44th Parl. 1st Sess.
March 7, 2023 10:00AM
Madam Speaker, that is also an important question, because I think what the member did not reference, which I will reference specifically, are the instances where governments used this information.
I think that informed consent is an inherent right to privacy and protection. The AIDA must apply to government institutions, given that the AIDA only currently applies to the federal private sector, as government institutions are explicitly exempt from this. It is imperative that the AIDA's framework be brought in to include government institutions.
Let us be very clear. Individuals ought to always have informed consent about where their information and data go. There ought not to be situations, outside of warrants expressed through our legal system, that allow for the collection, maintenance and distribution of personal information online.
130 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I think it is ironic that members of the Liberal Party, the government, are claiming some sort of aversion to big corporations. Obviously, they have not read the bill. Subclause 18(3) says:
(3) An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for the purpose of an activity in which the organization has a legitimate interest that outweighs any potential adverse effect on the individual
The government does not believe in the protection of personal privacy. It believes in the protection of access to data for companies.
106 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, my colleague is probably hearing from constituents, as I am. The bill seems to be silent on the selling of personal data. It is silent on facial recognition. She mentioned the artificial intelligence part of it. It seems that the new artificial intelligence part of it was just jammed alongside, and there is not a lot of thought in there.
She did not comment on the concept of implied consent. I thank my Liberal colleague for bringing up the protection issues. The bill does mention the term “implied consent”. That would allow businesses to take a user's consent to use their data and information for new purposes without actually obtaining it. I wonder if she could comment on that and why it is so important to get that right.
134 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I just want to put a question to my hon. colleague from Calgary Rocky Ridge, with whom I worked on the ethics committee and who is knowledgeable about situations concerning access to information. It is a question that the people of Trois‑Rivières asked me when I was out in the community.
With the arrival of ChatGPT, is it not true that a large part of this bill will have to be rewritten because it has become obsolete due to this important change in the reality of access to information?
95 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I rise today to address the House with respect to Bill C-27, the digital charter implementation act, 2022. It is just a year or so behind.
Thirty-four years ago, the Supreme Court of Canada recognized that privacy was at the heart of liberty. Much has changed since 1989 and little more drastically than the continuous transfer of the private information of Canadians to other organizations. The questions we need to ask are these: What are the costs of and what are the benefits of the availability of Canadians' private information for the use of others?
Many organizations see themselves as supplying useful value to Canadians by being provided, whether by contract or by capture, private information that is not knowingly provided by citizens. Examples include service companies that recognize when a consumer might be able to save a percentage of their fees by bundling certain services. In such a case, the benefit of this information availability is shared by the consumer and the service provider.
Let us make no mistake. What drives the action by the service provider is profit, which is known as the greater share of wallet. Nevertheless, in such cases, the consumer sees the benefit of being included in the information sharing, whether they know it has occurred or they do not.
This apparently benign approach to gathering information has now stretched to our daily lives, where our computers, our phones and our in-home private intelligent assistants, like Siri and Alexa, are gathering information on us. When my sons are at their homes and use Siri, they say, “Siri, turn on”. They have figured out that Siri was listening the whole time. A lot of information is being culled. Do we know that our information, in that case, when we have not actually disclosed it willingly, is being used in a benign or creditable way? Which of that has become public information to be monetized by somebody else? That is what is occurring.
Large corporations are gathering data that is being sold to others for their own purposes. That supposedly benign relationship is now being passed to another organization, in that case, that is paying the information gatherer, and so on. There is no accountability mechanism to the individual for the benefit of the supply of one's information to flow.
There is only one measurement at play, and that is profit. One need only look at the incredible financial returns associated with these technological information-gathering companies, including the Googles, the Metas, the Amazons, etc. None of those are Canadian, by the way, and realize that the value-extraction industry is lopsided in their favour. At no time in human history have start-up companies, many without a tangible product, achieved such lofty valuations so quickly. Billionaires are created out of computer code, which provides what, exactly. It provides our information.
Value is created and destroyed in commercial markets. That is the economic engine that has led the western world to prosperity, but value is only traded in financial markets. Let us ask this: Is the culling and selling of private information, however obtained, creating value or transferring value?
In that respect, the intent of this bill is good. It is designed to modernize the protection of Canadians' digital privacy rights. It is past due, and it is important. It cannot be delayed by another prorogued Parliament or another unnecessary election call, as happened to the prior bill that was introduced to advance this issue in the last Parliament. The aim of this bill is good. The execution, I would say, is way off. I see a bureaucratic solution, designed by bureaucrats, for use by bureaucrats, with what would be a minor effect for the Canadian population in general. As we say, if you are a hammer, everything looks like a nail.
