have reason to care about their privacy. By contrast, there are good people, people who go to work, pay taxes, care for their children and use the Internet, not to plot civil destruction but to read the news and find recipes. These people are doing nothing wrong and have no reason to hide.

In a 2009 interview of the long-time CEO of Google, Eric Schmidt, when asked about the different ways his company was causing the invasion of privacy for hundreds of millions of people around the world, he said, “If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.” There are many issues with this statement, one being that this is the very Eric Schmidt who blocked his employees at Google from speaking with the online Internet magazine CNET after it published an article full of personal private information, which was obtained exclusively through Google search and Google products.

A few short decades of the Internet, once held as an unparalleled tool of democracy liberalization, have been converted into an unparalleled zone of mass indiscriminate collection. Enter 2018, when the EU has set the global standard for privacy regulation with the flagship general data protection regulations, known as GDPR, signalling to Canada that our 1990s era of the Personal Information Protection and Electronic Documents Act did not have the teeth to take on big tech.

Bill C-11 would bring in additional privacy regulations. Replacing PIPEDA with CCPA would provide an opportunity for greater detail within the law rather than just relying on the interpretations of the Privacy Commissioner. This is a good thing.

The structure will include a personal information and data protection tribunal that will play a key enforcement role by reviewing all commissioner decisions and issue penalties for non-compliance. There will be an expert tribunal composed of three to six members, but interestingly enough it says there may be only one expert, which may be a deficiency in the act.

What are these new privacy rights? One is data mobility. Subject to regulations, on the request of an individual, an organization must, as soon as feasible, disclose the personal information that is collected from an individual and to an organization designated by the individual. Data mobility is a fact of life and this is a good thing. What format that data will be transferred in will need to be discussed.

On algorithmic transparency, if the organization has used an automated decision process to make a prediction or recommendation, then the organization must, on the request of an individual, provide an explanation of the prediction, recommendation or decision and the personal information that was used to make the prediction. It seems like a reasonable intent and is something it should be able to do without giving up the code.

With respect to de-identification, the bill states:

An organization that de-identifies personal information must ensure that any technical and administrative measures applied to the information are proportionate to the purpose for which the information is de-identified...

Then there is the new enforcement. The Privacy Commissioner of Canada will have the order-making power that will enable the office to order compliance with the law and recommend significant penalties.

I should mention I will be sharing my time with the member for Calgary Centre.

In some cases, the recommended penalties are the highest in the G7, so they are significant. The expanded range of offences for contraventions of the law are a maximum fine of 5% for a global revenue of $25 million. There are administrative penalties as well.

One of the issues I see with this is that the legislation and penalties invoke fear, but there will be a question of whether there is adequate teeth for enforcement.

The law includes whistleblowing provisions that protect those who have disclosed alleged privacy non-compliance and a private right of action that will allow individuals to seek damages for loss or injury suffered through privacy violations.

There are new standards of consent. This has been a big issue for individuals. How many people have signed up to a site, with three pages of disclosure to which they are supposed to consent? I would argue that very few people will actually read that kind of detail. Therefore, there is an attempt within the legislation to use clear language and simplified consent. Given the depth of the legislation, that may be a difficult thing to achieve, but is a worthwhile goal.

Deceptive practices to obtain consent with false or misleading information renders the consent invalid and individuals can withdraw their consent at any time. There is the question of whether people are providing consent for multiple activities or just an individual activity. That should be clarified.

The realm of data is largely uncharted territory and we find ourselves asking the question of who owns our data. Our opinion is that people own their data and they should own their data.

The word “consent” is mentioned 108 times in the GDPR. In the first reading of Bill C-11, it was mentioned 118 times. This sounds great. Who could possibly be against the consent of data? Challenging consent seems counterintuitive in the world of privacy because it is so linked to us and our autonomy. However, it is both impractical and undesirable and serves to explain why our privacy law is in such a sorry state. It is imperative the legislation is written with as little room for interpretation as possible.

There are some standards within that bill. It states:

An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for a business activity described in subsection (2)...

Under that subsection, it states:

(a) a reasonable person would expect such a collection or use for that activity; and

(b) the personal information is not collected or used for the purpose of influencing the individual’s behaviour or decisions.

The issue is this. If that is subject to interpretation, we could have a pretty broad interpretation of what it says. Hopefully this act, with the regulations that follow, will clearly define what is in and what is out.

At the end of the day, if we are using services, many services are disrupting, shaping and helping our lives in ways we could not have possibly imagined mere decades ago. Whether we like it or not, it is big tech that has provided these realities for us and the government should, as with any other key stakeholder, create meaningful, effective and collaborative policy but require consultation. It is one thing to consult in front, but now that we have legislation, we need to ensure we get it right. We need to ensure that industry, particularly small businesses, remain competitive. The bill is being sent for review to the privacy and ethics committee. There is a strong argument that industry committee should have a look at this bill as well.

Therefore, proper consultation must happen. There is nothing wrong with doing that. I hope the government will ensure the bill is properly consulted on.

Mr. Speaker, I would like to start by saying that I will be splitting my time with the member for Richmond Hill.

I am speaking here on the traditional unceded lands of the Algonquin people.

At the outset, I want to thank the Minister of Innovation, Science and Industry and his team for bringing forward Bill C-11, an act to enact the consumer privacy protection act, CPPA, and the personal information and data protection tribunal act. These are important aspects as we, as a country, address the issues of privacy in relation to the enormous amount of information that is constantly gathered, and exists about all of us.

We are in an age when with a cellphone we have more information at our disposal than several libraries put together. We are able to access personal information about virtually anyone who has a public profile, and certainly about anyone who has created a profile in one of the major platforms, whether it be Facebook, Twitter, Instagram, TikTok or LinkedIn, and the list goes on.

These have posed obvious questions for all of us as policy-makers or even as individual consumers in terms of how this information is used, how it is reproduced, copied and misused. We have seen the worst of it over the years in platforms like Facebook where information may have been reused over and over again.

At the centre of this legislation are three major aspects. First and foremost is consumer control over individuals' personal information that is out there.

Second, it is about innovation. I know the previous speaker spoke about the balancing act that we need in order to ensure free speech and privacy.

The third element is to make sure that innovation continues. Innovation is absolutely important for a country like Canada. I know many innovators in my community who have done exceptionally well. I have spoken about many of them here. The University of Toronto Scarborough campus has a hub in which many local innovators have come forward and have developed in my riding of Scarborough—Rouge Park.

Members may know of the company, Knowledgehook. It is a company founded by my good friend Travis Ratnam. The company was just given additional funding of $20 million to expand the program. It is a platform that allows students and teachers to work together to use AI, devise curriculum and make sure that the weaknesses of each student are highlighted to the teachers so that the teachers can respond.

In all of these new forms of technology, there are questions of privacy. We worry about the relationship between, for example, companies gathering data for the purpose of insurance, whether health, life, or auto insurance, and the data that sometimes is readily captured in our day-to-day use.

All of these issues have become pronounced during COVID. We see that education, for example, is now online for many students whose parents choose to have their kids study from home via the Internet; or for many post-secondary students who are studying virtually. I always go back to the University of Toronto Scarborough campus, which is located in my riding, but there is also Centennial College, where most of the students are learning virtually. These again have complicated the challenges for ensuring that privacy is maintained.

The digital charter that is before us does really allow for consumers to have control over their personal information, and it allows for innovation and a strong enforcement oversight. Sadly, the enforcement aspect has been quite weak in Canada over the years. We do not have adequate enforcement. In fact, technology itself is hard to enforce, whether in Canada or other parts of the world.

The enforcement mechanism that is built into this legislation is critically important for us to look at. It is what makes this legislation accessible to individuals who may have a complaint. The enforcement mechanism looks to have individuals appointed through the order in council process.

I want to speak about the way our government, since taking office in 2015, has managed to put together proper processes to appoint individuals to these important bodies, including judiciary and administrative tribunals, but also other bodies that make critical decisions.

We are focused on ensuring a merit-based system that ensures the individual is fully qualified to make decisions on a particular issue. For me, my work on the Standing Committee on Immigration and Refugees was a great learning experience. I saw first-hand how the IRB was transformed from a patronage-based appointment process to one that is merit-based. We see decisions coming out of the IRB that are fully reflective of the quality of candidates we put on those boards.

