44th Parl. 1st Sess.
March 28, 2023 10:00AM
Mr. Speaker, to bring it back to the topic of this debate, Bill C-27, the intention of the bill is to modernize the protection of digital privacy rights in Canada. The previous iteration of the bill was roundly panned by stakeholders when it was introduced in the previous Parliament. However, in this new version, Bill C-27, the government has added a few new elements, for example, regulating artificial intelligence.
Unfortunately, there are so many different elements within the bill that nobody can actually address all the issues within a 10-minute speech, so I will focus on the privacy issues that are sorely lacking within the legislation.
The bottom line is that the new bill, Bill C-27, remains fundamentally flawed and is, simply put, a redux of the former bill. Essentially, what it would do is put lipstick on a pig.
The dramatic and rapid evolution in how we gather, use and disseminate digital information in the 21st century has presented the global community with not only a lot of opportunities but significant challenges as we try to protect society and individuals against the unauthorized use of their data and information. This directly implicates the issue of privacy and the various Canadian pieces of legislation that address the issue of privacy.
This is not the first time the Liberal government has tried to “fix” a problem, and I use that term advisedly. It tries to fix things, but just makes things worse. In the 21st century, we are faced with immense challenges in how we protect individuals, our Canadian citizens, against those who might misuse their data and information. Any suggestion that this digital charter is actually an articulation of new rights is simply wrong. This is a digital charter, but it is not a digital charter of rights.
I will turn to the most significant and substantive part of the bill, the privacy elements. Very little of this legislation has been changed from the original Bill C-11, and the government has not measurably responded to the criticism it received from the stakeholders when the previous version of the bill was reviewed at committee.
There are five key additions and alterations to Canada's existing privacy protection laws.
First, the bill expressly defines the consent that Canadians must give in order for their data and information to be collected and used, and there are guidelines attached to that. We commend the government for doing that clear definition of consent.
Second, Bill C-27 addresses the de-identification, the anonymization of data that is collected by private companies. Again, that is important. We want to ensure when private businesses collect information from consumers that this information is not attached to a specific individual or citizen.
Just to be clear, the bill contains numerous broad exemptions, which we could probably drive a truck through, and will likely create the loopholes that will allow corporations to avoid asking Canadians for permission.
Third, the bill provides that all organizations and companies that undertake activities that impact the privacy of Canadians must develop codes of practice for the protection of the information they collect.
Finally, the act would create harsher financial penalties, up to $25 million, for a violation of Canadian privacy rights. We, again, commend the government for doing that.
However, let me say for the record that what we do not support is the unnecessary creation of a new personal information and data protection tribunal, which is another level of bureaucracy that would add more layers of complexity, delays and confusion to the commissioner's efforts to enforce privacy laws.
Canada is not alone in expressing concern over the risks that digital information and data flows represent to the well-being of Canadians and our privacy rights. Many other countries are grappling with the same issue and are responding to these threats, and none more so than the European Union. The EU has adopted its general data protection regulation, the GDPR, which has now become the world's gold standard when it comes to privacy protection in the digital environment.
The challenge for Canada is that the EU, which is a market of over half a billion well-heeled consumers, measures its willingness to mutually allow sharing of information with other countries against the GDPR, the standard it has set. Those who fall short of the rigour of that privacy regime will find it difficult to conduct business with the EU.
Do our current regime and this legislation measure up to the GDPR from the EU? No, probably not. In fact, for years Canada's digital data privacy framework has been lagging behind those of our international counterparts. The problem is that if we do not meet the standard, we will not be able to do the kind of business with the EU we expect to. As someone who played a part in negotiating our free trade agreement with the European Union, I know it would be an absolute travesty to see that work go to waste because our country was not willing to adopt robust privacy and data protections.
I note that, as is the custom with our Liberal friends, the bill creates more costs for taxpayers to bear. There is a creation of new responsibilities and powers for the commissioner, which we support, but this legislation calls for the creation of a separate tribunal, a new layer of bureaucracy and red tape that small and medium-sized enterprises will have to grapple with.
