Bill S-4 (Historical)

Mr. Speaker, it is my pleasure to address this motion by the government to have Bill S-4 go to committee before second reading, which is a rare event in the House. This is a procedure that was made possible for the first time in 1994 amendments. I believe it stemmed from the 1982 McGrath committee's report that said that committees should more often be used at the early stages of legislation to make sure that things are caught and that a wide variety of perspectives are taken into account in drafting legislation and, frankly, to make the role of MPs more meaningful than is often the case when a bill is studied only after second reading in committee.

As we know, in committee after second reading, and after hearing any amount of testimony from witnesses that could suggest serious problems with a bill, the amendments are often extremely constrained by the rule that they must fit within the principle of the bill. Quite often that means that the principle is understood by the chair or the legal staff advising the chair as simply the principle of a given provision, and therefore, an attempt to work more broadly than the narrow purpose of a given provision is often ruled out of order.

Beyond that, I have found so far in committees, since arriving in the House, that there seems be a reluctance at the moment, on the part of the advisers to chairs, to understand that bills can often have multiple purposes and not just a single purpose. Therefore, in the end, after second reading, committee work often really is an exercise in frustration, because a lot could be done to perfect a bill that is technically ruled out of order due to the fact that we have to work within the principle of the bill as voted at second reading.

It is great that this bill is going to committee before second reading. It will hopefully allow, in the spirit of what this procedure is all about, a full, frank hearing, from all kinds of witnesses, about the problems I hope the government understands are in this bill. I hope this is also the reason the minister has decided to send it to committee before second reading. There can be true dialogue and engagement among MPs, obviously with the government watching what is going on and giving its input through government MPs, so that this bill is taken apart and rewritten in the way this procedure would allow.

I myself stood in the House to move unanimous consent to have Bill C-23, what New Democrats called the unfair elections act and the government called the fair elections act, referred to committee before second reading, exactly for the reasons I have just given. There were so many obvious problems in the bill. Not sticking to the principle in the bill and working collegially across party lines would have benefited the study of that bill. In retrospect, New Democrats realize how true that was. Although we got serious amendments passed, with pressure from backbench members of the government suggesting changes that helped us in our efforts, that bill would be much better if it had gone to committee before second reading.

There is another procedure that, in the spirit of openness, I am hoping the minister might consider. To date, it has not been the practice of the government to table opinions about the constitutionality or charter compliance of a bill. Given the real concerns that exist with respect to warrantless access to information that is contained in this bill as kind of a compendium bill to Bill C-13, I would ask the minister to please consider, for once, having the Department of Justice table a written opinion on the constitutionality of this. Why does it think that the Spencer judgment coming out of the Supreme Court of Canada does not apply or, if it applies, that the bill is written in a way that justifies it under the charter?

So often in committee there is minimal to no good testimony from the civil service side on why, supposedly, the Minister of Justice has certified that a bill is in compliance with the charter. We know that the standard for the minister doing that is a very minimalist standard.

I will read from the Senate testimony on Bill S-4 from Michael Geist, of the University of Ottawa, to tell the House why having that additional procedure as part of the referral to committee before second reading would be useful. He says:

Unpack the legalese and you find that organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both [to] past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening).

That is an extremely good summary of a core problem with the bill in terms of the fears it raises that it has gone too far. It would purportedly create an updated regime to protect privacy and in the process would potentially ram through new problems with respect to Canadians' privacy.

I would like to now, in my last couple of minutes, go over a few points that I hope come up in committee.

I wish to thank a constituent, Mr. John Wunderlich, an expert in privacy law, who worked with me on the weekend to better understand the bill. These are points that I hope do have discussed.

In paragraph 4(1)(b) of the act, the definition of who this would apply to would move from just employees to employees and applicants for employment. In that context, this leaves hanging the question of how much or how little this would apply to companies whose business is to conduct background checks. The committee should solicit feedback on this. In my view, the background check function in the employment sector is done far too often and too deeply and already constitutes a systemic privacy invasion in the employment sector. Therefore, this extension needs to be looked at.

The next thing is the definition of valid consent. While it is welcome, because it brings clarity, the committee should note whether the current systems asserting consent on the web actually provide meaningful information to web surfers about just how many entities will be given access to either some or all of their personal information. Right now, there is a real risk that so-called valid consent, as outlined in the bill, would actually piggyback on the systematic sharing of information that people have no idea is being shared. The act could become a smokescreen behind which individual profiles were built and shared across businesses.

I have already spoken about the potential for the warrantless invasion of privacy because of the fact that organizations could seek information from others when they are simply investigating breaches of agreement or fraud. We should keep in mind that when they are investigating fraud, it is not just in the criminal context. All of this involves civil questions as well. An example is fraudulent misrepresentation.

