So V ote

Context: House Hansard - 165 - Mar/7/23

Mar/7/23 10:10:14 a.m.
Watch
Re: Bill C-27

Madam Speaker, I am sure the hon. members from the other side are about to take some good notes on the recommendations we put forward. They are probably discussing among themselves how they can improve upon these serious gaps and have some public engagement on this. We are not subject matter experts in this House when it comes to this type of technology. It is not clear whether there has been any public engagement specific to Bill C-27 as it is proposed. There was public engagement around the creation of Canada's digital charter, called the national digital and data consultations, that happened back in 2018. However, as I understand it, only about 30 or so discussions were held. That fell dearly short. The majority of digital leaders were from the private sector, and there were only a couple of universities involved. Therefore, it is unclear who the government is consulting with when it deals with this type of surveillance capitalism and the risks it presents to consumers. Let us get right to the point. What are the gaps that exist in this legislation? How does Bill C-27 compare with the ideal privacy legislation? There are many gaps. Clearly, it does not compare to the GDPR; it also falls short of privacy legislation that is currently being proposed in la belle province of Quebec, in New Zealand and in the state of California. For example, in California, the California Consumer Privacy Act, the California Privacy Rights Act and the Children's Online Privacy Protection Act have all presented more robust solutions to what is before us here today. In addition, there are privacy protections that come into effect under the CCPA that we should be considering. We need to ensure that the protections that come into effect include the rights to know, to delete and to opt out of sale or sharing, as well as the right to non-discrimination. Under that legislation, consumers also have the rights to correct inaccurate personal information and to limit the use and disclosure of sensitive personal information collected about them. There is a lot out there that we should be considering when it comes to amendments. I am going to list examples of gaps within this bill so they are on the record. The bill does not promote the development of data stewardship models. It does not require that organizations take into account the potential consequences to individuals and societies through such measures as privacy impact assessments of a breach of security or safeguards. There is no section in Bill C-27 expressly dedicated to cross-border dataflows. There has been no privacy impact assessment done to address any additional risks, which should be identified, justified, mitigated and documented in such an assessment. There is no assessment of the broader level of privacy rights protections in foreign jurisdictions. This is a very important conversation, particularly this week in the House, that includes how Canadians' privacy rights can be enforced. This bill does not include specific rules that are applicable to data brokers, and these are important third parties who are not service providers. There should be a fiduciary duty to individuals if data processors act as intermediaries between individuals and data collectors. This would ensure that such service providers only use personal information entrusted to them for the purpose intended by the individuals. This bill does not provide the right to disposal with respect to search engines' indexing of personal information where it could cause harm to the individual's privacy or reputation. It does not include the language that was in PIPEDA regarding individual access where it provides an account of third parties to which personal information about an individual or an organization has been disclosed. There should be an attempt that is as specific as possible. This bill does not include the right of individuals to express their points of view to a human who can intervene or to contest decisions. When we look at AI or how algorithms are working in society today, they are inherently flawed. In fact, there is another study that I would reference, titled “AI Oversight, Accountability and Protecting Human Rights”, which has commentary on this. This was authored by a series of subject matter experts who gave a long list of needs for adequate public consultation and proper oversight of AIDI to effectively regulate the AI market in Canada. The commissioner needs to be an independent agent of Parliament. We need to empower an independent tribunal to administer penalties in the event of a contravention, and we need to outline the best practices for auditing and enforcing the law. There are dozens of recommendations contained in both reports that, as New Democrats, we will be presenting to the government at the appropriate time at committee. It is clear, from the body of the preliminary work that has been done, that this bill is inadequate as it stands. It is too big to adequately cover AI and consumer protections. It has always been our belief that those should be split up. That way we can have an investigation to ensure that consumer protections are met, that surveillance capital does not continue to profit off our most personal information and data and that, ultimately, we have safeguards with a robust and very firm platform on which these organizations, businesses, companies, and in some instances foreign countries, are held to account when they violate our rules.

912 words

All Topics

Mar/7/23 10:07:11 a.m.
Watch
Re: Bill C-27

Madam Speaker, I will be sharing my time with the wonderful member forRosemont—La Petite-Patrie. I am grateful for the opportunity to rise today on Bill C-27, which is an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act, and to make consequential and related amendments. The amendments are what I am particularly interested in today. As New Democrats, we will be supporting this at second reading. We support the need to modernize Canada's privacy laws and establishing rules around data governance and empowering the Office of the Privacy Commissioner to bring enforcement actions to protect consumers and citizens. This bill takes some of those steps. However, there is a need to ensure that reforms are robust and effective. In my opinion, a long list of amendments will certainly be required to achieve these goals. I am going to be referencing two important works that have been presented. One is from the Centre for Digital Rights, entitled “Not Fit For Purpose - Canada Deserves Much Better”. From the title, we can note that there are some concerns with this bill. However, we recognize that this privacy legislation must be amended because there are already glaring shortfalls in PIPEDA, which urgently needs updating. Technology continues to evolve, and data-driven business continues to move away from a service-oriented approach to one that relies on monetizing personal information through mass surveillance of individuals and groups. While these businesses find new ways to expand their surveillance and methods of monetizing our personal information, Canadians' privacy is increasingly put at risk. The GDPR is the bar that is currently considered the adequate level of protection. However, if we were to do a little bit of comparing and contrasting, we would see that this bill tends to fall short of this level in terms of what the European Commission has done. What this means for us is that the ability for personal data to flow to Canada without any further safeguards is at risk. There has also been pressure from industry and advocacy groups, the privacy commissioners of Canada and abroad, and privacy and data governance experts. In fact, in this particular bill, we think that the government side has fallen short in its engagement with people; I will get to that in a moment. When we are in these technological environments, it is an ecosystem that goes well beyond our borders. We are talking about what it is like—

