- Member of Parliament
- Member of Parliament
- Conservative
- Charleswood—St. James—Assiniboia—Headingley
- Manitoba
- Voting Attendance: 65%
- Expenses Last Quarter: $99,486.97
- Government Page
Madam Speaker, so much has changed throughout the last 23 years. In the year 2000, there were about 740 million cellphone subscriptions worldwide. More than two decades later, that number sits at over eight billion. There are more phones on this planet than there are people. It is a statistic that should give anyone pause.
In 2000, Apple was still more than a year away from releasing the first iPod. Today, thanks to complex algorithms, Spotify is able to analyze the music I listen to and curate playlists I enjoy based on my own taste in music. In 2000, artificial intelligence was still mostly relegated to the realm of theoretical discussion, that is, unless we count the Furby. Today, ChatGPT can generate sophisticated responses to whatever I type into it, no matter how niche or complicated.
As technology changes, so too do the laws that surround and govern it. Canada’s existing digital privacy framework, the Personal Information Protection and Electronic Document Act, has not been updated since its passage in the year 2000. For this reason, it is good to see the government craft Bill C-27, which is supposed to provide a much-needed overhaul to our digital privacy regime.
For years, the government has been dragging its heels on this important overhaul. For years, Canada’s privacy framework has been lagging behind our international counterparts. The European Union’s General Data Protection Regulation, passed in 2016, is widely considered to be the gold standard for privacy protection. In comparison to the GDPR, I am not impressed with what the government has put forward in this bill.
Indeed, the largest portion of Bill C-27 is roughly 90% identical to the legislation it purports to be replacing, and what the bill has added is quite concerning. Instead of being a massive overhaul of Canada’s archaic PIPEDA framework, Bill C-27 would do the bare minimum, while leaving countless loopholes that corporations and the government can use to infringe upon Canadians’ charter rights.
Bill C-27, while ostensibly one bill, is actually made up of three distinct components, each with their own distinct deficiencies. To summarize these three components and their deeply problematic natures, Bill C-27, if passed in its current form, would lead to the authorization of privacy rights infringements, the creation of unneeded bureaucratic middlemen in the form of a tribunal and the stifling of Canada’s emerging AI sector.
When it comes to the first part of this bill, which would enact the consumer privacy protection act, the name really says it all. It indicates that Canadians are not individuals with inherent rights, but rather, business customers. The legislation states that it has two purposes. It apparently seeks to protect the information of Canadians “while taking into account the need of organizations to collect, use or disclose personal information in the course of commercial activities.” In other words, individual rights and the interests of corporations or the government are supposed to work in tandem.
In the post-charter landscape, that just does not cut it. Privacy rights must be placed above corporate interests, not alongside them. In the words of Justice La Forest 34 years ago, “privacy is at the heart of liberty in a modern state. Grounded in man's physical and moral autonomy”.
It is true that this portion of the bill mandates de-identification of data when one’s personal information is shared, and it is also true that it requires the knowledge or consent of the individual, but each of these terms, which should ideally serve as the bulwarks of privacy protection, are defined as vaguely as possible, and the remainder of the bill then goes on to describe the various ways in which consent is actually not required.
Subclause 15(5) of the bill would allow organizations to utilize a person’s information if they receive “implied consent”, a slippery term that opens the door to all kinds of abuses. Subclause 18(2) then gives those organizations a carte blanche to use implied consent as often as they would like, or even exclusively. Sure, there could be organizations that, out of the goodness of their hearts, would always seek the express consent of the individuals they are collecting data from, but express consent is in no way mandatory. It is not even incentivized.
Then we come to the concept of “legitimate interest”. Subclause 18(3) gives the green light for organizations to utilize or share one’s information if the organization feels that it has a legitimate reason for doing so. It is not just that this clause is incredibly vague, it is that it makes individual privacy rights subservient to the interests of the organization.
Moreover, the Supreme Court of Canada has ruled that section 8 of the charter provides individual Canadians with a reasonable expectation of privacy. Given all of the exceptions I have provided, it is not clear to me that this bill would survive a charter challenge.