The “real risk of significant harm” test for companies in particular to decide whether they are going to inform the commissioner and at another stage inform persons of breaches of privacy is a problematic standard in the sense that it is actually very general, and it is probably too low. There should be a presumption for disclosure to the commissioner, and it should be left up to the commissioner to either determine, or assist the company in determining, whether this is significant enough to let the persons whose information was released know that it happened. At the moment, it is an entirely discretionary system, based on a very vague standard, which may mean that data will be breached without people actually knowing it and being able to take the measures necessary to protect themselves.

Those are only three of the more specific concerns that need to be looked at. There is a lot in the bill.

I have a final comment, and it may be a rather strange one. I am looking at my colleague across the way. The privacy legislation from Alberta should be looked at very closely as a reference point for whether the government has gotten certain things wrong. That province has gotten things right.

Mr. Speaker, today it is my absolute pleasure to express my support for Bill S-4, the digital privacy act. When the industry minister released Digital Canada 150, our government's plan to guide Canada's digital future, he set out clear goals to put our country at the forefront of the digital economy.

One of the five pillars of this ambitious plan is “protecting Canadians”. In order to realize the full benefits of the digital plan and the digital world, Canadians must have confidence that their online activities are secure and that their online privacy is protected through strong measures like the digital privacy act.

This government is taking concrete action to make sure that Canadians and their families are protected from online threats. Protecting Canadians online is particularly important when we consider the most vulnerable segments of our society. Indeed, as the Internet becomes present in virtually every aspect of our economy, and our children's homework, it is also becoming an essential element in our children's lives.

A recently released survey conducted last year by MediaSmarts, a charitable organization dedicated to digital and media literacy, revealed that in 2013, 99% of Canadian students were able to access the Internet outside of their school. When online, students play games, download music, television shows and movies, and socialize with their friends and family.

The survey reveals that over 30% of students in grades 4 to 6 have Facebook accounts, and that by grade 11, my daughter's year, 95% of students have an account. However, with this increased online presence comes increased risk. As we have seen, young people can unfortunately become targets of online intimidation and abuse. This government has acted to protect our children from cyberbullying and other similar threats.

In addition to responding to the very real and harmful threats related to cyberbullying, this government is also acting to protect the privacy of minors and other vulnerable individuals through proposed amendments to the digital privacy act.

In our modern digital economy, our children must be able to go online in a safe and secure way if they are to develop the skills they will need later to find jobs in the digital marketplace. The online world has the potential to provide considerable benefits for our children's education and development, and it can greatly enrich their social lives.

At the same time, going online can expose children to privacy risks. For example, minors can be subject to aggressive behavioural marketing tactics, or they could have their personal data collected and shared without truly understanding what is being done. There is the potential for long-term privacy consequences.

The digital privacy act includes an amendment to Canada's private sector privacy law to strengthen the requirements around the collection, use, and disclosure of personal information, which will increase the level of protection for vulnerable Canadians such as children. Specifically, the digital privacy act clarifies that when a company is seeking permission to collect, use, or disclose personal information from a specific group of individuals such as children, then the company must make sure that an average person, such as a child in that group, would be able to understand what is going to happen with the information.

An example is the best way to illustrate how the proposed amendment will work. Imagine, for example, an educational website that is designed primarily for elementary school children. Under the proposed amendment, any request by that website to collect, use, or disclose personal information would need to be worded in such a way that it is understandable by the average elementary school student. This not only includes making sure that the wording and language used in the request is age appropriate, but that the request itself is appropriate as well. If it is not reasonable to expect that the average elementary-aged child would understand the purpose and consequences of them clicking “okay”, then under the digital privacy act the company would not have valid consent.

Minors under the age of majority are more vulnerable and require additional protections. At the same time, privacy protection for children must reflect their level of maturity and psychological development. It must respect that.

That is why our government has ensured that the flexibility inherent to the act which allows the application of contextual privacy protections is reflected in our proposed amendment. The ability of teenagers to understand what is being done with personal information and their ability to make decisions about what they will and will not agree to is completely different from what elementary school children are capable of.

As they age, minors become more able to make sound decisions about themselves and what is being done with their personal information. Therefore, a website directed, for example, to grade 12 students, should not explain what it intends to do with information and seek consent in the same way that an educational website for elementary school students would. The process is similar; the means are different.

The proposed amendment adjusts for this difference by focusing on what is reasonable to expect of the group of individuals being targeted by the company's product or service.

The former interim privacy commissioner strongly supported this proposed amendment when speaking to the Senate committee that was studying the bill last spring. This is what the Office of the Privacy Commissioner said in its written submission to that committee:

We think this is an important and valuable amendment that will clarify PIPEDA’s consent requirements. By requiring organizations to make a greater effort to explain why they are collecting personal information and how it will be used, this proposed amendment should help make consent more meaningful for all individuals, particularly for young people for whom the digital world is an integral part of their daily lives.