When we look at appointments, it is meritocracy, but also diversity. We note that in previous governments, judicial appointments have often been focused on men. In fact, in the last several years, we have now achieved gender parity. We are looking at enhancing that and we are working toward greater diversity among other groups in Canada, including people with disabilities. I believe the enforcement mechanism is critical and we have taken concrete steps in that regard.

To note, there are monetary penalties that this tribunal could issue. For example, there is a penalty of 3% of global revenue or $10 million for non-compliant organizations. For a company like Facebook, Google or one of the major outfits, 3% of their global revenues is significant. The maximum penalty is 5% of global revenue or $25 million for certain types of contraventions.

The government and the Minister of Innovation have brought forward a very important piece of legislation. It appears to have the support of all parties. I am particularly impressed with the data protection tribunal act that is built into this bill and the mechanisms that allow for individuals to access the type of redress that is required.

I look forward to questions from my friends opposite.

Mr. Speaker, it is my honour to rise again today to address Bill C-11. This bill, when printed, is nearly an inch thick. It is a monster bill for around here. It is a timely bill, as well. I am looking forward to delving into it. I have not had the opportunity to read through it in great detail to this point, but I want to speak to it.

This is a top-of-mind issue for many Canadians. One of the things I want to point out right off the top is that when someone is online and a virtual persona, if they think they are getting a free product, they are actually the product. That is the thing to remember and many folks do not seem to realize that. That is something I have not seen in this bill, which is important. I think it is missing from this bill, although this bill may not been seeking to address that specifically.

There could be some sort of public awareness campaign, much the same as we have done with cigarettes. In the past, the public was trained that if someone smoked cigarettes, they would get cancer. We could do this for online profiles and show the dangers and what is going on out there.

As well, the member for Port Moody—Coquitlam mentioned what is actually happening with our data. We think we are filling out a fun game or personality test, but we are actually giving away data. It can be harvested commercially to send advertisements and promote certain products.

We continue to see more invasion of our privacy. I do not know about other members, but the thing that jumped out at me, during my first cursory read of this bill, was the term “algorithm transparency”. That is something I am really fascinated by.

On the weekend, my friend was telling me that he took his phone, laid it on the table and he and his friends talked about white rabbits for three to four minutes. They just said the words “white rabbits” often. Then they opened up his phone, went to Facebook and the advertisements he was getting were about white rabbits. Our phones are listening to us and there are algorithms that are promoting certain things.

We can probably turn that feature off and mute the microphones on our phones all the time if we know how to do that, if we care enough about it or are concerned about that kind of thing. There is a joke that the Chinese are listening to us. It is just an assumption that is being made. I do not think there is actually somebody listening on the other end, but there is an algorithm that is obviously listening to what we are saying and trying push products toward us that we are interested in.

The white rabbit story is interesting. It is not necessarily something that would come up in day-to-day discussions. However, I know that if we connect to someone else's WiFi then suddenly we start getting different advertisements. My cousin has a CNC plasma cutting table for cutting metal. It is really cool, but what is interesting is that when I go to his house and connect to his WiFi, which is also connected to that CNC plasma table, I start getting advertisements for CNC cutting tables. That is wild and fascinating. The algorithm transparency piece is one of the most fascinating pieces of this law.

Sometimes on Facebook, we get ads. We can click on the “X” to get rid of the ad. When an ad comes up, one wonders why they are seeing it. If I could get an answer for that, that would be amazing.

I am interested in that. What is being fed into the system that is promoting this particular ad to me? That is something I am really interested in knowing. At this point, there seems to be no recourse whatsoever to know why these ads show up. In my virtual personality that lives out on the Internet and in the data collected on me, what recent actions in particular have I undertaken that have driven this particular ad into my feed? I am fascinated to see if we are going to be able to bring that transparency with this bill. I am not necessarily convinced we will be able to do it, but I am fascinated by it.

The other piece I do not think this bill addresses at all is the question of social media platforms or Internet platforms being message boards or publishers. This continues to be a sticking point. There have been committee hearings with the major social media platforms, and we have seen countries around the world seek to grapple with this issue. This is precisely what governments ought to be doing.

What it means to govern and to legislate is to come up with a system that balances the interests of all people in a way of our choosing. That is what it means to be in a democracy. That is what it means to be governed by ourselves, so to speak. In many cases we see effective lobbying efforts by organized groups, and in particular commercial interests, that do not necessarily allow the government to get that balance right.

We see in the news how we grapple to enable this. Some large social media platforms have amassed a wealth that exceeds that of many nations. Some of the largest nations in the world are able to compete with this, but many smaller nations do not have the resource capacity many of these large media companies do, so there is tension there. I compliment this bill in that it is attempting to have that discussion.

Do I trust the Liberals to get it right? No, typically not, but I commend them for bringing this forward and beginning the conversation. This is going to be a long conversation. Like I said before, this bill is an inch thick.

The member for Scarborough—Rouge Park just made a comment. I do not quite know what he said, but I am sure he was complimenting me on my speech. I thank him and appreciate that.

Around algorithmic transparency, the piece that is really important, and that I do not think this bill quite grasps, is whether platforms are curating content, publishing it or choosing winners and losers. The algorithmic transparency of that is a big concern for me, and I know it is a big concern for many people across the country. It is interesting this is a concern for people both on the right and the left. It is a concern for all the political parties. It is a concern for ideological differences, and in general for what is curated and what is deemed to be on the platform.

This is also a concern for the platforms themselves, in that one particular message that comes from a platform can then become part of a mob mentality. People could then really go after it.

There is no protection, necessarily, for platforms because there is ambiguity about whether they are responsible for messages on the message board and, if they are, whether they are liable as a newspaper would be. That is the major challenge.

While I am not convinced, at this point, that we will get algorithmic transparency in that sense, it is important to be able to tell people, “This is our algorithm, this is how messages get on the board. We are not responsible for the messages and, therefore, this is how the system works.” There is no human input. It is just a sophisticated method of getting messages in front of people that they want to see, that they think are interesting and that they find helpful.

For the most part, I would say we are getting that right. Where there is some concern is about political messaging. We have already seen that Facebook has worked hard on that, but there is always a spectrum, I would say, of political messaging. There is explicit party messaging, which is relatively easy to monitor and manage, but then there is political messaging that goes farther afield. When it is a random, individual Canadian doing political messaging, how is that managed? That is when it will be really important for us to get the algorithmic transparency piece right.

There is another thing I am interested in seeing and have not seen. Part of the government's rollout on this bill has been pushing freedom from hate and from violent extremism. That is important to me. The managing of the Internet and platforms around violent and degrading sexually explicit material has been something I have worked on in this place. It was in 2017 that the House unanimously passed a motion for the government to study the impacts of violent and degrading sexually explicit material.

This was something that had not been studied since 1985. I was not even born in 1985, so that tells us it was a long time ago. The member for Fleetwood—Port Kells is shaking his head at me. I am not sure what that belies about me or him, but it was a while back, before I was born and before the Internet existed.

A study on the impacts of violent and degrading sexually explicit material was done in 1985. I remember distinctly, in 1991, going to my uncle's house. He had gotten the Internet. I had heard about it and said I wanted to see the Internet, so he showed me where the phone line plugged into the wall. I asked if that was it and he said we should look at it. He turned his computer on. It had a giant monitor and a big tower beside his desk that hummed. Members may remember the sound coming through the speaker of dial-up Internet. I remember, for the first time ever, seeing the Internet. We went to dogpile.com, which was an early search engine. That was the beginning of the Internet for me, in 1991.

Here we are nearly 30 years later, and we are still grappling with how to manage this. It is a public information highway. There are public highways all over the country, and the government manages a licensing system for folks who get to use the public highways and roads. There is no controversy around that. It seems like an effective way to manage it. Given that it is tangible and we can see it in front of us, that is a manageable thing. In reality, we are dealing with the information highway. Up to this point, there has been very little direction on the role of the government in managing the expectations of Canadians.

Many parents who I have talked to are looking for tools they can use to protect their children online, and they are not satisfied with being told they should just be better parents. They say they want help from the internet service providers. They want help from their government. They want the ability to have some recourse with these large platforms. I am interested to see that.