There are other unanswered questions. Why does this legislation not formally recognize privacy as a fundamental right? Regrettably, as presented, Bill C-27 misses the opportunity to produce a path-breaking statute that addresses the enormous risks and asymmetries posed by today's surveillance business model. Our key trading partners, especially the EU, have set the bar very high, and the adequacy of our own privacy legislation could very well be rescinded by the EU under its privacy regime.
Thirty-five years ago, our Supreme Court affirmed that privacy is “at the heart of liberty in a modern state”, yet nowhere in this bill is that right formally recognized. Any 21st-century privacy regime should recognize privacy as a fundamental human right that is inextricably linked to other fundamental rights and freedoms. By the way, I share the belief that as a fundamental right, it is not appropriate to balance off the right to privacy against the rights of corporations and commercial interests. Personal privacy must remain sacrosanct. When measured against that standard, Bill C-27 fails miserably.
I have much more to say, but I will wind down by saying that this bill is another missed opportunity to get Canada's privacy legislation right by consulting widely and learning from best practices from around the world. There is a lot riding on this bill, including the willingness of some our largest trading partners to allow reciprocal data flows. This bill is not consistent with contemporary global standards.
The Centre for Digital Rights notes that this legislation “fails to address the reality that dominant data-driven enterprises have shifted away from a service-oriented business model towards one that relies on monetizing [personal information] through the mass surveillance of individuals and groups.” That should be a wake-up call to all of us. Sadly, this bill fails to listen to that call. Let me repeat that there is a move toward monetizing personal information through mass surveillance of individuals and groups, and the government has not yet recognized that.
For those reasons, I expect the Conservatives will be opposing this bill and voting against it.
1277 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
No, not at all, Mr. Speaker. We are certainly not trivializing Bill C-27. In fact, right now it is only the Conservative members of Parliament who are speaking to it. This is the most important issue of privacy and protecting the privacy of Canadians within an emerging digital environment. I am disappointed that my colleague from the Bloc does not take this issue seriously enough to get up in this House and debate it. It is important that we get this right.
What we have is a redux of the old bill the Liberals brought forward. It was so roundly castigated and panned at committee that the minister had to go back to the drawing board. However, he has come back with essentially the same milquetoast legislation, which does not address the most critical parts of protecting the privacy of Canadians.
142 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I have mutual respect for the member. We are both from the class of 2006, I believe.
Mr. Charlie Angus: It was 2004.
Hon. Ed Fast: Mr. Speaker, yes, 2004. He has a couple of years on me.
I agree with him 100%. What has happened is the government, in order to protect its right to interfere in protecting the privacy rights of Canadians, has established a tribunal that could override the commissioner's investigations of violations of privacy rights within Canada.
The member mentioned the Clearview AI situation. He is absolutely right that it was a fundamental breach of our privacy rights. However, there are Canadian companies like Tim Hortons that have also violated Canadians' privacy rights. That is why it is important that we get this right and not put through a milquetoast bill that will not achieve what we want and that allows the Liberal government to continue to interfere and protect its big business buddies.
I just mentioned the importance of making sure our privacy rights are protected in an era when data is being monetized. Canadians' own personal information is being monetized by corporate interests. We need to make sure that our rights are protected, and this bill does not go far enough.
210 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, it is an excellent question because that is the fundamental failing of Bill C-27. We have an opportunity, once and for all, to express and codify Canadians' right to have their personal information and data protected. Typically, that kind of statement of purpose goes into the purpose section. It is completely missing from that section because we know the Liberals are not really serious when it comes to protecting Canadians' privacy rights. We can do better than this.
81 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, the member should know what the parliamentary process calls for. Bills that come forward to this chamber have the opportunity to be considered at committee. We then call in witnesses and stakeholders from across the country to express their views on legislation. It is within that context that I have expressed serious reservations about the legislation as it is currently drafted.
I expect we will allow this bill to go to committee, and hopefully the Liberal government will do what it so rarely does: listens to the stakeholders, listens to the witnesses and then makes the fundamental changes to the legislation that I have referenced. That could make this a salvageable bill and allow us to vote in favour of it.
123 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