As an added protection, PIPEDA has always recognized that parents or other authorized representatives have the right to provide consent on behalf of an individual, including children. Indeed, the responsibility and commitment to protect the privacy of children and other vulnerable Canadians is absolutely a shared one. Parents, governments, educators, as well as charities in the private sector, all have a central role to play in protecting the online privacy of our children.

The government firmly believes that digital literacy and skills are at the core of what is needed for individuals to succeed in today's online economy. Understanding by parents, educators, and children of the relevance and importance of protecting online privacy is a central component of digital literacy.

The government supports the role that the Office of the Privacy Commissioner of Canada is playing in educating Canada's youth about the importance of online privacy and helping them to not only understand the impact that online services and applications can have on their privacy but also helping them make wise, smart decisions.

For example, the office of the commissioner created a graphic novel called Social Smarts: Privacy, the Internet and You. It was designed to help young Canadians better understand online privacy issues. They have also created tools to support parents and educators as they seek to protect children's online privacy. A discussion guide and privacy activity sheets have been developed to help them work with children to explore and understand privacy risks associated with social networking, mobile devices, texting, and online gaming.

The government is committed to protecting the privacy of Canadians. The digital privacy act takes concrete action to protect the most vulnerable members of our society, and that includes our children. At the same time, this legislation respects the growth of our children as they approach adulthood. It is measured and graduated because of that.

I hope all hon. members will join me in supporting this very important bill.

Mr. Speaker, I have another question for my colleague.

The government's bill is called the Digital Privacy Act. However, we now know that the Conservative government does not have the best record in the world when it comes to protecting privacy. It lost track of a significant amount of Canadians' personal information. It passed Bill C-13, which gives statutory immunity to Internet service providers who decide to voluntarily hand over personal information. There is no shortage of examples: government agencies made at least 1.2 million requests to Internet service providers in just one year.

Does the hon. member not have any misgivings about this? Will the government really make good changes during the review of this bill in committee?

Mr. Speaker, I am happy to rise in the House today to speak to Bill S-4, An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act. As members know, today's debate turns not precisely on Bill S-4 but on a motion to refer the bill to committee before second reading.

The concerns that I will raise with respect to the bill itself, which go as far as to challenge the constitutionality of the bill, would likely be fatal to the bill at second reading, but we need not concern ourselves with that today. We need not arrive at a conclusion about how fatal these flaws are or how injurious they are to the bill.

The motion before us today would allow us to visit the scope and principle of the bill at committee and make, as required, amendments to those very principles and scope of the bill.

Today, I would argue that this motion warrants support, so that we have the flexibility to properly study, examine and propose amendments to the bill at committee before the principle and scope are set.

Let me set out a few reasons why this is particularly important in these circumstances and relating to this particular legislation.

First, let me address the issue of public opinion that sets the context in which this bill and more broadly the issue of privacy concerns exist.

According to a survey of Canadians on issues related to privacy protection conducted last year, 70% of Canadians feel less protected than they did 10 years ago; only 13% of Canadians believe that companies take their privacy seriously; 97% of Canadians say they would like organizations to let them know when breaches of personal information actually occur; 80% of Canadians say they would like the stiffest possible penalties to protect their personal information; and 91% of Canadian respondents were very or extremely concerned about the protection of privacy.

The current government cannot absolve itself from contributing to this level of public concern about privacy issues. It is not just a matter of legislative lethargy; that is, it is not just about the fact that we are well past the five year mark for the conduct of a mandatory review of the Personal Information Protection and Electronic Documents Act, an act that is by now well behind international standards and has failed to keep up with technological advancements in this digital age.

Part of the issue here is that the current government has itself repeatedly demonstrated insufficient care for the personal privacy of Canadians through its own conduct. I would point to the fact that in one year alone, under the current Prime Minister's watch, government agencies secretly made more than 1.2 million requests to telecommunications companies for personal information, without warrant or proper oversight.

It is a government with a seemingly insatiable appetite and perhaps an addiction to Canadians' personal information. It is a government that needs to be constrained by effective legislation that protects the privacy and personal information of Canadians. It is a government that has no credibility on this subject matter.

This is evident in the legislation that the Conservatives have defeated in this House. In 2012, our NDP digital issues critic, my colleague from Terrebonne—Blainville, put forward Bill C-475, a bill to amend the Personal Information Protection and Electronic Documents Act. It would have applied similar online data protection standards that exist in Quebec's personal information protection act. For example, Bill C-475 would have given the Office of the Privacy Commissioner of Canada the power to issue orders following an investigation. The Conservatives defeated that bill at second reading. They also defeated our NDP opposition day motion on May 5 last year. That motion simply called on the government to close loopholes in existing legislation that currently allowed the sharing of personal information without warrant.