The government says the Internet should be free from hate and violent extremism. That is something that I support notionally. Video imaging is the area where I am most concerned. In the other direction, I am concerned about free speech, and particularly the use of words and typed messaging. That, I guess, is a little harder to manage. However, particularly with images and video content, I think there is a lot of room for the government to operate in, especially with the violent and extremely degrading sexually explicit material that we have seen since 2007.

Since then, we can chart the impacts of those on Canadian society on a number of different indicators, and they have gotten worse. We see this particularly with our children in terms of the loneliness index going up and the isolation index going up. All of these things are exacerbated by the COVID lockdowns.

These are all things that we need to ensure come into this. Freedom from hate and violent extremism is necessary, and we have to get that right. This is what governments are built for. This is what we need to do, and we have to get it right, so I am looking forward to continuing debate around that.

The last thing I want to point out, which I find to be a little interesting, and I am hoping for some answers on from the government side, is this bill, the procedure of the House and how this bill will roll out over time. I must say this bill was unceremoniously dumped on Parliament. I was not anticipating it. I have been working on these issues for a while, and it was not something that was clearly on my radar.

I had written to the Minister of Canadian Heritage around this issue, and I was wondering how he was going to manage it, because I do remember seeing in his mandate letter that he was to try to remove hate and violent extremism from Canada through the Internet. I had some ideas and concerns around that, so I had written to him about it. I did not receive any feedback back saying the bill is coming, so I was a little surprised that this bill came when it did.

The other thing that I am really looking for an answer on is why the rumour around here is that this bill will be going to the ethics committee. I am wondering why the bill is going to the ethics committee. This seems like a bill built for the industry committee. That is typically where this would be dealt with, so I am left wondering. The ethics committee is seized with a number of other issues, and I am wondering why this bill would be rumoured to be headed toward the ethics committee, when industry seems like the committee that would be more in tune with where we would like to go with this particular bill.

I am going to be continuing to monitor the debate around this bill. I am looking forward to having a robust debate. I know that, given the size of the bill, we will be discussing it for a while, whether in this place, in the other place or in the committee, as well as out there in the general public.

I know that this will be a hot topic of discussion. I look forward to continuing that debate, and I look forward to the questions.

Mr. Speaker, I would like to thank my colleague for his comments. They were very interesting.

I know this has been brought up already today, but I want to hear from the member about it. We know that Bill C-11 does not explicitly deal with political parties, and we have heard members within the government and from the opposition parties ask that it be included.

If the member could comment on why this was not included in Bill C-11, that would be great.

Mr. Speaker, I rise today to join my colleagues in speaking to the digital charter implementation act, 2020.

In today's ever-changing digital environment, Canadians have demanded better protection of their personal information. They have also demanded that organizations be held accountable for misusing their information. Stakeholders have told us that they want flexibility to innovate responsibly and want consistency with privacy rules everywhere else in other jurisdictions.

I am proud to say that the digital charter implementation act, which would enact the consumer privacy protection act, or CPPA, represents the most ambitious overhaul of Canada's private sector privacy regime since PIPEDA was first introduced, in 2000. CPPA would introduce significant changes to better protect the personal information of Canadians in the way they have been demanding, including, of course, with strong financial consequences for those who do not follow the law.

Prior to PIPEDA, in the 1990s, other countries around the globe introduced new laws to ensure that privacy was protected and that the opportunities afforded by e-commerce and the flow of information around the globe flourished. In particular, the EU introduced a privacy directive for its member countries to implement into their national laws.

Inspired by the EU law, Quebec introduced the first private sector privacy law in Canada in 1994. This was an important step forward, but it also raised the potential and, of course, the prospect for a patchwork of provincial privacy laws. With the prospect of multiple, possibly conflicting, rules and gaps in privacy protection that could harm Canadians, the federal government needed to act. Canada required a national privacy standard to ensure consumer confidence and regulatory certainty for businesses.

At the outset of the new millennium, PIPEDA was created to address the privacy concerns arising from a period of technological disruption fuelled by the rise of the Internet. It provided a framework with robust privacy protections and the flexibility to support the legitimate needs of businesses to use personal information. It also provided a mechanism by which the provincial private sector privacy laws could be considered substantially similar. This meant that where such a law is accorded that designation, PIPEDA does not apply to an organization's activities within a province.

In 2004, Alberta and British Columbia passed private sector privacy laws that are considered substantially similar, as is Quebec's law. A number of newer provincial health information laws have also passed, since 2005, that have been appropriately designated as substantially similar.

PIPEDA would continue, however, to apply to the federally regulated sector in a province and to any personal information collected, used or disclosed in the course of commercial activities across provincial borders. This provided a stable regulatory environment and flexibility for the provinces, and supported Canada's trade interests for many years.

However, today we are faced with a changed environment. Today, in many ways, history is repeating itself, but the risks have evolved. The role of digital technologies is considerably more central to our lives than it was 20 years ago. Just consider our experience in recent months with the pandemic. To harness all that the modern digital world has to offer, we clearly needed to modernize our federal private sector privacy law.

In a globally connected economy, our laws needed to be consistent with those of other jurisdictions. Internationally agreed privacy rules, such as the OECD privacy guidelines, first introduced in 1980, were updated in 2013. So too, I might add, more recently, was the APEC privacy framework. Indeed, privacy laws based on these international norms have been changing and advancing in Europe, Japan, South America and New Zealand.

What have these changes entailed? Core privacy principles have remained, though some have been expanded, such as accountability and breach reporting. New elements, such as enhancing rights of erasure and mobility rights, a greater emphasis on transparency, more certainty for businesses and consumers through codes certification and stronger consequences for non-compliance, have been the principal hallmarks of many of these evolving changes.

Closer to home, this summer, Quebec introduced amendments to its private sector privacy law, and B.C. recently conducted a study on its own laws. Ontario too is considering introducing a new private sector privacy law. Stakeholders have told us they are worried about the burden of multiple laws with different requirements. They demanded harmonization here at home.

There is a clear need for the progress and reforms included in the digital charter implementation act, 2020. If we do not act, there is a risk of further fragmentation of privacy rules across the country. We need to keep up with changing technology and business practices, and incorporate the best international practices, protocols and safeguards in our own domestic laws. We also need to set a common standard for privacy protection for the private sector across Canada.

Like the current PIPEDA, the new CPPA would be grounded in the federal trade and commerce powers. It recognizes the very importance of doing business on a national basis and in an economy that must work across provincial boundaries. Also, like PIPEDA, it would provide for a mechanism to recognize provincial laws that are substantially similar. These regulations would set out the criteria and process for such recognition or for reconsideration of it, and would continue to provide the provincial flexibility that has been important to PIPEDA's success. CPPA, like its predecessor, would maintain the Privacy Commissioner's ability to collaborate and co-operate with his or her provincial counterparts, an important tool to ensure consistency.

As the minister emphasized earlier today, the focus should always be on compliance. Some ask why we cannot have just one national law. The answer, of course, is that Canada is a federation; there is a division of powers. Indeed, the provinces provide important coverage that a national law cannot, under our Constitution.

I would be remiss if I did not also acknowledge the international context.

We live in an interconnected world. Data are constantly flowing across borders. In 2002, the European Commission recognized PIPEDA as providing adequate protection relative to EU law, allowing for the free flow of personal information between Canadian and European businesses. However, in 2018, a new EU regulation came into effect: the General Data Protection Regulation. It updated many of the existing requirements and added strong financial penalties for contraventions. The EU is currently reviewing its existing adequacy decisions, including the one applying to Canada.

That is why the government launched Canada's digital charter in 2019. Its 10 guiding principles offer a firm foundation on which to build an innovative and inclusive digital and data economy. The principles of ensuring interoperability, a level playing field, strong enforcement and real accountability are clearly reflected in the digital charter implementation act.

I want to thank members for their attention today, and I can assure them that our approach to privacy protection respects the privacy rights of Canadians. It is pragmatic, principled, meets our trading needs and provides a consistent, coherent framework that Canadians and stakeholders can rely on.

With Bill C-11, we will continue to encourage trade and investment and grow an economy that extends across provincial and international borders alike.