427 words

All Topics

Feb/7/22 5:05:49 p.m.
Watch

Madam Speaker, as somebody who has spent quite some time tackling the pervasive and, I would suggest, racist practice of racial profiling in street checks, we know that organizations like the CBSA, through CPIC, have a whole host of information on people that is shared not just domestically but internationally. This begs the question about time limitations for information that is collected by government and shared with agencies. I know this is one of the questions that came up today. Will we actually delete this information, or will it be held in perpetuity and shared with agencies around the world? I do hope that the use of CPIC and the sharing of this information more broadly is brought into this discussion because, again, it blurs the lines between public and private interests, and basic civil liberties.

136 words

All Topics

Feb/7/22 5:04:15 p.m.
Watch

Madam Speaker, while I can appreciate where the hon. parliamentary secretary is trying to go on this, it is not lost on me that this is a government that allowed our military to spy on Black Lives Matter movement protests while simultaneously being out and actually participating in them. There is a long and storied history of the way in which government actively surveils citizens in the country, including the ways in which Bill C-51 allowed for the targeting and criminalization of indigenous land defenders, environmentalists, social justice folks and basic people out there trying to advocate for their own civil rights.

103 words

All Topics

Feb/7/22 5:02:51 p.m.
Watch

Madam Speaker, given that I have to state that I do not know what the government's motivations were, I will say I think that it is a dangerous precedent. The Privacy Commissioner provided the opportunity to look at the frameworks in place to ensure they met the standards set by the Privacy Commissioner. The fact that this was denied is very troubling for me. We also understand that the Privacy Commissioner's office does not have the resources to check procurement on every single project that goes out there. However, on this particular one, if I understood the testimony today correctly, I think there was an ongoing effort by the Privacy Commissioner and there were multiple opportunities for the government to engage in the office's expertise, which is precisely what has put us before the House this evening.

140 words

All Topics

Feb/7/22 5:01:57 p.m.
Watch

Madam Speaker, I was troubled by that. In fact, I was a little agitated by the government's use of this idea that it was working with and being informed by the commissioner. I think there was a clear distinction made by the Privacy Commissioner on what it actually looks like to be in consultation with the privacy commissioner's office, at which, it is not also lost on me, there are now complaints. I would put to the hon. members in the House debating that, had the government taken the opportunity to actually take up the Privacy Commissioner's offer, it might have avoided the privacy complaints that are now being launched against it.

115 words

All Topics

Feb/7/22 5:00:12 p.m.
Watch

Madam Speaker, I think the heart of all of our committee work is being able to operate within good faith with the people who join us on our committees. I take it that the five Liberal members who voted to support this were acting in good faith when they supported this measure. I do not take it lightly that the parliamentary secretary just basically brushed off the committee's motion, which was duly passed unanimously. It also speaks to a growing concern that not only members of the governing side, but also senior bureaucrats and those with corporate interests, may choose to try to brush off the ethics committee when we do our investigations and put forward recommendations in the House. It is not lost on me that we have to be before this House with a concurrence motion to simply get the government to do what its Liberal members already voted for us to do.

156 words

All Topics

Feb/7/22 4:58:37 p.m.
Watch

Madam Speaker, I would share with the hon. member that the Privacy Commissioner stated an urgent need for law reform. It is incumbent on us to take a look at the ways in which big data is bought and sold and commodified and the need for our legislation to be updated, including having an arm's-length agency that is provided with the resources and staffing to ensure that there are proactive audits, which the Privacy Commissioner called for, of both private and public organizational interests.