The current government's disregard for private and personal information is also evident by the legislation that it has brought forward.

Bill C-13, the government's cyberbullying law, includes lawful access provisions that would expand warrantless disclosure of information to law enforcement by giving immunity from any liability for companies that hold the information of Canadians to disclose it without a warrant. This makes it more likely that companies would hand over information without a warrant as there are no risks that they would face criminal or civil penalties for such conduct.

There is a thread here that runs through the government's own efforts to access the personal and private information of Canadians through to their conduct and voting record in this place. It goes against the interests and concerns of Canadians and denies the wishes of Canadians for greater protection of their personal and private information.

In other words, the issue before us goes to the principles underlying this bill. They need to be examined and amended at committee. For example, while Bill S-4 would make it mandatory to declare the loss or breach of personal information for the organizations in the private sector and penalize organizations that do not fulfill this obligation, the proposed criteria for mandatory disclosure remains subjective. It would allow the organizations themselves to assess whether “it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual”.

More and most problematically still, Bill S-4 would add exceptions under which personal information may be collected, used or disclosed without an individual's consent. The bill would make it easier for organizations to share personal information with each other without the consent of individuals if the organizations are engaged in a process leading to a “prospective” business transaction. In other words, under certain circumstances, the bill allows personal information of one organization's clients to be shared with another organization without the consent or knowledge of those individuals.

Here we run into some significant problems with this bill. The amendments proposed contradict the very foundation of the act they seek to amend and serve to defeat what the Supreme Court called in R. v. Spencer the act's “general prohibition on the disclosure of personal information without consent”. As the Supreme Court said in that recent decision, “PIPEDA is a statute whose purpose is to increase the protection of personal information”.

The Supreme Court, in R. v. Spencer, got to the heart of the issue here, understanding what the government has failed to understand about the issue of informational privacy in the digital age. It is worth quoting at length here. It stated:

Informational privacy is often equated with secrecy or confidentiality, and also includes the related but wider notion of control over, access to and use of information. However, particularly important in the context of Internet usage is the understanding of privacy as anonymity. The identity of a person linked to their use of the Internet must be recognized as giving rise to a privacy interest beyond that inherent in the person’s name, address and telephone number found in the subscriber information. Subscriber information, by tending to link particular kinds of information to identifiable individuals may implicate privacy interests relating to an individual’s identity as the source, possessor or user of that information. Some degree of anonymity is a feature of much Internet activity and depending on the totality of the circumstances, anonymity may be the foundation of a privacy interest that engages constitutional protection against unreasonable search and seizure.

So, from subscriber information, the Supreme Court has connected that information through to search and seizure.

We have at least before us a major concern with the principles of this act, but seemingly too a bill that is simply unconstitutional. Leaving aside for the moment this latter issue, let me suggest by way of conclusion that if there is something in Bill S-4 that is salvageable, it can only be so if this bill moves to committee before this House sets in concrete the principles and scope of this bill, and limits the kinds of amendments that can arise out of committee post second reading.

Mr. Speaker, the legislation would provide a tremendous amount of protection to consumers and to government to ensure that the right solutions and the right oversight are in place.

The digital privacy act would not force companies to hand over private information to the police, copyright trolls or anyone else. These new measures would place strict limits and tight restrictions on companies that lawfully share Canadians' private information for investigative purposes. Organization to organization information-sharing already exists in Alberta and British Columbia. These changes were recommended by the access to information and privacy committee in 2007 with the agreement of the Liberals and the NDP and these provisions are well entrenched in this new legislation.

Mr. Speaker, Bill C-13 and Bill S-4 give access to personal information without a warrant or any oversight mechanism.

Why does the government want to allow snooping without a warrant by creating these deficiencies with no oversight to prevent abuses in the system?

Mr. Speaker, I am pleased to rise today to speak to Bill S-4, the digital privacy act. I support the bill.

The purpose of the digital privacy act is to strengthen the rules for the safeguarding of Canadians' personal information when they shop online or surf the web. The digital privacy act would amend the Personal Information Protection and Electronic Documents Act, more commonly known as PIPEDA, which provides a legal framework for how personal information must be handled in the context of commercial activities.

Last April, our Conservative government introduced the Digital Canada 150, an ambitious plan for Canada to take full advantage of the digital economy as we plan to celebrate our 150th anniversary in 2017. Digital Canada 150 has five pillars and 39 new initiatives that will allow Canada to be a leading nation in the digital domain. One of the most important pillars in Digital Canada 150 is the “protecting Canadians” pillar, which is what we are talking about today. The digital privacy act would introduce new amendments and stronger rules to help protect Canadians' personal information.

As we live in an increasingly digital age, the need to protect our personal information becomes stronger. We use credit cards to purchase items online. We use the Internet to browse websites that may ask us for our personal information, and so on. Just last month, Home Depot was the victim of a massive data breach. The information of 56 million debit and credit cardholders was stolen.