Recent events should show us the problem with giving so much leeway to corporations and so little thought to individual rights. In 2020, through a third party service provider, the Tim Hortons app began collecting the geolocation data of its users even though they were not using the app. There was also Clearview AI, which sent countless images of people to various police departments without their consent. Maybe Clearview had their “implied consent”. It is all up for debate with a term like that.
This legislation does the bare minimum for privacy protection in Canada and, in many ways, will actually make things worse. When we consider the way in which data collection might develop over the next 10 or 20 years, it is clear that this law will be out of date the moment it is passed and will leave Canadians vulnerable to predatory data practices.
Then there is part 2 of Bill C-27, which intends to set up a Liberal-appointed data protection tribunal. This is not necessary. We already have a Privacy Commissioner who has both the mandate and the experience to do everything that this new tribunal has been tasked with doing. More government bureaucracy for the sake of more bureaucracy is the Liberal way, a tale as old as time itself. Instead of watering down the power of our Privacy Commissioner via middlemen, the duties contained within this part of Bill C-27 should be handed over to the commissioner.
Part 3 of Bill C-27 seeks to regulate the creation of AI in Canada. This is a worthwhile endeavour. At the beginning of my speech, I alluded to ChatGPT, but this only scratches the surface of how sophisticated AI has become and will continue to become in the decades ahead. The problem is the way in which this regulation itself is set up. The bill places no restrictions on the government’s ability to regulate. Unlimited regulation and hefty penalties, up to 5% of worldwide income I believe, is all that is being offered to those who research AI in Canada. This will cause AI investors to flee in favour of other countries, because capital hates uncertainty. This would be a tremendous loss, because, in 2019 alone, Canadian AI firms received $658 million in venture capital.
Conservatives believe that digital data privacy is a fundamental right that should be strengthened, not opened to infringement or potential abuse.
Therefore, Bill C-27 is deeply flawed. It defines consent while simultaneously providing all sorts of reasons why consent can be ignored. It weakens the authority of the Privacy Commissioner. It gives such power to the government that it will likely spell disaster for Canada’s burgeoning AI sector.
This bill is in need of serious amendment. Privacy should be established, within the bill, as a fundamental right. Several vague terms in the bill need to be properly defined, including but not limited to “legitimate Interest”, “legitimate business needs”, “appropriate purposes” and “sensitive information”. Subclause 2(2) states that the personal information of minors is sensitive. That is very true, but this bill needs to acknowledge that all personal information is sensitive. Consent must be made mandatory. The words “unless this Act provides otherwise” need to be struck from this bill.
I find it hard to believe that such substantial amendments can realistically be implemented at committee. For this reason, the legislation should be voted down and sent back to the drawing board. Canadians deserve the gold standard in privacy protection, like that of the EU. As a matter of fact, they deserve even better.
1462 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I will be sharing my time with the hon. member for Northumberland—Peterborough South.
In December 1973, Parliament enacted the Foreign Investment Review Act, which was known as FIRA, to deal with the issue of foreign investors controlling Canadian industry, trade and commerce, and the ability of Canadians to maintain effective control over their economic future.
These investments would be allowed to proceed only if the government had determined that they were, or were likely to be, of significant benefit to Canada. This net benefit test still exists today, but much has changed given rising national security concerns that necessitate new measures. Let me elaborate.
In June 2017, Hytera Communications, a company owned by the Chinese Communist Party, acquired Norsat International, a B.C. telecom company. Just like that, a firm backed by an authoritarian regime took over an essential service provider here in Canada.
One would think this takeover would have raised some red flags, but it did not, not for the Liberal government at least. If it had acted rationally, the government would have conducted a national security review into Hytera. However, after eight years in power, it is clear that rationality is in short supply these days.
It did not bat an eye when, as all of this was taking place, our own Border Services Agency was using equipment from Hytera. We are talking about a company that has been charged with 21 counts of espionage. That company has been banned from doing business with our neighbour to the south. Up until that point, the Liberals have said that business is business, even when it means letting a hostile regime gain access to our essential services.
This sort of lax attitude toward issues of national security is clearly a problem. What is even more problematic is that for five long years after the Hytera fiasco, the government has not learned from its mistakes.
In 2020, it gave out a contract to Nuctech, a company founded by the son of a Chinese Community Party secretary general. It would not have taken a national security review to figure out who the company's founder was. A quick Google search would have sufficed.
