- Member of Parliament
- Member of Parliament
- Bloc Québécois
- Trois-Rivières
- Quebec
- Voting Attendance: 63%
- Expenses Last Quarter: $100,349.98
- Government Page
Madam Speaker, I thank my colleague from Louis-Hébert for his speech. I thought it was open, balanced and reasonable, which is unsurprising coming from someone who refers to Jankélévitch and courage.
I would like to know what he thinks about Europe's ongoing efforts to draft the AI act, which could become a global standard, as the General Data Protection Regulation did for privacy protection.
72 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, my colleague spoke at length about regulating AI. I wonder if she is aware of the European Union bill called the AI Act that was introduced in November 2021 and is currently being studied for adoption by the European Union.
Does she believe we should wait and take guidance from this standard, which is set to become the golden rule internationally anyway?
64 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, the section of the legislation on artificial intelligence, or AI, suggests self‑regulation. I would like to know whether my colleague supports self‑regulation or if, on the contrary, the state should further regulate the use of AI.
42 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, in his speech, my colleague referred to privacy as a fundamental right. The former privacy commissioner also raised the topic of privacy as a fundamental right before the Standing Committee on Access to Information, Privacy and Ethics.
I would like to know what he means when he uses these words. Does he consider privacy to be a fundamental right?
61 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague for her speech.
Obviously, artificial intelligence can be put to good or bad use. One thing puzzles me, though. Generative AI, which describes ChatGPT, has recently displayed truly superior ability. It managed to gather a trove of data that would have been unimaginable even a few months ago. However, the legality of how this trove of data was obtained is unclear.
In relation to the part of Bill C‑27 that deals with personal information and privacy, I would like to ask my colleague if she is concerned about how ChatGPT obtains data.
101 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, rather than fixating on whose fault it is, which is not getting us anywhere, I would like my colleague, who gave a very interesting speech, to tell us whether she believes that Bill C-27 is still as valid as it was before the advent of generative AI, specifically ChatGPT.
Do we need to start over or is she happy with the result?
66 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I just want to put a question to my hon. colleague from Calgary Rocky Ridge, with whom I worked on the ethics committee and who is knowledgeable about situations concerning access to information. It is a question that the people of Trois‑Rivières asked me when I was out in the community.
With the arrival of ChatGPT, is it not true that a large part of this bill will have to be rewritten because it has become obsolete due to this important change in the reality of access to information?
95 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, Bill C‑27 was supposed to tighten control over personal information, but it fails to address that practice and it does not recognize the fundamental right to privacy as recommended by the Privacy Commissioner.
Bill C‑27 does not require businesses to seek valid consent of clients before sharing their data. The simple act of requesting an electronic receipt does not constitute authorization to provide our personal data.
Will the government amend Bill C‑27 to protect client data rather than the right of businesses to share the data without consent?
96 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank the hon. member for his question.
I was speaking on Bill C-27 this morning. I am not an expert on the notwithstanding clause. Unfortunately, I will not be able to answer his question because I do not have the legal background to do so.
49 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, yes, I do. I believe that even the legal team who wrote the conditions we have to read before we agree to use Apple, for example, has not read all the conditions because it is too complex. Obviously, this needs to be put in layman's terms and simplified. When we sign a contract, it is advantageous to the drafter of the contract. When we are required to sign the contract, as in the case of an Apple iPhone, it is a problem.
In past meetings of the Standing Committee on Access to Information, Privacy and Ethics, we voiced our desire to simplify this and draw inspiration from Europe's General Data Protection Regulation to determine if it is possible to move forward without accepting the conditions.
129 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague for his question.
When we reviewed the geolocation project at the Standing Committee on Access to Information, Privacy and Ethics, we realized that someone with a Telus phone had not consented to their data being shared. It is very clear.
There is already an education component in the Privacy Commissioner's mandate, but I think it needs to be exercised more, because right now, when people click on “I agree”, most of them do not know what they are agreeing to.