It is surprising that, under the current law, it is not mandatory for companies to disclose to their clients that they have been the victims of hackers or if they have lost personal information. That means that if someone's credit card information was stolen, under current laws, that person may never know his or her information was compromised. It may be surprising to some, but it is not currently mandatory that companies inform their clients if their personal information has been lost or stolen.

Under the digital privacy act, however, if a company fails to notify its clients of a data breach where their information has been compromised, it can face a fine of up to $100,000 for every client it fails to notify. In addition, companies are now required to keep a record of all data breaches, and all documents must be handed over to the Privacy Commissioner upon his or her request.

The digital privacy act would also put in place new provisions that would allow the limited disclosure of personal information when it is in the public interest. One such example is the unfortunate reality of financial abuse. As it stands now, banks and other financial institutions are prevented from reporting suspected financial abuse to the proper authorities. The digital privacy act would give the exception to allow banks to alert law enforcement when they suspect that a senior is being financially abused.

The Canadian Bankers Association has endorsed these amendments. It said:

We were pleased to see that Bill S-4 includes amendments that would give banks and other organizations greater ability to assist their clients to avoid financial abuse.

As our society spends increasingly more time online and on the Internet, it is important that we have the proper safeguards in place for our children. Educational websites and virtual playgrounds are becoming more and more popular with young children. Sometimes, for marketing purposes, these websites will ask for the users' personal information. Under the digital privacy act, there is a clearer set of rules for when companies ask to collect personal information from a child. The request for information now must be written in a way that a child can understand. If the wording is too complicated for a child to understand, the consent is not valid.

The digital privacy act would also ensure that online privacy laws reflect the realities of business, such as allowing businesses to share employees' contact information and information necessary to manage an employment relationship. Businesses also need to be able to use the information employees produce at work as well as the information necessary to conduct due diligence during a business transaction such as a merger.

The digital privacy act also puts forward rules that align with provincial privacy laws. For organizations, it is important that consistent rules for the protection of personal information apply and that wherever they operate their businesses, their obligations would be the same. Consistent rules also provide individuals with confidence that wherever they conduct their business in Canada their information will benefit from the same level of protection. The bill before us takes steps to align our privacy rules with provincial laws.

The bill before us is a much needed update to privacy laws in Canada. It is a balanced approach that includes stronger rules to ensure companies are held to account, exceptions to allow for seniors to be protected from financial abuse, and new rules to ensure our children are protected online.

Now is the time for these measures to be passed into law through the passage of the Bill S-4. I hope hon. members will join me in supporting the digital privacy act.

Mr. Speaker, the Conservatives have repeatedly shown how little respect they have for the Supreme Court of Canada. We have seen various examples of their contempt for our justice system.

Why do they not remove the parts of Bill S-4 that are likely to be considered unconstitutional in light of the Spencer decision?

Mr. Speaker, as the member of Parliament for Renfrew—Nipissing—Pembroke, it is a pleasure to rise in the House today to speak in support of Bill S-4, the digital privacy act. Bill S-4 is an essential part of Digital Canada 150, our Conservative government's plan to confirm our leadership in Canada in the digital age.

Bill S-4 proposes a number of important changes to the Personal Information Protection and Electronic Documents Act, PIPEDA, that will strengthen the protection of Canadians' privacy. The digital privacy act would also set new rules on how personal information is collected, used, and disclosed. Most importantly, this legislation requires organizations to tell Canadians if their personal information has been compromised. Companies who fail to inform Canadians about privacy breaches would be subject to severe fines for breaking the rules.

The digital privacy act is a balanced approach that protects Canadians' personal information. It allows for information sharing when the law has been broken. This balanced approach confirms our Conservative government's respect for personal privacy.

Let us now address any misunderstanding by individuals who have not read our legislation, particularly when things are read into this bill that clearly do not exist, such as claims that this bill expands warrantless disclosure

When all parties in this House agreed to enact PIPEDA over a decade ago, we recognized that there were certain limited circumstances where an individual's right to privacy should be balanced to assist the public interest. For example, PIPEDA ensures that the right to freedom of expression is respected by allowing for information to be collected and used for journalistic or artistic purposes. Another example is that PIPEDA allows people to freely share information with their lawyer, even if it includes the personal information of another individual, to ensure the proper administration of justice.

PIPEDA allows private sector organizations to disclose individuals' personal information in order to conduct investigations that help protect Canadians from wrongdoing. This provision has always existed within PIPEDA. Bill S-4 does not expand this practice. Rather, our legislation would place tight rules and strict limits on when and how private organizations could share Canadians' personal information.