Mr. Speaker, I am looking forward to getting back to the ethics committee to work with the member for Timmins—James Bay on these issues.

When we look at the use of algorithms and the use of algorithms combined with just the scale of data collection that we see today, we can narrowly focus in on consumer privacy on the one hand, but on the other hand there are bigger conversations about how that information is used to target messages to us and the implications for our democracy. There is a reason, when we hosted that meeting in Ottawa for the IGC, that it was on big data, privacy and democracy.

In terms of algorithmic accountability specifically, I would say I am not certain yet what the perfect solution looks like, but I have always been interested in the work of the Treasury Board in respect of algorithmic impact assessments. It is clear enough, and I am glad to see in Bill C-11 that there is a commitment to algorithmic transparency.

Going further and having some body, potentially the Privacy Commissioner, able to look under the hood and audit algorithms and their potential positive and negative impacts is important. We need to figure out a way to do just that.

Mr. Speaker, I will be splitting my time with the member for Willowdale.

We increasingly live our lives online and our laws need to reflect that reality. Privacy is a human right and it is inextricably connected to our personal autonomy.

The Council of Europe's Convention 108 states, “The purpose of this Convention is to protect every individual, whatever his or her nationality or residence, with regard to the processing of their personal data, thereby contributing to respect for his or her human rights and fundamental freedoms, and in particular the right to privacy.” The GDPR states, “This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”

The incredible scale of data collection can be a powerful force, both for good and bad, so we need strong privacy and digital rights and a strong regulator to enforce them.

There is much in our government's Bill C-11, which is a serious reform of PIPEDA and certainly long overdue. I remember in June 2018, I introduced legislation simply to give the Privacy Commissioner new powers, which our privacy committee had twice unanimously recommended. We have come a long way since then with this substantive bill. OpenMedia said, “Bill C-11 is a big win for privacy in Canada.”

While I have heard some reflections from experts and certainly from some parliamentary colleagues already about how the bill can potentially be improved, or some open questions about what might need to be fixed, it is certainly deserving of our support at second reading. I look forward to working with colleagues across party lines to improve the legislation at committee where we can.

At this point, to work at committee across party lines something of a detour is required. I want to specifically commend my Conservative Party colleagues from Prince George and Thornhill, my NDP colleague from Timmins—James Bay and my Liberal colleague from Kitchener Centre. We worked very long and hard on privacy issues in the last Parliament. We helped found the International Grand Committee, comprised of over 10 countries, to discuss these issues. We hosted the second meeting of the IGC in Ottawa. We tabled the report “Towards Privacy by Design” in February of 2018.

When we as parliamentarians talk about committee work and often the overlooked nature of the committee work, we do not always see that committee work turn into legislation. In this instance we have.

We recommended stronger consent rules and we see stronger rules in Bill C-11. We recommended algorithmic transparency and we see in Bill C-11 a commitment on transparency where systems are used to make predictions, recommendations or decisions about consumers. We recommended data portability and interoperability. We see those commitments in Bill C-11.

We see stronger powers for the Privacy Commissioner. I mentioned that need for a strong regulator, including order-making, auditing and the ability to levy fines. We see order-making powers. We see the ability to audit. We see a new tribunal, and while I understand some of the caution or questions members are raising in respect of this design, it is consistent with the competition commissioner and tribunal operations and worth looking at more seriously to see if it can be approved. However, through the tribunal, we see the ability to levy significant fines, in the magnitude of $10 million to a maximum of $25 million for more serious fines.

In terms of the course of that committee work, I want to reflect on a couple of stories about why this kind of legislation is so important and critical.

I think it was in the fall of 2017, when we were in the midst of the study on PIPEDA reform, that the member for Thornhill, the former member for Skeena—Bulkley Valley, I believe I am getting that right, and I went down to Washington and met with other elected representatives there. We witnessed some of the hearings in relation to the Equifax breach, but we also met with Facebook officials. At that time, when a question was put by I think the member for Thornhill as to what Facebook's views were on the potential new regulations, they said absolutely no new regulations were required in Canada due to the strong framework through PIPEDA and, if there were new rules, that might affect Facebook's willingness and interest in investing in Canada. Certainly, we have come a long way since those kinds of conversations and push-back by big tech companies against stronger privacy rules.

We saw that Mark Zuckerberg unfortunately did not attend before the IGC, though he said he would like to work with parliamentarians around the world, but we can certainly say that the days of self-regulation are over and asking for regulation. Here is that kind of regulation in Canada.

On consent, I have to tell one other story that happened at committee. Again, we had Facebook officials there. We were in the midst of going down the rabbit hole of the Cambridge Analytica scandal and the Canadian context of that third-party app, which had shared so much information. I think it was under 300 Canadians who had used the app, but thousands of Canadians had their information shared. I put to Facebook at the time, “How is it that on the basis of meaningful consent thousands of Canadians could have agreed that their friends share their information through this third-party app and then share it with Cambridge Analytica?” With a straight face somehow, a Facebook representative said to me that it was in their terms and conditions.

That speaks to the problematic nature of consent in the existing law and the lack of meaningful consent. Thankfully, our Privacy Commissioner, despite his current lack of meaningful powers, pursued that line of inquiry and found that Facebook violated our current laws and took the matter to court. We know that with stronger consent rules, there would have been no ability for a Facebook representative to say with a straight face that there was meaningful consent.

Plain language is important. I would go further, though, and say that as we think about consent, particularly in a consumer context, I think we ought to be more wary of privacy by default. We have to be more concerned about privacy by default. Where there is a reasonable expectation of the consumer that information is going to be shared and used in a particular way, then explicit consent, obviously, ought not need to be required, but where there are secondary uses, where there are uses beyond a reasonable expectation of that consumer then, certainly, we need explicit opt-in consent. It needs to be very clear to consumers how their information is to be used, if at all.

I want to emphasize the consumer context because it is a curiosity of privacy legislation and a curiosity of consumer protection legislation that when I purchase my phone I do not have to read the terms and conditions. There is no expectation by government that I read the terms and conditions, yet I am protected. There are implied warranties pursuant to consumer protection legislation. I do not need to read those terms and conditions in order for my rights to be protected as a consumer, yet there is an expectation when I download any app on my phone that I read the terms and conditions. That cannot be a tenable state of affairs if we want to protect consumers. We cannot expect consumers to read every term and condition, and every consumer contract in the course of downloading applications, and in the course of living their lives, as I said, increasingly online. Our laws need to reflect that reality.

There are obviously some straightforward fixes for this legislation. The membership of the tribunal should obviously have greater privacy expertise. I think that is a no-brainer. We do have to think more deeply through some of these consent rules and how we can strengthen them potentially further. I would like to see us go beyond algorithmic explainability to some kind of algorithmic accountability.

I know that others have mentioned political parties being left out. I do not know that political parties need to be subject to PIPEDA specifically, but they ought to be subject to privacy legislation. If there is no further effort under way by the government, then I think PIPEDA may well be the place to do that.

Lastly, I think we have to focus on children, in particular, when we look at consent rules and protecting kids on the Internet. Previously, I have written and spoken publicly about my support for our right to be forgotten, but I do think we have to be more focused on our rules and protection for kids as they grow up with the Internet and live their entire lives online.

I will close by simply saying that this is a big bill. This is second reading and, certainly, all of us ought to support this in principle. I look forward to working with experts and colleagues to strengthen the bill at committee and get into the details.

Mr. Speaker, I thank my hon. colleague from Windsor West for his detailed assessment of Bill C-11. It is the first opportunity for me to speak to the bill. I certainly plan to vote for it at second reading to get to committee.

An amendment I hope to pursue at committee is an issue that the hon. member discussed. That is getting the PIPEDA framework in Canada to apply to political parties. Here in British Columbia at the provincial level, political parties have to meet privacy requirements. I commend the member for raising it early in debate, and ask if the New Democratic Party will also support amendments in committee?

Madam Speaker, since there are no other questions and comments, I believe that shows that my colleague was very clear. I will try to be clear as well. The bar is high, but I will try to meet it.