As part of a recent committee mandate, we recommended that it should be possible to continue without accepting. I think there needs to be good privacy education in schools and at home. However, I also think that the Privacy Commissioner should be doing more on the prevention side of things. Right now, we are basically left to our own devices. Once we click “I agree”, it is too late.
160 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my hon. colleague for that excellent question. At this point, we do need some parameters we can use to define the tribunal's role and the Privacy Commissioner's role. I think the commissioner should have a little more power.
I am usually on the Standing Committee on Access to Information, Privacy and Ethics, but this time around, I will be on the Standing Committee on Industry and Technology because I want to make sure this work gets done. I will make sure that we do this work rigorously, that we take a non-partisan approach to assessing this bill and that we get everyone on board with the bill.
Let me reiterate that this bill will have an impact on people's lives in the future. That is why we cannot let it become a political tool. I do not think it is one at this point, but I want to make sure it never becomes one. We will have to clearly define the roles of the tribunal and the Conflict of Interest and Ethics Commissioner, as well as those of the higher courts, which may want to rule on these matters. There is some confusion about these roles that needs to be cleared up.
210 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, for a bill like this one that will have such a major impact on society, I think that we need to invite a rather broad range of witnesses, whether it be anthropologists, philosophers, ethicists, demographers or futurists. We will invite a computer scientist to appear at the end. The idea is that we need to think about the world of tomorrow and beyond.
I think that we should invite witnesses from all backgrounds and that we need to have the legislative maturity to listen, even when what we are hearing may be unpleasant. When exploring every angle of an issue, we need to hear all points of view and I am willing to do that.
117 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I completely agree with my colleague's comments.
Bill C‑27 is a good bill, but it is incomplete. We need to go further with respect to protecting the rights of minors, in particular. Today, minors are vulnerable, but they are the ones sharing the most data without it being protected. They will have to live with that for their entire lives. Therefore, I completely agree.
I hope that in committee we will be able to propose amendments that are accepted by the government in order to protect minors.
92 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, to reassure my colleague, Quebec does indeed mention that the right to privacy is a fundamental right.
What is most important is that the Quebec act protects the data, no matter where it is used. It is protected based on the location of the individual. The laws apply in that place. At the same time, we do not only consider the size of the entity, but also the source of the data.
These are minor differences, but they are important at a time when data is shared around the world.
92 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I would like to begin by giving a shout out to my constituents in Trois-Rivières, whom I will be visiting all next week in my riding.
When I talk to people on the street, privacy is a topic that comes up a lot. They know that I sit on the Standing Committee on Access to Information, Privacy and Ethics, and privacy comes up often. People tell me that it is important, that we must do our best to rise to the challenge. Today, we have the opportunity to debate that very subject.
Society is a human construct. It is a reflection of how we organize our lives together. It reflects our vision of the world, the role of a citizen, the role of the state. In a democratic society where elected officials are chosen by the people to represent them, our laws must reflect our desires and the desires of our fellow citizens, as well as the way in which their visions can be realized. In other words, a society and its laws are eminently cultural constructs.
When we compare the legislation passed in the House of Commons with that of the Quebec National Assembly, the difference is striking. Ottawa tends to emphasize the enforcement mechanism, whereas in Quebec, the emphasis is on the legislator's intent. Ottawa wants to arbitrate, while Quebec wants to prescribe and guide.
When it comes to privacy, this is especially true in the digital age: the difference is dramatic.
At one end of the spectrum, so to speak, is the United States. In the United States, laws are primarily intended to arbitrate disputes rather than to shape how the digital economy operates. Laws are based on the good faith of the players and on voluntary codes. As one might imagine, this has its limits. Ultimately, if someone is wronged, they can get redress through the common law.
At the other end of the spectrum is the European Union. The legislation there prescribes clear obligations. I am referring to the General Data Protection Regulation, better known by the acronym GDPR.
In between is Canada, a hybrid creature whose intentions on privacy oscillate between the European and American extremes. This may seem like an academic debate, but there are practical implications that bring us to Bill C-27.