I would like to emphasize to the House the role of private organizations and how they can play an important role in creating a safe and secure society for Canadians. Consider, for example, self-regulating professional associations, like the College of Physicians and Surgeons of Ontario, the Law Society of Alberta, or the Association of Professional Engineers of Nova Scotia. These bodies have the legal authority to investigate their members and take disciplinary action where required. This may be because a physician is performing procedures that he or she is not qualified to perform; it may be because a lawyer is charging inappropriate fees to clients; or, it may be because an engineer is approving the drawings for a new building without actually reviewing them.

It is not difficult to see there is a real public interest in making sure that these professional associations have the ability to investigate complaints against their members and to ensure they are meeting high professional standards that benefit Canadian society. In order to do so, investigators must be able to obtain personal information that is protected under PIPEDA. For example, when investigating a complaint against a lawyer, the law society may request that the lawyer's firm provides access to his or her client lists, financial records, or calendar. All of these records could include personal information which normally could not be disclosed to investigators without the individual's consent.

Under PIPEDA as it now stands, investigators who want to access personal information without consent must be listed as an investigative body by Industry Canada. This involves coming forward to the department and justifying the need to access the information. This is an onerous process for organizations and for the government. For example, a simple name change by an investigative organization may lead to a year-long regulatory process before the change is reflected in the law.

During the first statutory review of PIPEDA, the House of Commons committee recommended that PIPEDA be amended to change the rules for private investigations and adopt a system that is consistent with both Alberta and British Columbia. Under these regimes, there is a general exception to consent for information sharing purposes of private sector investigations.

In essence, these provincial laws regulate the activity of private investigations rather than the organizations who conduct them. Bill S-4 would introduce similar rules to those that already exist in Alberta and British Columbia. By placing tight rules and stricter limits on when and how private organizations can share a Canadian's personal information, our government is complying with the recommendations made by the all-party committee.

Upon Bill S-4 being enacted, private organizations would be required to abide by four strict rules when sharing a Canadian's private information for the purposes of an investigation. It is important for Canadians to appreciate that despite these rules, private organization information sharing is voluntary. These rules only apply in the event that an organization agrees to disclose information for the purposes of an investigation. These rules are as follows:

First, the information can only be provided to another private organization, not the government and not law enforcement. Second, the information that is requested must be relevant to the investigation. For example, there is little reason that a social insurance number would be released for the purposes of investigating professional misconduct. Third, the investigation must pertain to a contravention of the law or breach of a contract. Finally, it must be reasonable to believe that seeking the consent of the individual to disclose the information would compromise the investigation.

To be clear, organizations that share information would continue to be subject to all other requirements of PIPEDA. The Privacy Commissioner and the Federal Court will continue to have oversight on this matter, and if an organization is found to be using the exemption provisions where it is not necessary, action would be taken by the commissioner or by the court.

The Conservative government always takes the privacy of all Canadians very seriously. Our fundamental beliefs, such as democracy, the right to own private property, and the right of freedom of association, are complementary. They are why we introduced the digital privacy act, to protect Canadians' private information in the digital age.

I look forward to the remainder of the debate and working with the opposition for all Canadians on how we can best protect individuals in the digital world.

Mr. Speaker, I would like to thank my Liberal colleague for her speech.

I am pleased that she raised some of her concerns about Bill S-4, in particular the negative impact it may have on the privacy of Canadians. All of the concerns that she mentioned were also raised by the Liberals during the debate on Bill C-13. However, in the end, the Liberals supported the government bill designed to spy on Canadians.

I would like to know if we can expect the same thing from the Liberals this time as well?

Mr. Speaker, I am happy to be on my feet, adding a few comments on my concerns with Bill S-4.

I have to begin by saying that I am disappointed that the bill had to come from the Senate, rather than being introduced in the House as part of the ongoing committee work that we would have been doing. The government chose to have it introduced in the Senate and brought in through the back way.

On this side of the House, we will support sending the bill to committee. We have some very serious concerns when we combine the impact of Bills C-13 and S-4, but in order to ensure that we are being open and fair on this issue, that we understand it thoroughly, and that it does keep Canadians' interests in mind, we will support it going to committee. Hopefully, at that point, we will have sufficient time to get answers to the various questions of concern.

We are back discussing the Conservatives' type of approach, which is that one is either with them or against them. If we vote against the bill, it means that we are not interested in privacy rights, and if we vote for the bill, there is another side.

It is another one of those bills that continue to be very divisive in the House at a time when these are the kinds of privacy issues that we should be trying to work out together. I do hope that when we get to the industry committee, we have a good group there so that we can do some serious work in a non-partisan way. Maybe we can strengthen the bill in the end, by listening to some of the experts who have sincere concerns about it.

I do not mean to start out on a negative, but the truth is simple. We all need to be part of the debate today.