It was not just standard, run-of-the-mill work that this company with Chinese Communist Party connections was doing. Nuctech was supplying X-ray equipment, of all things, to almost 200 Canadian embassies and consulates.
Two years ago, it looked like the government was changing its course when it updated its national security review guidelines. This was not the case, or at least it certainly was not the case when the Minister of Industry greenlit the takeover of a Canadian lithium mine by a Chinese state-owned enterprise.
Once again, the opportunity was right there. The minister could have requested a national security review. The review framework was even new and improved, or so they would have us think. However, the minister did not act. Delays, half measures and slaps on the wrist. Those have been the Liberal responses to national security threats throughout the past eight years.
Huawei is a perfect example of this. By 2021, each and every one of our allies within the Five Eyes had already banned Huawei from using their 5G networks. For years, my colleagues and I have been calling on the government to do the right thing: Listen to our allies, listen to security experts and ban Huawei from accessing 5G.
Reluctantly, and far too late, the Liberals finally took our advice and took a stand against the Chinese Communist Party. That was less than a year ago. With the Liberal government's dismal track record in matters related to national security, Bill C-34 feels like too little, too late. It is like the goalie letting in eight goals, then coming onto the ice at the last minute and saying, “Don't worry guys. I've got this.”
To be fair, this bill does address Canada's national security. It is a policy area where the government has been complacent for far too long. For that reason, I am prepared to support the bill at this stage, as long as it can be strengthened in committee.
For a while, a lot of us had the naive idea that these regimes were emerging partners, and they were slowly moving toward the democratic norm. Putin's war changed all of that, and it is time that Canada acted accordingly. It is time for a reality check. Hostile foreign governments want to subvert and undermine this country. The threat is real and the threat is here. Canadians are well aware. A few weeks ago, all that Canadians had to do was look up and see a Chinese surveillance balloon flying at 60,000 feet.
Bill C-34 responds to this new reality, but not well enough and not in its current form. The bill puts the power to request national security reviews in the hands of the Minister of Industry, the same minister whose predecessor did not even request a security review when Hytera took over an essential Canadian telecom provider. It is the same minister who, even after strengthening the security review guidelines in 2021, chose not to investigate the Chinese takeover of a critical Canadian mining company.
The bill is only as strong as the minister's scrutiny, whoever that minister may be in the future. Conservatives believe matters of such importance should be scrutinized by all of cabinet to make sure nothing slips through the cracks.
There are also existing problems with the Investment Canada Act that are not even addressed in Bill C-34. For no apparent reason, when a state-owned enterprise invests in a Canadian company, a national security review is only triggered if the Canadian company has assets worth more than $454 million. This provision has it all wrong. It is not about the size of the company that is being acquired. It is about the security risks that would inherently arise when a hostile state-owned company gains control over a critical service or product here in Canada.
Bill C-34 needs a provision that would trigger an automatic national security review when a state-owned enterprise invests in Canada. The threshold should be zero dollars, not $454 million. Also, the bill would only deal with share purchases and non-asset purchases. Therefore, in theory, there is a roundabout way that foreign investors could acquire assets in Canada and completely circumvent the legislation. It is clearly a loophole that needs to be plugged.
Since 2017, Chinese companies have been governed by the national intelligence law. This law compels every citizen and every company to hand over data to Chinese intelligence agencies. For almost six years, so much Canadian information has gone to China's autocratic government that it is hard to even quantify. We need to put an end to this, but right now, Bill C-34 would not do that.
Bill C-34 needs a presumption against allowing the takeover of Canadian companies by China's designated state-owned entities. It needs a reformed net benefit test to better account for the potential effects of a transaction on the broader innovation ecosystem, with a particular focus on protecting intellectual property and human capital. It needs automatic review of transactions involving sensitive sectors, such as defence, artificial intelligence and rare earth minerals. It also needs a mandatory national security review for state-owned enterprises where national security is a concern.
The act would not attempt to change definitions of state-owned enterprises or look at the issue of what constitutes control. One would not have to buy 50% of a company to control it. Someone could buy small percentages of it, get a number of seats on the board or change management, which Hytera has done.
It is clear that Canada needs to improve these protections. Bill C-34 would be a small step in the right direction, but much more needs to be done.
1337 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