86 words

All Topics

Feb/7/22 4:50:04 p.m.
Watch

Madam Speaker, I join the debate this afternoon in support of the concurrence motion moved by my hon. Bloc colleague from Trois-Rivières. Our Standing Committee on Access to Information, Privacy and Ethics unanimously adopted this motion: That the committee call upon the government to suspend the Public Health Agency of Canada's cellular data tender upon adoption of this motion, and that the tender shall not be re-offered until the committee reports to the House that it is satisfied that the privacy of Canadians will not be affected, and that the committee report the adoption of this motion to the House at the earliest opportunity. When we are dealing with issues of privacy, I believe it is critical that parliamentarians have the opportunity to be clear on what is being collected, how it is being utilized and what safeguards are in place. Not doing this would be an abdication of our responsibilities as legislators. I believe the government members of our committee were acting in good faith with our committee's request to suspend the procurement under this contract. With the news that the government had tendered a contract for the collection of mobility data as a part of its COVID-19 response, many Canadians were rightly concerned about the protections in place to protect their privacy. The fact that many people learned about this program from news articles sets off alarm bells, and even if the process was unintentional, it demonstrates a lack of government transparency. To make matters worse, a PHAC spokesperson stated that the agency had consulted with the Office of the Privacy Commissioner before starting to collect mobility data, but the Office of the Privacy Commissioner stated that it was not consulted and had only been informed of the program in 2020. This discrepancy between “consulted” and “informed” is stark, and I believe it is prudent of the ethics committee to ask the government to press “pause” on any future requests for proposals for mobility data projects until parliamentarians have an opportunity to provide oversight. Our committee has had an opportunity to hear from PHAC, departmental officials and the Privacy Commissioner, but it is very important that we have telecom industry representatives, and Telus in particular, appear before our committee to discuss how they are going to use our personal information and what steps they have taken to protect our privacy. I look forward to these representatives appearing before our committee in the near future to explain how they obtain meaningful consent for the collection, use and disclosure of this mobility data; how the data is de-identified; and what the risk is of reidentification. I think the study is also an opportunity to educate the public about the pervasiveness of the mobility data economy and, by updating our Canadian privacy laws, make meaningful progress towards reforming the actors that operate in this sector. I can only hope that this opportunity to bring Canada's law into the digital era and restore trust to Canadian citizens and consumers alike is not lost. There has also been little discussion of PHAC's collection and use of data from these kinds of third parties, which tend to be advertising and data surveillance companies that consumers have no idea are collecting, repackaging and monetizing their personal information. The repurposing of Canadian cellular networks for things like pandemic mobility tracking without the knowledge of subscribers, though ostensibly with their consent vis-à-vis the largely unread terms of service, is a big deal. The data that was provided to PHAC lacks demographic information and, as we have heard, provides crude assessments of population mobility. While the data might be of some value, there is still a question about whether or not Canadians are comfortable with their cellphone data being used in this way. I know many of my residents in Hamilton Centre have shared their deep concerns about the overall commodification of the tracking and sale of their personal information. This is not the only example of cellphone data being used for purposes that are wholly unrelated to the provision or management of cellular services. Cellphone companies themselves have developed surveillance tools, selling them on the basis that cellphones are trackable devices and warning customers who use their service that they should not expect cellphone privacy. In fact, I believe we heard that clearly from the government members of this debate this evening. Given the massive amounts of cellphone data that are available through our cell towers, our cellphones and our cell service providers, the ability to track cellphones across time and space is completely unchecked. Cellphone companies' refusal to encrypt important information about subscribers' locations has made it easier for cell sites and their owners to provide law enforcement authorities with cellphone data. Cellphone companies have made it possible for cellphones to be tracked even when they are turned off by means of cell-tower logs that track the cell numbers and locations of subscribers without their knowledge. By triangulating a cellphone user's geographical location, cell towers can enable the construction of a kind of cellphone user profile. I think of the use by police of technologies such as stingrays and I cannot help but recall the revelations this past summer about major government overreach utilizing the private Israeli Pegasus spyware used to hack cellphones of journalists, activists and worldwide agencies through the NSO Group's spyware, which has been licensed by governments. However, cellphone tracking capabilities are not the domain of only law enforcement or intelligence agencies; they can also be tracked by the cell tower owners, as we have discussed. This access could be used to determine where these phones go in the evening and leave cellphone providers with an ongoing level of pervasive tracking. This is problematic, because users are charged by cellphone providers based on their location data and where these phones spend their time. This is how they generate large amounts of their ad revenue. Within the Canadian context, as is the case in the study for our Standing Committee on Ethics for which this concurrence debate has been called, cellphones are used to track cellphone users' and potentially citizens' mobilities for reasons having nothing whatsoever to do with their cellphone service provision. The Privacy Commissioner was at the ethics committee earlier today. His brief stated that “this data sharing initiative is an example of the movement of data between the private and public sectors and demonstrates the need for both to be governed by common principles and rules. With these two sectors interacting ever more frequently it is imperative that they be held to similar standards. Ideally, our two federal privacy laws should also be updated concurrently.” I agree, and I believe that Canadians all expect a certain level of privacy, especially when it comes to their cellphones. We need to take a closer look to see if our current laws and regulations are sufficient in our current age of big data. I plan to continue this work at the ethics committee to ensure that Canada has the gold standard for protecting people's data and their privacy.

1198 words

All Topics

Feb/7/22 4:11:55 p.m.
Watch

Madam Speaker, I agree that the hon. member does have a lot say. At committee, five Liberals voted unanimously to support his motion, so I will put a question to the hon. member, the parliamentary secretary, whose French has come a long way. Does he support the motion that was duly passed at committee? Will the department and ministry delay the procurement process until our study is complete, yes or no?

71 words

All Topics