The way that the government looks at personal information, protection and privacy has already been subject to a Supreme Court ruling, and we have to give consideration to that. It is one thing to play partisan politics in the House and think that we are playing to the political base, but it is important that we listen to the rulings of the Supreme Court on privacy issues.

There are clearly those who have tried to make it sound like anyone who does not support the government is supportive of criminals. We have heard that before. However, the discussion is not as simple as that. The government's record on information protection has been embarrassingly negligent, so forgive me if I am not convinced that the recent scheme is worth passing without intense scrutiny.

We should all remember the matter of that lost hard drive, which held the social insurance numbers, medical records, birthdates, education levels, occupations and disability payment information of about 5,000 Canadians. That was lost. Perhaps the government wishes to plead incompetence on that side, or maybe it was an accident. We always like to be fair, so maybe it was an accident. Either way, the way that the government manages information needs extra study, which is why I am speaking on this today.

We are now looking at Bill S-4, but one cannot look at Bill S-4 without considering the implications of its companion legislation. Bill C-13, which is also before the House this week, would make it a crime to transmit pictures without consent, and it would remove barriers to getting unwanted pictures removed from the Internet. The stated intent of the bill is positive, but I have serious concerns with the provisions that would grant immunity to telecom companies that provide subscriber information to the police without even so much as a warrant.

I raise the issue, given that last April, Canada's interim privacy commissioner revealed that nine telecommunications companies received an average of 1.2 million requests from federal enforcement bodies for private customer information every year. That amounts to nearly 3,300 requests each and every day.

Those are shocking numbers, and it could be argued that the bill has, in effect, already been rendered unconstitutional by the Supreme Court. Last June, in an unrelated case, the court declared that law enforcement requires a warrant to get even basic subscriber data. Bill S-4 would allow private companies to share telecom subscriber data between themselves, something that would seem to contravene the Supreme Court's ruling.

How could that possibly be? Did the Senate miss this detail or did it fail to consider the implications of the Supreme Court's ruling? The truth is that the Senate passed Bill S-4 just days after the Supreme Court ruling, without even studying the implications. I guess the government is less concerned with that than pushing ahead with both Bill C-13 and Bill S-4. It is a lack of respect for the Supreme Court as well as Parliament.

Put simply, the legislation represents a paradigm shift in the way we deal with the release of private information. Traditionally, privacy laws outline the rules and procedures needed to protect information and personal data, but in this case, the legislation sets out circumstances under which that material can be released. Clearly, the implications of this change have not been fully considered and should be explored by the committee prior to passing final judgment on the pros and cons of the measures contained within Bill S-4.

My party and I will be voting to send it to committee for what we would hope is a thorough examination. Liberals want to ensure that law enforcement officials have access to the information they require to keep us safe, but a blank cheque approach is inappropriate. A blank cheque approach has been ruled unconstitutional by the Supreme Court and promises limited success in advancing societal protections when considered holistically. Why not take the time to do this right?

In a world where crimes involving data theft, identity fraud and online stalking are on the rise, protecting data is crucial. Data is not simply information. It is a commodity, it is power, and it is the doorway into the private lives of so many people. Liberals are deeply concerned that the government's commitment to safeguarding the personal information and privacy of Canadians is less than absolute. I am not suggesting the government is malicious. I do not believe that, but I fear it just does not understand the implications of Bill S-4.

Notwithstanding certain faulty or short-sighted legislative measures introduced by the government in the past, Canada is facing a genuine paradigm shift with respect to privacy protection, but privacy protection cannot be taken lightly. Whether protecting personal information from unscrupulous business interests, Internet stalkers and identity thieves, or rogue states bent on economic espionage, information security is crucial.

With these concerns in mind and as a leap of faith and confidence that our committee will have a chance to thoroughly examine this, I will be voting in favour of sending the bill to committee for further study. However, in return, I am also asking the minister to allow the committee to do its work honestly and freely without the involvement of the leadership so that the committee is allowed to really examine it thoroughly to ensure that if this goes forward, it goes forward with what I would hope would be unanimous support in the House on something as important as Canada's privacy rights. I believe that is quite doable, because at the end of the day we have the same objectives, to ensure Canadian privacy laws are strong and that Canadians are protected.

Mr. Speaker, I thank my colleague for her excellent response. Members of my party and I are aware that in some emergency situations, there has to be access to information without a warrant. The problem with sharing information that way is that it seems to happen more often than circumstances can justify. The government has to strike a balance between protecting privacy and security. Bill S-4 does not strike that balance.

Can my New Democratic colleague tell me about her concerns with respect to that failure to strike a balance?

Mr. Speaker, the motion we are looking at today is unique in that it is the first of its kind in Parliament.

We have to wonder whether it is worth sending this bill to committee before it is passed at second reading, since that is not in keeping with the usual legislative process. While I have numerous concerns about Bill S-4, I still plan on supporting today's motion because I think that we can work together to improve the bill. However, that does not mean that I support the bill, and I must make that distinction.