When it comes to privacy, European law is the most prescriptive in the world. It is based on a clear principle, namely that our personal information belongs to us and us alone, and no one can use it or benefit from it without our free, informed and explicit consent.
Once the government set out that principle or objective, it then provided a mechanism for achieving it. That mechanism is the GDPR. The GDPR is becoming the standard to follow when it comes to privacy, because it is the legal standard with the clearest objectives and the most binding application. Simply put, the GDPR does a good job of protecting privacy. That is one reason why it is the standard we should be emulating; the other is that the EU is projecting its standard-making power beyond its borders.
In order to protect the personal information of European citizens, the European Union will soon prohibit European businesses from sharing this information with foreign businesses that do not offer comparable protection. This does not affect us yet, but next year, the EU will be reviewing Canada's laws to see if they offer sufficient protection.
The existing legislation on personal electronic information protection dates back to 2000. That was 22 years ago. We were in the dinosaur era, the pre-digital era, an era we barely remember now. Also, it is far from clear whether Canada passes the comparable protection test required under the GDPR.
Information exchanges between Canadian businesses and their European partners could become more complicated. This is particularly true in areas that deal with more sensitive information, such as the financial sector. It is therefore absolutely necessary to redraft the Personal Information Protection and Electronic Documents Act, which is completely outdated. It has not kept pace with technological change and the data economy, where we are both the consumer and the product. It has not kept pace with the legal environment, where Canada is a dinosaur compared to Europe, as I was just saying.
Nevertheless, my colleagues will have figured out that the Bloc Québécois is in favour of the principle of Bill C‑27. Nevertheless, I would like to make a general comment about Bill C‑27. For some reason, the government has put into one bill two laws with completely different objectives. The bill would enact the consumer privacy protection act and also the artificial intelligence and data act. Although there is a logical link between these two acts, they could be stand-alone bills. Their objectives are different, their logic is different and they could be studied separately.
I have a suggestion for the government. It should split Bill C‑27 into two bills. We could create what I would call the traditional Bill C‑27, which would deal with personal information and the tribunal. Then, what I would call Bill C‑27 B would address artificial intelligence. As I was saying, there are logical reasons for that, but there are also practical reasons. Let me be frank and say that the artificial intelligence act being proposed is more of a draft than a law. The government has a clear idea about the mechanism for applying it, but, clearly, it has not yet wrapped its head around the objectives to be achieved and the requirements to be codified.
The mechanism is there, the bureaucratic framework is there, but the requirements to be complied with are not. Apart from a few generalities, the law relies essentially on self-regulation and the good faith of the industry. I have often faced these situations, and I can say that the industry's good faith is not the first thing I would count on.
Apart from a few generalities, this relies on good faith, but that is not a good way to protect rights. I am not convinced that this bill should be passed as written; I think it needs to be amended. Bill C‑27 probably deserves the same fate that Bill C‑11, its predecessor, encountered in the last Parliament. The government introduced it, debate got under way, criticism was fierce, and the government let it die on the Order Paper so it could keep working on it and come back with a better version. I think that is exactly what should happen to the artificial intelligence act.
The government has launched a healthy discussion, but this is not a finished product. If we decide that the government needs to keep working on it and come back with a new version, we will also be delaying the modernization of privacy and personal information legislation. Given the European legislation, which I talked about earlier, that is not what the government wants to do. That is why I would cordially advise the government to split Bill C‑27.
I am going to focus primarily on personal information protection because that is the part of Bill C‑27 that is ready to go and has the most practical applications. As I said before, Bill C‑27 is an improved version of Bill C‑11, which was introduced in the fall of 2020.
However, Bill C-27 still does not establish privacy as a fundamental right. Bill C-11 was strong on mechanics, but weak on protection. The principles were also weak and consent was unclear. It was tough on large corporations and much less so on small businesses. When it comes to privacy, however, it is the sensitivity of the data that should dictate the level of protection, not the size of the company.