Generally speaking, as my colleague said, this bill represents a step forward and addresses several of the Privacy Commissioner of Canada's requests. Quebeckers were profoundly shocked by the Desjardins data breach. It was a very significant event. However, it was not the only one. Similar incidents occurred in 2017 and 2018, and there have probably been dozens more that we are not aware of. In fact, when a bank's data is stolen, the bank is required to inform the police and the Privacy Commissioner of Canada, but it is not required to inform the public or even its customers.

We like this bill because it sets out a series of principles relating to the collection and sharing of personal information by companies: free and informed consent for the collection and use of data; the ability to allow or deny the transfer of data to another company, such as between two financial institutions; the ability to withdraw consent or request that data be deleted; transparency about the use of algorithms that use personal data; and stricter criteria for the use of de-identified data. This bill also gives real powers to Canada's Privacy Commissioner, sets out significant penalties for non-compliance, and creates the personal information and data protection tribunal. All of that is great.

Unfortunately, the problem is that the bill omits one extremely important element, and that is protecting people's identity online to prevent fraud due to identity theft, especially during financial transactions. We know that Europe has brought in a whole suite of regulations to force financial institutions to verify a person's identity before authorizing a transaction. There is nothing like that in Canada, and this bill does not have anything of the kind either.

The federal government is not properly verifying individuals' identity before authorizing electronic transactions. We know that the challenge is to prevent data from being stolen and used to commit fraud. Having personal data stolen is unpleasant enough, so all measures must be taken to ensure that the data are not then used for fraud.

The debate in Ottawa over the massive data breach at Desjardins mainly revolved around social insurance numbers. We know that several people would like to change their social insurance numbers, but under the current system, they cannot do so unless they become a victim of fraud resulting from identity theft.

In addition, the federal government has received a number of requests to redesign the social insurance card to make it harder to counterfeit, similar to what Ottawa did with passports after the September 11, 2001, attacks, at the request of the United States.

These two requests are perfectly reasonable. The Bloc fully agrees and is asking Ottawa to follow up. However, that alone will not stop fraud.

The best way to prevent identity theft is to make sure that the person who is making the transaction is indeed who they claim to be. This goes without saying. There are three ways to verify a person's identity.

First, a person can be identified based on what they know, namely personal information such as their name, address or social insurance number. However, as cases of identity theft are on the rise, it is getting harder and harder to accurately identify someone. In other words, our private information is no longer private when everyone can find out almost everything about us. Fraudsters can simply use this information to create a fake ID, and they are set.

Second, a person can be identified based on what they have, such as their computer's IP address, which the institution can recognize if the transaction is being conducted from the person's home, or their cell phone, to which the institution can send a secret code via text message.

Third, a person can be identified based on who they are. The institution can use technologies that recognize a person's physical characteristics, such as their voice, their facial features, through the use of facial recognition, their digital fingerprints, which are increasingly being used by cell phones, or their handwritten signature.

Europe adopted regulations in 2016 requiring financial institutions to use at least two of these three ways to identify someone before authorizing a transaction. Banks in Canada are under no such obligation. If they believe that the control mechanisms will cost more than the losses they are currently incurring in fraud, they are better off doing nothing. The banks will not pay for controls that would be more costly than the fraud. That is simply profit-driven logic.

Many members have probably had the experience of having a store issue a credit card on the spot, based solely on the personal information we provide. We just have to give our phone number, address, and so on, and that is all it takes. This practice really opens the door to fraud, and it has to stop.

We believe that the banks must be forced to tackle fraud. That is the solution that we are advocating. We are going to propose possible approaches. As my colleague was saying, we are going to support the bill, but we will be bringing forward amendments. We will have concrete, constructive and coherent proposals when the time comes to study the bill in detail.

We will propose ways to combat identity theft, such as by drawing on the European regulations I was talking about, in order to force the banks to bring in robust processes to verify people’s identity before authorizing a financial transaction. We will also propose to increase fines in order to encourage banks to better protect their customers’ personal information. We will propose that banks be required to submit a detailed report, as part of their annual reporting, on the number of identity thefts and the resulting losses.

We will also propose a requirement to contact any person whose identity has been fraudulently used within the organization, regardless of whether an account was opened or not. As I said earlier, there is no such obligation in place and it must be brought in. There is also an obligation to cover the costs paid by victims to recover their identity. These costs must be covered by the banks, which are rolling in a lot more money than individuals and most of their customers.

There also need to be anonymous tip lines for employees who are aware of unreported identity theft, as well as protection for whistleblowers. There is currently a void when it comes to whistleblower protection, as in virtually all areas. I am getting a little off topic, but the House will have to deal with this issue as well.

Ottawa also has to look in its own backyard. Beyond the banks, the same anti-fraud controls need to be imposed on the federal government itself. Bill C-11 applies only to private businesses. It does not apply to the federal government. Currently, Ottawa’s online identity controls are clearly inadequate. Before authorizing a transaction, the government does not take all the necessary steps to ensure that a claimant is who they say they are.

Since last spring, there have been numerous cases of identity theft. These include Canada emergency response benefit claims made in other people’s names and tax refunds being redirected to other accounts. Some people will not find out that they have been victims of identity theft until they file their income tax returns. It has not yet happened yet, but it will soon. In a few months, many people will discover that they have been victims of fraud. Right now, they have no idea. This is absurd, and it is unacceptable.

Again this fall, thousands of taxpayers lost access to their Service Canada account, which prevented them from applying for employment insurance even though they lost their jobs because their region was going back into the red zone.

It is all well and good to introduce a bill on the management of personal data by private companies. I want to stress that we agree on this bill and that we will vote in favour of it. That part is settled.

However, Ottawa needs to clean up its own backyard as soon as possible and take immediate action to combat identity theft. We are saying yes to regulating private businesses, but we are also saying yes to regulating Ottawa and the banking industry.

We are focused on connectivity. Access is the first principle in the digital charter. Today, as you indicated, in the House I also talked about the digital charter implementation act, which talks about the other aspects and principles in that. It's important that we move forward with these projects. That is why we had to have that public-private partnership to enable us to connect with those communities.

As I've indicated, projects are well under way. We've also supplemented that program with the universal broadband fund, as well as investments in low-earth orbit satellites to provide additional support for communities so they can get access to high-speed Internet connectivity.

Thank you, Madam Chair, and to both ministers, thank you for appearing here today.

Minister Bains, I'm sorry I missed your Bill C-11 announcement in the House, given the conflict with this committee, but we'll see you this afternoon.

I want to start with you. It's a simple question.

In your opinion, has the LEEFF program been successful?

I understand. Thank you.

That means ensuring front-line workers receive the equipment they need to do their jobs, as professionals work tirelessly to find a safe and effective vaccine for COVID-19.

We started the year with virtually no Canadian production of personal protective equipment and a precarious international marketplace, but after launching our “made in Canada” project and seeing industry step up to the plate, I am proud to say that we are now sourcing close to 50% of our personal protective equipment from Canadian companies.

More than 6,500 companies responded to our call to action to rapidly scale up domestic production of PPE. These firms are helping to keep front-line health care workers safe while also providing key manufacturing jobs through these difficult times.

On the vaccine front, we're seeing great progress on development projects right here in Canada. Through our investments in companies such as VBI Vaccines, Medicago and IMV, our government is growing Canada's capacity to find and produce a domestic vaccine for COVID-19.

Overall, this pandemic has made it clear that Canadian industries and its workers are strong, adaptive and resilient.

As we set out on the long road of economic recovery, we must also tap into the strength to build back a better, equitable and greener Canada. Our industries and entrepreneurs will have a crucial role to play and are already rising to the occasion. Our government is there to support them with strategic investments that spur innovation and help create good-quality Canadian jobs.

The innovation superclusters initiative, for example, has been an integral part of our “made in Canada” response, supporting projects ranging from large-scale disinfecting robots to personalized digital mental health care for front-line workers.

Moving forward, we're going to need to be strategic. With global industries moving towards sustainability, developing domestic manufacturing in electric vehicles and batteries will position Canada's auto industry as a global leader in a growing market and help us achieve our climate ambitions.

Similarly, the aerospace sector has always been especially adept at innovating and adapting. We must prioritize support for the supply chain, R and D in aviation and a procurement policy that benefits the entire country. That will position Canada's aerospace industry and workforce for continued success in a changing marketplace.

