44th Parl. 1st Sess.
March 7, 2023 10:00AM
Madam Speaker, I want to use my speaking time in the House to note that today is the 85th day of the blockade of the Lachin corridor. This blockade has left 120,000 Armenians in Nagorno-Karabakh without access to health care, food and medication. This situation has been denounced by the European Parliament, by Amnesty International and, last week, by the International Court of Justice. I urge the federal government to do more and apply pressure to ensure that these 120,000 Armenians can have access to food and to prevent a humanitarian crisis.
I am pleased to rise in the House today to speak to Bill C-27, an act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other acts.
This bill includes many things and covers many topics. I want to begin with the part on artificial intelligence. The NDP was a bit concerned by the fact that in the wake of Bill C‑11, this whole new part on the Artificial Intelligence and Data Act was added to Bill C‑27. We think this is a separate issue that needs to be dealt with separately. It is a huge topic in and of itself. We are pleased that the bill is being split so that we can study it in two parts.
In my riding, Rosemont—La Petite-Patrie, there is a burgeoning AI hub that provides jobs for hundreds, maybe even thousands, of professionals. I have met people who were a little worried about the federal government being kind of hasty in dealing with an issue as complex as AI. They are particularly worried about the fact that the U.S. and the EU have laws and regulations already. They think we need to take the time to make sure Canada's regulations are compatible with what is being done elsewhere, with our trading partners and our competitors, just so that it will be easier to attract talent down the line and get these professionals to go work in Montreal, Toronto, Vancouver and other places in Quebec and Canada. They want to avoid the kind of incompatibility that could result in unnecessary obstacles.
With respect to the protection of personal information, I believe that, sadly, a string of scandals has made people aware of this issue, and they realize that our laws and regulations must be updated and adapted. Consider the personal information and data breaches and the problems this causes for people. I will quickly mention a few examples. The problems with Yahoo, Marriott, and Mouvement Desjardins in Quebec, as well as Facebook, all revealed the need for new measures to help victims who have had data and their personal information stolen in several countries. We need only think of the 2019 settlement in the U.S. for the Equifax data breach. It is quite significant, given that Equifax is one of the largest companies people rely on for their credit score so they can make purchases or borrow money. This is not trivial.
Here, in 2019, the Office of the Privacy Commissioner of Canada found that Equifax fell short of its obligations to Canadians and Quebeckers. He then had the company sign a compliance agreement that did not require the payment of any fines or damages for Quebec or Canadian victims. This happened just a few years ago and clearly demonstrates just how outdated Canada's legislation is.
That is why the NDP will be supporting Bill C-27 at second reading. We think it is important that the bill be sent to committee, because we see all the cracks and gaps currently in the bill. It is important that the Office of the Privacy Commissioner be strengthened to bolster enforcement measures to protect consumers and Canadians. Bill C-27 needs to be amended to improve things. There are some shortcomings in this bill. There is even some backsliding in relation to Bill C-11, its predecessor in the previous Parliament, before the last election.
Privacy concerns everyone. In a digital world where social media and online entities are taking up more and more space, we have to remember that, although it is nice to use them sometimes—and they can be of great service—we are the ones who have become the product. Our personal information is the source of huge profits, and we need to be aware of that.
Our information is used to target the advertising we see on our devices when we go to websites. That targeting is based on our personal choices, preferences and searches. Big corporations create profiles and use them to sell advertising. We are the product. These companies make money off the information we give them for free. I have met people who had an interesting suggestion. Maybe these companies should pay us because we are their source of profit. They make money off the targeted advertising they sell, and that is how they plump up their bottom line.
We need to modernize our privacy protection laws. We also need to start thinking about the implications of handing over so much information about our consumer behaviour, our travel patterns, our interests and everything we search for online. We have to prompt people to think about that.
