Evidence of meeting #44 for Access to Information, Privacy and Ethics in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was data.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

12:10 p.m.

Commissioner, Office of the Information and Privacy Commissioner of British Columbia

Elizabeth Denham

I think consent is very significant in the online world, but it's only part of the answer. I also agree with you that end user agreements, with the lengthy notices and the legalese is not the solution to the problem. Some very good work has been done in short, just-in-time notices. That's even more important in the mobile environment because you certainly can't read consent and user agreements at the end of the day.

Our laws in Canada are flexible. They require the collection of the data to be reasonable, and there needs to be transparency. In an ecosystem as complex as a social media site, it is difficult because I think consumers don't understand what is behind the curtain. They don't understand all the groups they are communicating with, how the data is flowing, and how third parties are using their information. It's a brand new environment.

Historically, we have dealt with a consumer doing business with one brick and mortar company. It is very clear whom you are doing business with. Consent works quite well in that environment. I think what is needed here is a much more sophisticated approach.

I think it starts with accountability. Our office, in conjunction with the Alberta and the federal office, has just issued guidance on accountable data governance, what privacy looks like on a comprehensive level. That's where we go down the road. We look at the company overall to make sure their practices, policies, and control, such as privacy by design, are dealt with in a comprehensive way across the board.

12:15 p.m.

Conservative

Blaine Calkins Wetaskiwin, AB

Thank you.

Dr. Cavoukian, do you want to add anything to that?

12:15 p.m.

Commissioner, Office of the Information and Privacy Commissioner of Ontario

Dr. Ann Cavoukian

For starters, users, consumers, and all of us have to be more vigilant, and we have to speak up with the companies that we do business with. You may say that's hard to do. Facebook is the way it is. How are you going to get changes? You would be surprised at the number of times they have changed. When they introduced a privacy practice, like their news feed in 2006, everyone blew up at that, and then they reversed it. There have been a number of missteps, and it's only because the public has spoken out that they have pulled back.

Let's talk for a moment about what companies can do and what we can ask businesses to do and governments as well. Mobile devices, as you know, are the way of the future. Everyone is going into mobile. You can't read anything on that in terms of the policy and other things. For example, in the United States people are using a blue button. I think the blue button was made available for veterans in the U.S. to access their health data. What did Veterans Affairs have on them? They had this blue button, and they would immediately see what they had on them. The same idea is coming out for a green button for the energy sector. If you want to see how much energy you've used, people have said there should be a green button. You'd press it, and you would see how much energy you are using, and you can compare it to others like your neighbours, etc.

What this speaks to is not only companies being far more careful but circumspect about the information they automatically collect from consumers without their knowledge or consent. The opposite of privacy as the default is public as the default. We have to reverse that. We have to change that. Also, they have to know they have to be accountable to you, the user, the data subject. They have to be transparent with the information they have about you in their possession, in their databases. You should know what they have. Unless you know what they have in their possession, you won't know what's at risk, and what might be, if it's hacked, or if there is a data breach.

LinkedIn was just hacked and their passwords accessed. You are not going to know what they're going to have access to. It's very important to have that kind of transparency. Then, all of us speaking up and getting on the case of business. Don't misunderstand me, I'm not anti-business at all. I love business. We have to have strong businesses to have a strong economy. They also need to know they have to protect their customers and their customers' information. How can they do that? We can help them figure out how to do that and be transparent with their customers.

12:15 p.m.

Conservative

Blaine Calkins Wetaskiwin, AB

We talk a lot in business about social licence. I think we need to start talking about social media licences to do things with peoples' information.

12:15 p.m.

Commissioner, Office of the Information and Privacy Commissioner of Ontario

Dr. Ann Cavoukian

Yes, that's a very good point.

12:15 p.m.

NDP

The Chair Pierre-Luc Dusseault

Thank you. Your speaking time is up.

I will now hand the floor over to Mr. Andrews, who has seven minutes.

12:15 p.m.

Liberal

Scott Andrews Avalon, NL

Thank you very much and welcome, commissioners.

I have four or five questions, and I'll pose my first three to Ms. Denham. You just briefly talked to—

12:15 p.m.

NDP

The Chair Pierre-Luc Dusseault

I will now give the floor to Mr. Tweed, who has a point of order.

June 7th, 2012 / 12:15 p.m.

Conservative

Merv Tweed Brandon—Souris, MB

Thank you.

Mr. Chair, I apologize to our guests and to our committee, but I have a concern with the member who is now speaking. I think he owes this committee an apology, and we have seen that the media have apologized for their inappropriateness and breach of our committee that occurred last Tuesday.

I'm giving the opportunity to the member to apologize to the committee now, and we can move forward or we can deal with it as it moves forward. So I would open the floor for the member first to apologize to the committee for his behaviour at the last meeting.

12:15 p.m.

NDP

The Chair Pierre-Luc Dusseault

Thank you.

I heard your point of order.

I will therefore hand the floor over to Mr. Angus.

12:15 p.m.

NDP

Charlie Angus Timmins—James Bay, ON

I'm sorry that this grandstanding is happening. There was a discussion in camera and you can call me out of order for it if you want. At that discussion, there was a gentleman's agreement that we would talk to each other and come back to the committee with a recommendation. Unfortunately, Mr. Del Mastro went into the House and made a public statement. Now you're using this on a televised broadcast to make a public statement.

This was something we agreed to deal with within our committee and then come forward with recommendations. So I think you're just trying to embarrass him.

I'd tell Mr. Andrews he should wait until we go back to continuing the conversation that we had on Tuesday.

12:20 p.m.

NDP

The Chair Pierre-Luc Dusseault

I will let Mr. Andrews decide what he wants to do. If he wishes to continue the discussion with the witnesses and to come back to this topic a little later, in accordance with the agenda, we can leave the matter there.

Mr. Andrews, you may continue.

12:20 p.m.

Liberal

Scott Andrews Avalon, NL

Before you go into my time, maybe we should discuss this in public after our witnesses, and I'd be willing to address Mr. Tweed's comments at that particular time. I would not want to do it in camera as is suggested on our order paper. I will address that at a later point.

So can I continue with my questioning?

12:20 p.m.

NDP

The Chair Pierre-Luc Dusseault

Yes. You have seven minutes.

12:20 p.m.

Liberal

Scott Andrews Avalon, NL

Thank you.

Ms. Denham, I have three questions for you. Mr. Calkins just talked about knowledge and consent, and one of the other things you mentioned in your presentation was limiting the use of the data that is collected. Do you have any suggestions on how one would regulate that? How do we limit one's use of the data that these companies collect?

The second question is this. You've talked about investigations, and you mentioned one. How many investigations have you undertaken, and have they been of the social media companies? I believe the one you referenced wasn't of the social media company but of an outside party that used the information.You can correct me if I was wrong in stating that.

In part of that you said you issued some guidelines to this outside group. I wonder if you could provide those guidelines to the committee. How extensive were those guidelines? Could you just clarify those few points.?