SoVote

Decentralized Democracy

Member of Parliament

Marty Morantz

  • Member of Parliament
  • Member of Parliament
  • Conservative
  • Charleswood—St. James—Assiniboia—Headingley
  • Manitoba
  • Voting Attendance: 66%
  • Expenses Last Quarter: $99,486.97

  • Government Page
Context: House Hansard - 181 - Apr/20/23
Mr. Marty Morantz (Charleswood—St. James—Assiniboia—Headingley, CPC)
  • Apr/20/23 3:50:06 p.m.
  • Watch
  • Re: Bill C-27 
Madam Speaker, so much has changed throughout the last 23 years. In the year 2000, there were about 740 million cellphone subscriptions worldwide. More than two decades later, that number sits at over eight billion. There are more phones on this planet than there are people. It is a statistic that should give anyone pause. In 2000, Apple was still more than a year away from releasing the first iPod. Today, thanks to complex algorithms, Spotify is able to analyze the music I listen to and curate playlists I enjoy based on my own taste in music. In 2000, artificial intelligence was still mostly relegated to the realm of theoretical discussion, that is, unless we count the Furby. Today, ChatGPT can generate sophisticated responses to whatever I type into it, no matter how niche or complicated. As technology changes, so too do the laws that surround and govern it. Canada’s existing digital privacy framework, the Personal Information Protection and Electronic Document Act, has not been updated since its passage in the year 2000. For this reason, it is good to see the government craft Bill C-27, which is supposed to provide a much-needed overhaul to our digital privacy regime. For years, the government has been dragging its heels on this important overhaul. For years, Canada’s privacy framework has been lagging behind our international counterparts. The European Union’s General Data Protection Regulation, passed in 2016, is widely considered to be the gold standard for privacy protection. In comparison to the GDPR, I am not impressed with what the government has put forward in this bill. Indeed, the largest portion of Bill C-27 is roughly 90% identical to the legislation it purports to be replacing, and what the bill has added is quite concerning. Instead of being a massive overhaul of Canada’s archaic PIPEDA framework, Bill C-27 would do the bare minimum, while leaving countless loopholes that corporations and the government can use to infringe upon Canadians’ charter rights. Bill C-27, while ostensibly one bill, is actually made up of three distinct components, each with their own distinct deficiencies. To summarize these three components and their deeply problematic natures, Bill C-27, if passed in its current form, would lead to the authorization of privacy rights infringements, the creation of unneeded bureaucratic middlemen in the form of a tribunal and the stifling of Canada’s emerging AI sector. When it comes to the first part of this bill, which would enact the consumer privacy protection act, the name really says it all. It indicates that Canadians are not individuals with inherent rights, but rather, business customers. The legislation states that it has two purposes. It apparently seeks to protect the information of Canadians “while taking into account the need of organizations to collect, use or disclose personal information in the course of commercial activities.” In other words, individual rights and the interests of corporations or the government are supposed to work in tandem. In the post-charter landscape, that just does not cut it. Privacy rights must be placed above corporate interests, not alongside them. In the words of Justice La Forest 34 years ago, “privacy is at the heart of liberty in a modern state. Grounded in man's physical and moral autonomy”. It is true that this portion of the bill mandates de-identification of data when one’s personal information is shared, and it is also true that it requires the knowledge or consent of the individual, but each of these terms, which should ideally serve as the bulwarks of privacy protection, are defined as vaguely as possible, and the remainder of the bill then goes on to describe the various ways in which consent is actually not required. Subclause 15(5) of the bill would allow organizations to utilize a person’s information if they receive “implied consent”, a slippery term that opens the door to all kinds of abuses. Subclause 18(2) then gives those organizations a carte blanche to use implied consent as often as they would like, or even exclusively. Sure, there could be organizations that, out of the goodness of their hearts, would always seek the express consent of the individuals they are collecting data from, but express consent is in no way mandatory. It is not even incentivized. Then we come to the concept of “legitimate interest”. Subclause 18(3) gives the green light for organizations to utilize or share one’s information if the organization feels that it has a legitimate reason for doing so. It is not just that this clause is incredibly vague, it is that it makes individual privacy rights subservient to the interests of the organization. Moreover, the Supreme Court of Canada has ruled that section 8 of the charter provides individual Canadians with a reasonable expectation of privacy. Given all of the exceptions I have provided, it is not clear to me that this bill would survive a charter challenge. Recent events should show us the problem with giving so much leeway to corporations and so little thought to individual rights. In 2020, through a third party service provider, the Tim Hortons app began collecting the geolocation data of its users even though they were not using the app. There was also Clearview AI, which sent countless images of people to various police departments without their consent. Maybe Clearview had their “implied consent”. It is all up for debate with a term like that. This legislation does the bare minimum for privacy protection in Canada and, in many ways, will actually make things worse. When we consider the way in which data collection might develop over the next 10 or 20 years, it is clear that this law will be out of date the moment it is passed and will leave Canadians vulnerable to predatory data practices. Then there is part 2 of Bill C-27, which intends to set up a Liberal-appointed data protection tribunal. This is not necessary. We already have a Privacy Commissioner who has both the mandate and the experience to do everything that this new tribunal has been tasked with doing. More government bureaucracy for the sake of more bureaucracy is the Liberal way, a tale as old as time itself. Instead of watering down the power of our Privacy Commissioner via middlemen, the duties contained within this part of Bill C-27 should be handed over to the commissioner. Part 3 of Bill C-27 seeks to regulate the creation of AI in Canada. This is a worthwhile endeavour. At the beginning of my speech, I alluded to ChatGPT, but this only scratches the surface of how sophisticated AI has become and will continue to become in the decades ahead. The problem is the way in which this regulation itself is set up. The bill places no restrictions on the government’s ability to regulate. Unlimited regulation and hefty penalties, up to 5% of worldwide income I believe, is all that is being offered to those who research AI in Canada. This will cause AI investors to flee in favour of other countries, because capital hates uncertainty. This would be a tremendous loss, because, in 2019 alone, Canadian AI firms received $658 million in venture capital. Conservatives believe that digital data privacy is a fundamental right that should be strengthened, not opened to infringement or potential abuse. Therefore, Bill C-27 is deeply flawed. It defines consent while simultaneously providing all sorts of reasons why consent can be ignored. It weakens the authority of the Privacy Commissioner. It gives such power to the government that it will likely spell disaster for Canada’s burgeoning AI sector. This bill is in need of serious amendment. Privacy should be established, within the bill, as a fundamental right. Several vague terms in the bill need to be properly defined, including but not limited to “legitimate Interest”, “legitimate business needs”, “appropriate purposes” and “sensitive information”. Subclause 2(2) states that the personal information of minors is sensitive. That is very true, but this bill needs to acknowledge that all personal information is sensitive. Consent must be made mandatory. The words “unless this Act provides otherwise” need to be struck from this bill. I find it hard to believe that such substantial amendments can realistically be implemented at committee. For this reason, the legislation should be voted down and sent back to the drawing board. Canadians deserve the gold standard in privacy protection, like that of the EU. As a matter of fact, they deserve even better.
1462 words
All Topics
  • Hear!
  • Rabble!
  • star_border