The increase in Canadians' online activity since March has also reinforced our government's commitment to addressing the concerns that Canadians have about their digital privacy.

This last week, I introduced Bill C-11 to enact the consumer privacy protection act. This legislation would give Canadians more control and greater transparency over the way companies handle their personal information.

I will be giving the Privacy Commissioner tangible authority to issue orders, and I will ensure Canadians have access to world-class privacy and data protection by imposing the highest fines set out in any G7 nation's privacy legislation.

Madam Speaker, today I am rising on Bill C-11, an act to implement a digital charter for government. This is an auspicious moment for Canada, because we are well under way in the digital age, and the need for clarity and concrete action to protect Canadians' privacy is a paramount need. While it is critically important, we also have to remember the need to protect small and medium-sized enterprises and to ensure that Canada can remain globally competitive as a jurisdiction for technology, data and innovation. I am concerned by some of the trends we have seen over the past few years, with Canada falling behind our global competitors, and I am concerned that some parts of this legislation could put us behind.

I am also concerned that we are falling behind when it comes to security. It is great to talk about protecting Canadians' privacy and putting in consent-based rules, but in an age of quantum decryption and computers that can break 120-bit encryption, if our security cannot be protected, then all the consent laws and privacy protections in the world are not going to mean much.

I want to break down this bill into simple terms. They talk about plain language in the bill, and so I am going to try to speak in as plain a language as I can, when dealing with a matter of this technical nature. I want to talk about some of the challenges and, I will grant the government, some of the opportunities that we foresee with this legislation. I want to also thank and recognize the work of the ethics and privacy committee in the previous Parliament, under the able chairmanship of my colleague from Prince George—Peace River—Northern Rockies. Many of the recommendations we have seen in this legislation come from the committee's report, so I think that shows Canadians that committees really do matter in the House, and that they can make a positive impact.

As I said, one of my chief concerns with this bill is its impact on small and medium-sized enterprises. It has been said for a number of years that data is the new oil. For many emerging enterprises, access to data and the ability to use this data will be the determining factor in whether they are successful or not. I do not need to say, but I will, that small and medium-sized enterprises are the lifeblood of our communities, and increasingly we are seeing how vulnerable they are, especially during the pandemic.

We have to consider the context of this legislation within the economy and the economic structures that the Liberal government has created over the past five years. We have seen an unrelenting attack on small and medium-sized enterprises, starting with hikes to Canada pension plan premiums. These hikes will continue even this January, in the midst of a pandemic. When companies are closing their doors and laying off workers, the government is looking at increasing costs even further for employers and employees. It is just not acceptable.

The Liberals in the past accused business people of being tax cheats when they utilized exemptions under the tax code. They decided to take it one step further by hiking taxes and removing these exemptions for many family-owned businesses, including for a lot of businesses and farm families in my riding. With this legislation, they are adding yet another layer of red tape that will force many onerous requirements on small businesses. I recognize that many of these requirements will be very helpful when we are talking about large businesses, and they have the resources to maintain these privacy requirements. I found it interesting that the minister was talking about the right to delete oneself. On many social media platforms that has been the case for a number of years, so it feels like with this legislation the government is trying to catch up to what businesses are already largely doing. However, we see that small enterprises are increasingly reliant on technology and data.

In this legislation, there are a number of new requirements. There is a certification requirement and a requirement for businesses to designate somebody in their business to be the privacy watchdog. Businesses have to maintain databases and be ready to respond to customer requests or investigations. When we talk about very small businesses, which could have only two or three staff or maybe a sole proprietor, to add this new layer of red tape is really going to create a lot of challenges for them.

Ironically, it would actually benefit big businesses because when small businesses have more red tape, they might decide to no longer stay in business. Therefore, we will see even more consolidation among the big players: the Amazons, the Walmarts and companies that are large collectors of personal data. Our thriving, innovative start-up economy will start to be strangled under this legislation.

I hope that when the government is considering amendments at committee, it consults with small businesses. I encourage it to consult with the CFIB to look at the challenges small businesses are going to face, and to try to come up with some sort of threshold to ensure that small businesses are not unduly burdened.

I appreciate that this bill is largely targeted at major corporations and tech giants that use massive amounts of personal data for everyday business. We know that these companies have the capacity to do better in protecting our privacy. I hope that this legislation can spur further commitments to protect Canadians' privacy. However, as I said, it concerns me that these large corporations largely have already implemented a lot of the things that the government is talking about. They have the human resources, legal departments and the endless ability to tap debt markets, bond markets and stock markets to finance these changes. Frankly, small businesses do not.

I asked the minister a question, which he really did not answer, about data portability and the impact on small and medium-sized enterprises. The minister couches it in terms of consumers having the right to ask for their data to be moved from one organization to another. It seems like a really great thing, but I cannot think of too many situations in which a regular Canadian would be the person initiating that conversation. However, I can see where a bank would, for example, when dealing with its insurance arm. Many large Canadian banks also have insurance companies.

There has been a fence put around these companies to ensure they do not become too big and anti-competitive. Information cannot currently be shared between insurance companies and banks owned by the same company, but through this legislation, the insurance company just needs to provide a plain-language document asking clients if they want their information to be shared with its banking arm. With the massive amount of data that insurance companies and banks have on Canadians, we can see how quickly they could possibly use this as a predatory practice to increase, consolidate and suck customers away from small and medium-sized insurance companies.

When I drive through my riding of Sturgeon River—Parkland, I am proud to see about a dozen small and medium-sized insurance businesses for auto, home and life insurance. There are tens of thousands of Canadians employed in this important industry, and they are not all working for the big banks. I really am concerned that this legislation could make our marketplace much less competitive, so I hope the government considers that impact as well.

My next point is about enforcement. I am really skeptical about the government's ability to deliver for Canadians. We see, in spam legislation and other legislation, that a lot of words are not being put into action and there are consequences for actions that are not being followed through on.

Similarly, this legislation packs a lot of firepower. It talks about threatening $10 million in fines, or up to 3% of global revenues. It is the toughest in the G7, as the government has said, but I wonder what power the government really has to compel payment. When we talk about potential serial abusers of our private data, we are talking about massive multinational corporations with billions in revenues.

I wonder if we can anticipate similar challenges as those faced by France when it attempted to collect taxes on digital giants from the United States. These included a challenge at the World Trade Organization and retaliatory tariffs on French products.

I wonder if the Liberals have given any thought to the potential consequences of trying to collect large fines from these companies. Does the government anticipate that our trade competitors are going to let these challenges go unanswered when we try to collect? Have the Liberals considered the consequences that this could have on the Canadian economy, and are they ready to be open about this very real threat? I am not saying that this is not something they should pursue, but we need to know what the potential consequences are before moving too quickly on this.

Canadian innovators are at the forefront of technological advancement, and I think that is something we can all be proud of. However, a concern that has been brought to my attention is the protection of proprietary algorithms by start-up tech companies that rely on data. Some of the provisions in the bill would enforce algorithmic transparency, which sounds great for consumers, but I see that it could be used by business competitors to expose sensitive, confidential and proprietary information.

Has the government considered the consequence of what these actions would do to our start-up companies that want to keep their algorithms proprietary and confidential? A company may be in a situation where it is looking for a buyout at a later date and needs to build up to the point where it can really get the value it believes the company is worth, but if this algorithmic transparency could be used by its competitors to investigate the use of its algorithms, it could possibly be used to steal things that are patent-pending or as leverage in a negotiation for a buyout. I would like to see more stringent protections for our nascent technological sector, to prevent their algorithms from being exposed.

Next, in the bill, the minister sort of alluded to the exemption for socially beneficial purposes. We need to drill down and explore the idea. The minister provided some examples: government, health care agencies and education. I do not think many Canadians could really object to these organizations being exempted, but one point named organizations that exist to promote environmental protection.

We believe in strong environmental protection, but are we possibly talking about environmental charities that may have a political arm or an agenda in an election? Are they going to be exempted to use Canadians' data in any way they see fit? What potential consequences could this have on keeping our elections free from foreign influence or ensuring transparency in political communications? I would really like to get a clearer idea of what the government means when it is talking about socially beneficial purposes, because we are living in an age, as the member for Timmins—James Bay said, when there are data wars. If organizations are misappropriating this data, using it to influence our elections and our democratic process and being provided an exemption, we really need to explore that.