As parliamentarians, we have been elected to work together and find effective solutions. That is what I am hoping to do today. I want to reach out to the government in the hopes of improving this bill because some of the elements are a step in the right direction.

As the hon. member for Chicoutimi—Le Fjord said, I introduced Bill C-475 in the House. That bill was designed to make significant changes to the Personal Information Protection and Electronic Documents Act, PIPEDA, to ensure it reflected the reality of the digital era. Unfortunately, the Conservatives voted against it. There could have been better protections in place, but we were unable to work together. This time around, I hope that will be possible.

It is extremely important that PIPEDA be updated, since it has not been updated since the very first iPod was introduced. Technology has evolved. Facebook did not even exist yet at the time. Things have really changed, and the law must reflect the current reality. This bill is a good first step, but it does not go far enough.

For instance, it is important to introduce a mandatory system for notifying users of data losses and data breaches. However, the model proposed by the government is subjective: organizations can decide whether the data breach is significant enough to report. In some situations, these organizations will not have the best means or knowledge to do this, especially the really small organizations. Is it really in their interest to disclose such data breaches? Probably not.

Bill C-475 proposed a model that was objective. That is one aspect that must absolutely be improved in order to better protect Canadians' privacy, and I hope this change can be made in committee.

It is important to implement a system that will ensure greater compliance with PIPEDA. With international digital mega-corporations in the picture, our laws are too frequently broken because there are currently no penalties. That is why we need a system of penalties to enforce corporate compliance with PIPEDA and Canadian privacy laws.

Unfortunately, Bill S-4 does not go far enough in this respect. It creates the option of putting together a committee that will act in good faith. Sometimes everyone acts in good faith and is happy, but that is not always how things work.

The commissioner has to be able to issue orders earlier in the process, but that is not what the government has proposed. That is what I proposed in Bill C-475, and that is another change that will have to be made to Bill S-4 before we can support it.

However, what really bothers me about this bill is the provision that would allow organizations to share personal information without a warrant and without the consent of the individual concerned. That is a huge problem. Even though this bill is called the digital privacy act, it contains a provision that could really interfere with the protection of privacy. I find that deeply contradictory.

It is also extremely important to point out that between the time that this bill was drafted and the debate today, the Supreme Court reiterated in its ruling that information such as data from Internet service providers on their clients, including their IP addresses, email addresses, names, telephone numbers, and so forth, are personal information and cannot be obtained without a warrant. Obviously, I am paraphrasing, but that is more or less what the Supreme Court ruled.

I have major reservations about the constitutionality of this provision of the bill. I asked the government to reassess it and withdraw it. Unfortunately, my request was not favourably received.

I think we could work together during review in committee on withdrawing this provision, which may violate the Canadian Constitution. I hope that is why the Conservatives want to send this bill to committee.

Obviously this is a Senate bill. During review in committee, a number of witnesses shared their concerns over this very provision. The Privacy Commissioner said the following in a brief:

Allowing such disclosures to prevent potential fraud [as provided for in clauses 7(3)(a.1) and 7(3)(a.2)] may open the door to widespread disclosures and routine sharing of personal information among organizations on the grounds that this information might be useful to prevent future fraud.

Indeed, the government wants to protect personal information, but allowing access to that information without a warrant, without consent, without any judicial oversight and without transparency is very problematic.

On many occasions, the government has used PIPEDA and its loopholes to call on Internet service providers and ask for Canadians' personal information. Why? We do not know. We do not even know exactly how many requests have been made, because this information is not available to the public. However, based on what the Privacy Commissioner revealed, we know that in a single year, government agencies made at least 1.2 million requests to Internet service providers to obtain personal information about their customers. That is a huge problem.

The government could have taken this opportunity to truly protect Canadians' privacy and to fix the loopholes in PIPEDA that allow this kind of information to be transmitted without legal oversight, without consent and without any transparency. It could have done that. I hope it will do so during the study in committee. That is very important. I am just making a suggestion.

We are debating the motion today. We are prepared to agree to study this bill before it passes at second reading, as is usually the case. I hope that this will be a gesture of good faith, and that the Conservatives will take this opportunity to fix the loopholes in PIPEDA and to eliminate the clause allowing organizations to share information without a warrant. We cannot support a bill that contains provisions that violate Canadians' privacy.

Mr. Speaker, I thank the two previous speakers.

My colleague from Terrebonne—Blainville had some good questions for the parliamentary secretary. She even introduced Bill C-475, which proposed a number of provisions that can be found in Bill S-4.

Why did the Conservatives not vote in favour of the bill introduced by my colleague from Terrebonne—Blainville, even though several of the provisions in her bill are in Bill S-4, which they want to pass?