A new start-up that develops an app that aggregates all of our banking data, for example, may have only two employees, but it still possesses and handles extraordinarily sensitive information that must be protected as much as possible. I cannot help but think of the ArriveCAN app, which was developed by just a few people but has a large impact on the data that is stored.
Finally, Bill C-11 did not provide for any harmonization with provincial legislation, such as Quebec's privacy legislation. The Bloc Québécois was quite insistent on that. A Quebec company subject to Quebec law would also have been subject to federal law as soon as the data left Quebec. It would have been subject to two laws that do not say the same thing and have two different rationales. This would mean duplication and uncertainty. It was quite a mess. Passing Bill C-11 would have diminished, in Quebec at least, the legal clarity that is needed to ensure that personal information is protected.
Here is what Daniel Therrien, the then privacy commissioner, told the Standing Committee on Access to Information, Privacy and Ethics, of which I am honoured to be a member. He said, and I quote, “I believe that C-11 represents a step back overall from our current law and needs significant changes if confidence in the digital economy is to be restored.”
He proposed a series of amendments that would make major changes to the bill. I want to commend the government here. It listened to the criticism. It is rare for this government to listen, but it did so in this case. It buried Bill C-11. We never debated it again in the House and it died on the Order Paper. It reappeared only after being improved.
Bill C-27 shows more respect for the various jurisdictions and avoids the legal mess I was talking about earlier.
Our personal information is private and it belongs to us. However, property and civil rights fall exclusively under provincial jurisdiction under subsection 92(13) of the Constitution of 1867.
What is more, privacy basically falls under provincial jurisdiction. That is particularly important in the case of Quebec, where our civil law tradition leads us to pass laws that are much more prescriptive.
Last spring, Quebec's National Assembly passed Bill 25, an in-depth reform of Quebec's privacy legislation. Our law, largely inspired by European laws, given that we share a legal tradition, is the most advanced in North America. As we speak, it is clear that Quebec has exceeded the European requirements and that our companies are protected from any hiccups in data circulation.
Our principles are clear: Our personal information belongs to us. It does not belong to the party who collected it or the party who stores it. The implication is clear. No one can dispose of, use, disclose or resell our personal information without our free, informed and express consent. Bill C-11 challenged this legal clarity but Bill C-27, at the very least, corrects that.
Under clause 122(2) of Bill C‑27, the government may, by order, “if satisfied that legislation of a province that is substantially similar to this Act applies to an organization, a class of organizations, an activity or a class of activities, exempt the organization, activity or class from the application of this Act in respect of the collection, use or disclosure of personal information that occurs within that province;”.
In other words, if Quebec's legislation is superior, then Quebec's legislation will apply in Quebec.
When I met with the minister's office earlier this week, I asked for some clarification just in case. Will a Quebec business be fully exempt from Bill C‑27, even if the information leaves Quebec? The answer is yes. Will it be exempt for all of its activities? The answer is yes.
There is still some grey area, though. I am thinking about businesses outside Quebec that collect personal information in Quebec. In Europe, it is clear. It is the citizen's place of residence that determines the applicable legislation. The same is true under Quebec's legislation.
It is not as clear in Bill C‑27. Since the bill relies on the general regulation powers for trade and commerce as granted by the Constitution, it focuses more on overseeing the industry than on protecting citizens. That is the sort of thing we will have to examine and fix in committee. I look forward to Bill C‑27 being studied in committee so we can debate the substance of the bill.
I have to say that I sense the openness and good faith of the government. In that regard, I would like to tell the member for Kingston and the Islands to take note that, for once, I feel he is working in good faith.
Bill C‑27 will have a much greater impact outside Quebec than within it, because it is better drafted than Bill C-11. That is not the only aspect that was improved. The fundamental principles of the bill are clearer. Consent is more clearly stated. The more sensitive data must be handled in a more rigorous manner, no matter the size of the entity holding them. That is also more clear.