Next I want to talk about the 10 pillars of the digital charter that the government has brought forward. We know that a charter, as any statement of values, is really only as good as the resources and enforcement behind it, so I want to highlight a few of these pillars and address some concerns that I have.

Pillar 1 talks about universal access: “All Canadians will have equal opportunity to participate in the digital world and the necessary tools to do so, including access, connectivity, literacy and skills.” As my colleague for Haldimand—Norfolk was saying, too many Canadians, the fourth coast as some would say, even in relatively urban areas, say that we are far from accessing high-speed and reliable broadband services.

For years, successive governments have pocketed billions and billions of dollars from spectrum auctions. They have been announcing and reannouncing, and in some cases reannouncing a reannouncement, on enhanced rural broadband. The Liberals have promised the universal broadband fund as their solution. They even claimed that they topped it up by another $750 million a few weeks ago, but communities in my riding who recently applied for the universal broadband fund were told that they did not qualify.

I come from a fairly rural riding, and people were basically told that, according to the data, the Internet in their communities is fast enough. That is not acceptable. They should try explaining that to farming families in Sturgeon or Parkland County, or try telling that to people living in Stony Plain, Gibbons and Morinville.

We still have movie rental stores in my riding. I asked somebody how these movie rental stores stay in business, and the fact is, the Internet is so bad, the only way for people to watch movies is to go to their local movie store because they cannot access Netflix and all these other great things.

We are talking about a pandemic right now, and increasingly parents are wanting to supplement their children's education at home. They cannot access their education. A principal of my local high school, Onoway Junior/Senior High School, lives less than one mile away from the high school. The high school has high-speed Internet that is connected by the Alberta SuperNet, but less than a mile away the principal cannot get any Internet services.

The government is saying their Internet is fast enough, and that they do not qualify for the universal broadband fund, but, if we do not qualify, then I do not know who qualifies. This is unacceptable. It is time for the Liberals to put real funds behind real action to deliver broadband access to Canadians in rural and remote areas.

Pillar two of the digital charter is safety and security. It reads, “Canadians will be able to rely on the integrity, authenticity and security of the services they use and should feel safe online”. This is yet another great promise that the Liberals have failed to deliver upon.

I remember over the summer, when scammers used Canadians' personal information on the Canada Revenue Agency website to access CERB payments. These were not foreign actors we were talking about. These were private actors using information that they could get their hands on to breach Canadians' accounts, and this breach was so bad that it even forced the CRA and the Service Canada websites to shut down.

Thousands of Canadians who wanted to were unable to access the CERB, and all the useful services on those websites, because the government has not put security as a priority. Security must be central to digital government and to our digital economy. I appreciate that the government wanted to get those programs out quickly, but we are increasingly seeing the consequences of not building in security from the foundation up.

It was not just the CERB program that was hacked. In February, news broke that the National Research Council systems were hacked, mainly the health research databases. This cyber-attack was caused by ransomware. The hackers used the ransomware to try to extract payment from the government. Every year the National Research Council collects information on more than 25 million health care consumers across the U.S. and Canada. The National Research Council was also hacked in 2017 by state actors.

This continues to be quite a substantial threat. Hospitals and other information technology services are increasingly being targeted by these kinds of crimes. Since 2016, according to a cyber-threat assessment, there have been 172 attacks on individual health care organizations with costs topping $160 million. Those are just the attacks that are known about. It causes one to wonder how many attacks have not even been discovered yet.

It gets worse. Despite the multiple data breaches, the protection on critical infrastructure plan has not been updated in this country since 2009, despite major technological advancements. I alluded earlier to the Manhattan project of data decryption and quantum computing, which we are seeing out of countries like China. They threaten to blow open all of our current encryption technologies. It shows us that the plan is even more critical.

Madam Speaker, Bill C-11 will not protect personal data under the federal government's own jurisdiction. We saw what happened at the Canada Revenue Agency and how easy it is to steal a person's identity for all sorts of reasons. These are outdated tools when it comes to identity and security.

Why are there no rigorous standards set out for government agencies?

moved that Bill C-11, An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts, be read the second time and referred to a committee.

Mr. Speaker, it is with great pleasure that I rise today to discuss Bill C-11, the digital charter implementation act, 2020.

As members know, data and digital transformation is completely changing the way we access information, buy goods and services, connect with each other and live in our communities and cities. This digital transformation has been accelerated by the pandemic, and we are seeing more Canadians moving their activities online. Canadians are using more digital services and sharing more data online than ever before. They want to know that their personal information will be safe and that they are protected.

Recently, the Privacy Commissioner surveyed Canadians and found that the vast majority of Canadians, 92% of them, are concerned about the protection of their privacy, so this is an important issue to many Canadians. That is one of the reasons why last year I launched the digital charter, a set of 10 principles that lay down the foundation that will allow us to build an innovative, digital economy that is inclusive, people-centric and built on trust.

The principles of Canada's digital charter give Canadians more control over their data while helping Canadian companies innovate, grow and create quality jobs for middle-class Canadians across the country.

I would like to take this opportunity to remind members that the principles of the digital charter were very clear, and they focused on control and consent. Canadians will have control over what data they are sharing and who is using their personal data and for what purposes, and will know that their privacy is protected. This is one of the key principles we laid out in the digital charter.

Transparency, portability and interoperability will enable Canadians to easily manage access to their personal data and to transfer it without undue burden.

Data and digital for good is another principle that was laid out in the digital charter. The Government of Canada will ensure the ethical use of data to create value, promote openness and improve the lives of people at home and around the world. How can we harness data to solve problems?

Another key element was strong enforcement and real accountability. There will be clear, meaningful penalties for violations of the law and regulations that support these principles so that Canadians can rest assured that their privacy will be protected.

As members will see, the principles of the digital charter are firmly embedded in the legislation before us today. On top of this foundation sits three pillars: consumer control, responsible innovation and a strong enforcement and oversight mechanism.

Let me begin with outlining how Bill C-11 would give Canadians more control and greater transparency in the manner in which companies handle their information. It would do this by introducing important rules for consent, the right to delete information, data mobility and algorithmic transparency.

With regard to consent, Bill C-11 would enhance consumer control by requiring organizations to get meaningful consent from Canadians. This means individuals would get specific information in plain, simple language, not the 30-page legal document that no one reads. This, in turn, would allow individuals to make meaningful choices about the use of their personal information.

To make consent more meaningful and move away from lengthy agreements that, as I said, no one reads, we are introducing a new exception to consent for the collection and use of information for standard business activities that would be reasonably anticipated by individuals.

Here is an example in plain language. When a customer buys something from a company and gives that company their address, the company can give that address to a delivery company so the customer can get the product they paid for.

Under the law, that company would need to be transparent about how it uses personal information so that consumers are made aware of this and that the Office of the Privacy Commissioner can review these practices.

The second element I want to talk about is the right to delete information. Bill C-11 would allow Canadians to withdraw their consent and demand that data be deleted. When individuals no longer want to do business with an organization, that organization must stop using their information and must delete it permanently if it is asked by individuals. This would, for example, allow a Canadian to demand that a social media site delete their profile. It is very simple, but very powerful.

The next area the bill highlights is data mobility. To improve their control further, individuals would also have the right to direct and transfer their data and information from one organization or entity to another organization or entity in a very secure manner. Bill C-11 would do this by enabling regulations that establish frameworks for secure transfer and interoperability. This approach would support innovation in areas like open banking, where a common technical approach could allow Canadians to take advantage of the consumer-directed financial marketplace in a more secure way.

Another area the bill touches on, which was highlighted through extensive consultations, is algorithmic transparency. In the area of consumer control, Bill C-11 would improve transparency around the use of automated decision-making systems, such as algorithms and AI technologies, which are becoming more pervasive in the digital economy.

Under Bill C-11, organizations must be transparent that they are using automated systems to make significant decisions or predictions about someone. It would also give individuals the right to an explanation of a prediction or decision made by these systems: How is the data collected and how is the data used?

This is a brief summary of what is found in the first pillar of this legislation under more consumer control.

The second pillar of Bill C-11 is enabling responsible innovation.