The design outcomes of this bill are increasing bureaucratic oversight. The personal information and data protection tribunal act would have six members and would be put together in a tribunal, three of whom would have experience in information and privacy law. Only three out of six, which is half, are going to have experience in the very laws that they would be overseeing.
This is going to be responsible for determining the severity of financial penalties. It would have a staff of 20 with a budget, along with a larger budget for the Privacy Commissioner, which already exists. Does anybody see any redundancy in this solution?
There is a litany of financial penalties listed through this bill and a host of requirements of all businesses, even small businesses, which are going to find the requirements of this bill onerous in the extreme. Joe's Garage is going to be treated with the same expectations as the Royal Bank and face the same potential penalties.
I will read from this legislation something that would scare any small-business person. This is about privacy management programs, as required under the legislation. It states that, “Every organization must implement...a privacy management program that includes the [organization's] policies, practices and procedures....”
It further states that, “...the organization must take into account the volume and sensitivity of the personal information under its control.” What does that mean, and how do we interpret that?
It also states, “...the organization must ensure, by contract or otherwise, that the service provider provides [substantially the same] protection....” Therefore, a businessman is going to need to ensure that something nebulous is not being provided by their service provider when forwarding information. Clearly, no one involved in this bill's design has even considered what this means for Canada's small-business community.
Here is the issue for Canadians. Who has the most information on Canadians? Governments, first of all. Who is likely to get information hacked? Those same governments.
This bill shows a complete lack of accountability by the government regarding how it might misplace or misuse Canadians' data. Is the government going to fine itself in such an instance? I doubt it. That would be a round-trip anyway, at that point in time.
Banks, secondly, have a lot of information about Canadians, and they use that information to increase their returns. They have large bureaucracies, large legal departments and government relations departments to stick-handle these fines. I should note, in this legislation, many exemptions are included. Therefore, we are building more bureaucracy. That is just what Canadians have elected us to do, I say very sarcastically.
On top of the 30% increase in federal government employees over the past six years, we are going to build more bureaucracy. What this bill should be doing is trying to strike a balance between business use of data and the fundamental protection of our privacy.
Let us quickly discuss some of the nefarious uses of digital information gathering. Let us go back to the pandemic, when CERB payments were given out to Canadians, and how many criminal organizations misused that government information to pilfer the pockets of Canadian taxpayers and get undeserved CERB payments into the wrong accounts. This is what happens when government information is pilfered, and this is the main problem with the privacy of Canadians' information.
My advice to the government is to get this bill moving. It is way behind other jurisdictions on this very important issue. Look at how the absence of privacy protection has affected Canadians, and take a look at where the value of Canadians' information has gone: to all the large American tech companies.
The government must listen to that input and the alternatives that are going to be put before it when it puts together this bill. Hopefully, the government amends this bill so it actually addresses the privacy of Canadians in a more complete manner. Listen to that input and to those alternatives. As the Supreme Court of Canada reiterated 34 years ago, Canada needs to recognize privacy as a right, so let us get to work in providing an outcome that actually safeguards Canadian's privacy.
1348 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is a very good question. Often, we differ on policies in the House, but it is still good to wish others here a happy birthday, no matter whether we differ in our policy positions one way or another. Cordiality, of course, is very common here. When we are saying happy birthday to somebody, I think it is recognizable that when we are on that website and filling out a form, people are culling that information. They are using it and they are actually interpreting it as something that we may not necessarily intend.
That is exactly what is happening in the world right now. How this bill addresses that concern is beyond me at this point in time, because we have actively given that information, and that is going to continue to happen. We have probably filled out the form or checked off the box that says that we agree to supply the information, and it is probably 60 pages long, about how to actually access that going forward.
This is something this bill needs to address. It is something it needs to address in a legitimate and concise fashion so that small businesses and individuals understand what that relationship is and how it transpires.
208 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I was hoping the hon. member could just elaborate a bit on some of the concerns around the personal information and data protection tribunal. It seems there is no justification for this tribunal. No privacy regime in the world has this tribunal. It introduces unprecedented levels of complexity, potential delays and uncertainty, so I am curious about the member's thoughts on this.
65 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, why bring forward legislation that does not define “sensitive information” in the context of children? We all know this is a problem. I acknowledge this is a problem. Why not do the work right now? There are a lot of very talented public servants who could define “sensitive information” in the context of children.
In relation to clause 128 and the fines imposed on people who would break the Privacy Act, the Government of Canada wants the ability to go after global tech companies and ask them to pay the government a portion of their earnings from a previous fiscal year, but the government is not capable of doing that right now. It is absolute fluff.
122 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