The bill is interesting because it creates a lot of new regulations and a new tribunal. The NDP thinks that is a good thing, but the bill does not go far enough. For example, the bill sets out a private right of action for individuals, but it does not really make it possible for consumers who have fallen victim to privacy breaches to be compensated, unlike what is being done in the United States. This right comes with various rather ineffective stipulations, so although there are new provisions, like this new tribunal, the bill provides for very little recourse.
A few years ago, the NDP published a digital bill of rights for Canadians. In it, we called for new, more effective provisions on consent and the sustainability of data. We called for the government to give the commissioner order powers and to impose larger and more consequential monetary penalties. We also called for transparency with regard to algorithms and more protection against abuse.
I think that the government could draw inspiration from the NDP's digital bill of rights to amend, enhance and improve the bill before us today. Once again, I have to say that this bill takes half steps because it proposes half-measures. There are some rather interesting measures in this bill, but they do not go far enough.
For example, there is still a significant imbalance between commercial interests and individual rights. Unfortunately, the Liberals are still in the habit of putting commercial interests ahead of the rights of citizens. For example, the new preamble of Bill C‑27 tries to present privacy as an individual interest tied to fundamental rights, but still does not directly recognize that privacy is not just an essential aspect of fundamental rights, but a fundamental right in and of itself. It considers the right to privacy to be part of Canadian norms and values, rather than a fundamental right. I think this part of the preamble of the bill should be changed.
There is also some backsliding. Under Bill C‑27, individuals would have less control over the collection, use and disclosure of their personal data, even less than what was proposed in Bill C‑11, which was introduced during the last Parliament. That is really the crux of the matter. If we do not have control over the information we provide or the way it is used or shared, it will be a wild west, total chaos. That is what we are seeing now, in fact. This is a step backwards, and I think that the NDP will be proposing amendments to restore this balance.
Under the bill, information that has been de-identified is still personal information, with some exceptions. There are quite a few exceptions, including in clauses 20 and 21, subclauses 22(1) and 39(1), and the list goes on and on. Roughly a dozen clauses contain multiple exceptions, so it gets extremely complex and confusing. It seems to me that this is going to give big corporations and web giants a way out, through loopholes and back doors. They will be able to do whatever they want because of this list of exceptions.
We in the NDP will be supporting the bill at second reading, but there is still a lot of work to be done to improve the bill.
1459 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague for his question, because it is really important. I am not saying that just because I have teenagers at home. We also see the dangers of social media and the fact that young people's privacy or personal information can be exploited. In that regard, once again, Bill C‑27 does not go far enough.
Bill C‑27 includes an interpretation clause stating that the personal information of minors is considered to be sensitive information. However, in the current bill, there is no definition or explicit direction as to what constitutes sensitive information. Once again, the work is only half done. What exactly does “sensitive information” mean when we are talking about information on a minor, someone under 18 years of age?
We will have to move amendments to make this much clearer.
144 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague from Repentigny for her question, which gives me an opportunity to talk about the laissez-faire approach that has been taken. There were years of neo-liberalism where private corporations reigned. The government let them do pretty much whatever they wanted. I think that the progressive forces and the left, in general, always need to be there to push our governments to do more to have more regulatory frameworks to keep people safe, for example.
Today, we are talking about the security of personal data, but we could also talk about rail safety. Think about Lac-Mégantic. The railway companies are inspecting themselves, to see if they meet the standards. I do not think it is responsible for a government or a society to allow these big corporations to supervise themselves, to do their own inspections and then to say that they did everything right, when they tend to cut corners to make a profit.
163 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, when we hear that certain things can be done through regulation, that calls for a bit of a leap of faith. The bill needs to have clear guidelines and provide specific direction so that the regulations can then be coherent and consistent. It is not good enough to say that things will be done correctly later through regulation.
For instance, the current Bill C‑27 contains no guarantee that when someone asks for their data to be destroyed, it will actually be destroyed and stay that way for any length of time. We will have to work on this to ensure that the regulations really do help Canadians.
111 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