The digital economy creates significant opportunities for Canadian businesses. Digital activity accounts for 4.8% of Canada's GDP, and when it comes to research and development in this country, no other private sector industry outperforms Canada's information and communications technology sector.

Investment and data has climbed as high as $40 billion. Across the economy, Canadian companies' data is worth as much as all other intangible assets, such as software, research and development, and mineral exploration rights combined. Therefore, we can see the potential of data not only today, but going forward.

Globally, we are seeing unprecedented growth in the technology sector, growth that is only going to pick up as artificial intelligence continues to grow and have a more meaningful impact in our lives. According to some estimates, AI is going to contribute an additional $13.7 trillion to the global economy by 2030.

The government also understands the importance of giving companies clear rules that enable them to innovate while still protecting Canadians' privacy.

Trust is the cornerstone of economic growth and innovation. When Canadians are assured that their data and privacy are safe and protected, it creates space for the kind of innovation that benefits everyone.

Our government believes that greater trust and certainty in the digital marketplace will empower small businesses and entrepreneurs to create news jobs and opportunities, expand their operations and better access the global marketplace.

It is also important to note that the new legislation would help small businesses prosper as well by ensuring that rules for data and privacy are fair, clear, enforced and flexible enough to meet the needs of smaller organizations.

One area that does that is the codes of practice and certification systems. To enable responsible innovation, Bill C-11 would create a framework to recognize the use of codes of practice and certification systems. This would help organizations both comply with the law and demonstrate their compliance, which, in turn, would support innovation and provide an important balance to a strengthened enforcement regime.

Organizations would be able to apply to the Privacy Commissioner to approve a code of practice outlining how the act's general requirements apply in a particular sector or activity. This would give businesses some certainty that if they are following the code they are in compliance.

I also want to highlight de-identified information. Bill C-11 would also clarify how organizations are to handle de-identified personal information. This would enable an important mechanism for both privacy protection and innovative uses of data, which would benefit many small businesses.

Lastly is data for good. In this area, it is important to note that under the second pillar of enabling responsible innovation, Bill C-11 would recognize an exception to consent for socially beneficial purposes in order to clearly allow organizations to support innovative data initiatives such as data trust, which is pursued by a range of public institutions, including hospitals, universities and libraries. There is so much potential with data trust because it can enable us to unlock some of the opportunities that exist to solve some problems across our society.

The next element I want to talk about is strong enforcement. Perhaps more importantly, the proposal would significantly strengthen the enforcement and oversight regime. This is critical.

With this proposal, we will have some of the toughest financial penalties in the world for violating our laws.

Currently, the Privacy Commissioner has little ability to enforce his recommendations on organizations that are non-compliant, other than seeking a hearing by the federal court. Under Bill C-11 this would change. The legislation would introduce a strengthened privacy regime that would be overseen by a more powerful Privacy Commissioner, with appropriate checks and balances in place.

The Office of the Privacy Commissioner would have broad order-making power, including the power to force an organization to stop collecting or using information and delete it. If the Office of the Privacy Commissioner found out that data was collected without appropriate consent, he would have the ability to do this.

As well, the Privacy Commissioner would make sure there is strong and meaningful consequences for organizations that do not comply with the law. The Privacy Commissioner would have the power to recommend administrative monetary penalties of up to $10 million, or 3% of global revenues, whichever is higher. The range of serious criminal offences would also be expanded, with a new maximum fine of up to $25 million, or 5% of global revenues, whichever is higher.

The legislation would introduce the new personal information and data protection tribunal, which would review appeals of the commissioner's orders and levy penalties.

This new administrative tribunal will help ensure procedural fairness in how the commissioner applies the new and enhanced enforcement powers. It will provide individuals and organizations with easier access to justice through a less formal mechanism for appealing decisions.

This enforcement regime would recognize that early compliance with the act remains critical and that is the key part. Early compliance will remain critical for the protection of Canadian privacy. We need to build on the commissioner's existing abilities to secure early resolution through compliance agreements. We want to make sure that Canadian companies actually comply with the legislation.

This new regime would see stronger collaboration between the Privacy Commissioner, stakeholders and implicated institutions, including federal organizations. When the commissioner is developing that guidance, it is important to have that level of collaboration. This will ensure there is a strong alignment between the law and how it is explained and enforced, and help avoid confusion for those trying to follow it. Again, this will provide further clarity.

To summarize, the third pillar of Bill C-11, strong enforcement and oversight, would introduce an escalating model that provides incentives for organizations to comply early. The focus is on compliance. Strong penalties will exist if they do not follow through. There will be a new tribunal to ensure the process will be fair, transparent and accessible for businesses of all sizes.

The three pillars of Bill C-11 work together to provide what Canadians need to engage in the digital economy: strong and enforceable protections for personal information, along with clear rules for businesses to follow as they innovate and deliver new products and services.

It is also important to note that the legislation would help protect the privacy of Canadians, while strengthening the ability of Canadian businesses to compete globally. This positions Canada to succeed internationally.

When PIPEDA was introduced in 2000, it was considered a global leader among data protection laws. In 2002, the European Commission found that PIPEDA provided adequate protection relative to EU law. The finding of adequacy gave us an international edge by allowing us to have free flow of data between Canadian and EU companies.

More recently in 2018, the EU brought into force its GDPR, the general data protection regulation. Since then, the EU has been reviewing Canada's adequacy against the GDPR. They have made it clear that we must reform our privacy regimes in order to maintain our advantage when it comes to this status. I believe the legislation would achieve GDPR adequacy while maintaining the made in Canada approach.

Lastly, I want to conclude by mentioning stakeholder reactions. This approach reflects years of public study, consultations and collaboration. It builds upon the fundamental work of the House of Commons Standing Committee on Access to Information, Privacy and Ethics, as well as important deliberations in the other place.

I can tell members the legislation has gained support from a wide range of stakeholders. Goldy Hyder, the president and CEO of the Business Council of Canada, spoke positively about this. Michael Geist, who is well recognized in this area of expertise, said this is “Canada's Biggest Privacy Overhaul in Decades”. OpenMedia calls Bill C-11 “a big win for privacy in Canada.”

We know that Canadians will continue to use digital services that require the use of their personal data, and we know there is no turning back.

I will conclude with this last remark.

As the COVID-19 pandemic continues to increase our reliance on the digital economy, Bill C-11 will help Canadians embrace this new world, knowing that their personal information is protected and safe.

Mr. Speaker, I thank my kind colleague for the extremely important and very useful question he repeats every week on the status of parliamentary business.

This afternoon we will continue debate at second reading of Bill C-10, an act to amend the Broadcasting Act. Tomorrow we will resume debate at third reading of Bill C-3, an act to amend the Judges Act. Monday of next week will be devoted to the study of Bill C-8, on the Truth and Reconciliation Commission's call to action number 94. On Tuesday, we will begin our study of Bill C-11, an act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act, which was introduced earlier this week by my colleague, the Minister of Innovation, Science and Industry.

Pursuant to Standing Order 81(4), I would like to designate Tuesday, November 24 for consideration in committee of the whole of the main estimates for the Department of Fisheries and Oceans, and Thursday, November 26 for the Department of Health.

Lastly, there have been discussions among the parties, and I believe you will find unanimous consent for the following motion:

That a take-note debate on the status of the French language in Montreal be held, pursuant to Standing Order 53.1, on Wednesday, November 25, 2020, and that, notwithstanding any Standing Order or usual practice of the House: (a) any member rising to speak during the debate may indicate to the Chair that he or she will be dividing his or her time with another member; and (b) no quorum calls, dilatory motions or requests for unanimous consent shall be received by the Chair.

moved for leave to introduce Bill C-11, An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.

(Motions deemed adopted, bill read the first time and printed)

I'm really trying to follow Madam Shanahan. She has explained all the things she's learning about electric cars. I don't know if she wants to make that part of the study, but if the Liberals ae going to talk the clock into the coming weeks about the U.S. electoral system, I think that's very problematic.

Is the United States and what's happening in the States something the Liberals are trying to drag into our committee when we are the ethics and privacy committee? I'm not surprised. It's probably a step up from Mr. Sorbara's digressions into underwear, but this has nothing to do with the issues before our committee.