If the principles are clear, the act will better stand the test of time and adjust to the evolving technologies without becoming meaningless.
We will support it at second reading after a serious debate, but without unnecessary delays. However, we believe and insist that the real work must be done in committee. Bill C-27 is complex. Good principles do not necessarily make good laws. Before we can judge whether Bill C-27 is indeed a good law, we will need to hear from witnesses from all walks of life.
When it comes to privacy, it only takes one tiny flaw to bring down the whole structure. This requires attention to detail and surgical precision. The stakes are high and involve the most intimate part of our lives: our privacy.
For a long time, all we had to do to maintain our privacy was buy curtains. That is how it used to be. It kept us safe from swindlers. Then organizations started collecting data for their records. Bankers collected financial information, the government collected tax information and doctors collected medical records. This sensitive information had to be protected, but it was fairly simple, since it was written on paper.
Today, we live in a different world. Whereas personal information used to be a prerequisite for another activity, such as caring for a patient or getting a loan from a bank, it has become the core business of many companies. Information has become the core business of many companies, which are also large companies.
Computerization enables the storage and processing of astronomical volumes of data, also known as big data. Networking that data on the Internet increases the amount of available data exponentially and circulates it around the globe constantly, sometimes in perpetuity, unfortunately.
For many corporations, including web giants, personal data is crucial to the business model. Citizen-consumers are now the product they are marketing. To quote Daniel Therrien once again, we are now in the era of surveillance capitalism. Speaking of which, The Great Hack on Netflix is worth seeing. This is troubling.
Furthermore, for our youngest citizens, the virtual world and the real world have merged. Their lives are an open book on Instagram, Facebook and TikTok. They think they are communicating with the people who matter to them, but they are in fact feeding the databases that transform them into a marketable, marketed product. We absolutely have to protect them. We need to give them back control over their personal information, which is why it is so important to amend and modernize our laws.
I would like to close my speech with an appeal to the government. Bill C‑27 does a lot, but there are also many things it does not do, or does not do properly. Consent is all well and good, but what happens when our data is compromised, when it has been stolen, when it is in the hands of criminals? These people operate outside the law and therefore are not governed by the law. All the consent-related protocols we can think of go out the window. To avoid fraud and identity theft, we will have to clarify the measures to be taken to ensure that anyone requesting a transaction is who they say they are. This really is a new dynamic. In that respect, we are somewhat in the dark, even though, curiously, this is a growing problem.
There is another gap to fill. Bill C‑27 provides a framework for the handling of personal information in the private sector, but not in the public sector. The government is still governed by the same old legislation, which dates back to the pre-digital era. The legislation is outdated, as we saw with the fraud related to the Canada emergency response benefit. The controls are also outdated. I therefore call on the government to get to work and to do so quickly. We will collaborate.
Finally, there is another thing the government needs to work on and fast. We addressed this issue in committee when we were looking at the geolocation of data. Bill C‑27 indicates what we need to do with personal data, nominative data. However, with artificial intelligence and cross-tabulation of data, it is possible to recreate an individual based on anonymous information. As no personal information was collected at the outset, Bill C‑27 is ineffective in these cases. However, we started by recreating the profile of a person with all their personal information. It is not science fiction. It is already happening. Nevertheless, this is missing from Bill C‑27, both in the part on information and the part on artificial intelligence.
I am not bringing this up as a way of opposing Bill C‑27. As I said, we will support it. However, we have to be aware of the fact that it is incomplete. As legislators, we still have some work to do. The time has come to treat privacy as a fundamental right.
3083 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I would like to thank my colleague from Bay of Quinte, who was also my colleague at the Standing Committee on Access to Information, Privacy and Ethics. We all miss him a lot.
He raised what I consider to be a very important point. He said that the bill in question does not treat privacy as a fundamental right. That really resonated with me because the Privacy Commissioner of Canada identified it as a prerequisite for moving forward.
I would like my colleague to comment on that.
89 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
