Mr. Speaker, I am pleased to rise in the House to speak to Bill C-475, An Act to amend the Personal Information Protection and Electronic Documents Act (order-making power), which I will refer to as PIPEDA, to make things easier.
I want to begin by putting this bill into context. From May to December 2012, the Standing Committee on Access to Information, Privacy and Ethics conducted a study on social media and privacy. Numerous witnesses testified as part of that study, including Internet and privacy experts, privacy commissioners, community groups and others.
Those witnesses raised the point that more and more information is being gathered and used for business and marketing purposes. In fact, businesses collect this information, use it and share it without the consent of the individuals concerned, which is in violation of PIPEDA.
Given the concerns raised in committee by the many experts from various fields, the wonderful member for Terrebonne—Blainville introduced Bill C-475 in the House in order to try to respond to those concerns and observations from the community and strengthen the bill in question.
I would add that Bill C-475 is attempting to amend an act that has not been reviewed since 2000. Allow me to digress. I may belong to the last generation that can claim to remember the first day when a computer came into the house. This computer was not in colour and the screen was black and yellow and square-shaped, with blurry graphics.
I remember the first time I typed my homework on a keyboard. I was typing with two fingers and this was very time-consuming. I kept hitting the on/off button with my toe. I would always lose my work because there was no autosave feature for documents at that time. In short, I have a whole lot of memories that I might be able to share with my children and grandchildren one day.
In the meantime, I will point out that it is completely absurd that a privacy act has not been reviewed since 2000. I think I do not need to say more on that subject. It is high time we made changes to this act.
First, Bill C-475, which amends an act that needs to be updated, grants powers of enforcement to the Privacy Commissioner of Canada. Moreover, the commissioner herself emphasized that she wished to have these powers when she appeared before the committee. In other countries and in certain Canadian provinces, the law provides for measures that give more powers to the commissioner. However, this is not the case for Canada. We hope this will change soon.
Who is the commissioner and what powers does she have exactly? This is a good question, and it has to be answered before we say her powers must be increased. I will take the definition used by the Canadian Internet Policy and Public Interest Clinic of the Faculty of Law at the University of Ottawa, which describes the commissioner as follows:
The Privacy Commissioner of Canada acts as an ombudsman who investigates complaints and negotiates solutions.... While the Commissioner does not have the authority to order an organization to change their personal information policies or procedures she may make public any information relating to the personal information management practices of an organization.
That summarizes the commissioner's existing powers. Bill C-475 would enhance those powers.
The commissioner recommends that organizations that refuse to implement the measures she suggests be required to abide by the law and comply with deadlines set by the commissioner, and even be liable to a fine in cases of non-compliance.
The commissioner therefore needs a little more power over Internet-based offenders.
Bill C-475's second goal is mandatory reporting of all data breaches that could harm the individuals concerned. I do not need to go into detail about how the Internet is changing quickly and how now, young and old alike are putting more and more information out there. Things are changing quickly, and we have to ensure that we can keep up with it all, understand it and regulate it.
Companies collect, sell and share this information. Part of the solution is educating people and raising awareness about the kind of information they disclose on the Internet. Still, it makes sense that people should know what is being done with their information because, after all, that information can be very valuable to the companies that can use it. That is not a bad thing in and of itself, but there should be rules for using that information.
People who create a Facebook account are asked to supply quite a lot of information. They are not the ones who decide they want that information to show up on their Facebook page. No, there is a whole form to fill out that includes their year of birth, where they live, their address, favourite movies, favourite music and much more. That is just Facebook. I use Facebook because I am not very well-versed in using other technologies. I joined Twitter just a few months ago because my colleagues and assistants pressured me to. Things are going well so far, but there are still some concerns.
A closer look at the details of this bill, at what can and cannot be done, at the powers that the Canadian commissioner has compared to commissioners in other provinces and other countries, gives us reason for concern.
Perhaps I am a little paranoid when it come to technology, but when a window appears with a little red x, I am afraid to even click on it. I wonder if that will even close the window that just appeared without me wanting it to, or if I will be clicking on a link that will give information to some company, or what have you. You know what I mean. It is hard to know what we can even trust anymore. It is not only what I decide to disclose myself, but it goes much further in terms of what information can be collected, whether we like it or not. Information can even be collected without us knowing.
It is therefore high time that we took action to update the Privacy Act.
It is this government's responsibility to move forward on this, and quickly. Things are changing fast, and we need to take a first step. This bill might not solve everything, of course, but it does address some of the concerns expressed by experts and by the commissioner herself in the parliamentary committee's examination. I really hope the government will bring forward something like this. It would be the least it could do.
In closing, I would like to point out that the Union des consommateurs believes that the implementation of the principles proposed by the NDP, through their private member's bill amending the Personal Information Protection and Electronic Documents Act, constitutes a real advancement to better protect the privacy of consumers.
I would also like to commend the enthusiasm of my NDP colleague from Terrebonne—Blainville and congratulate her. She has demonstrated her competence in managing this file for our party. She has remained very open and co-operative, and has been extremely innovative and dynamic in her collaboration with stakeholders from all walks of life in this file. She has introduced a very important bill, and I hope that we can continue for the well-being of current and future generations, in order to bring in extraordinary technologies, which can sometimes cause us some concern.