Digital Privacy Act

An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act

This bill is from the 41st Parliament, 2nd session, which ended in August 2015.

Status

This bill has received Royal Assent and is now law.

Summary

This is from the published bill. The Library of Parliament has also written a full legislative summary of the bill.

This enactment amends the Personal Information Protection and Electronic Documents Act to, among other things,
(a) specify the elements of valid consent for the collection, use or disclosure of personal information;
(b) permit the disclosure of personal information without the knowledge or consent of an individual for the purposes of
(i) identifying an injured, ill or deceased individual and communicating with their next of kin,
(ii) preventing, detecting or suppressing fraud, or
(iii) protecting victims of financial abuse;
(c) permit organizations, for certain purposes, to collect, use and disclose, without the knowledge or consent of an individual, personal information
(i) contained in witness statements related to insurance claims, or
(ii) produced by the individual in the course of their employment, business or profession;
(d) permit organizations, for certain purposes, to use and disclose, without the knowledge or consent of an individual, personal information related to prospective or completed business transactions;
(e) permit federal works, undertakings and businesses to collect, use and disclose personal information, without the knowledge or consent of an individual, to establish, manage or terminate their employment relationships with the individual;
(f) require organizations to notify certain individuals and organizations of certain breaches of security safeguards that create a real risk of significant harm and to report them to the Privacy Commissioner;
(g) require organizations to keep and maintain a record of every breach of security safeguards involving personal information under their control;
(h) create offences in relation to the contravention of certain obligations respecting breaches of security safeguards;
(i) extend the period within which a complainant may apply to the Federal Court for a hearing on matters related to their complaint;
(j) provide that the Privacy Commissioner may, in certain circumstances, enter into a compliance agreement with an organization to ensure compliance with Part 1 of the Act; and
(k) modify the information that the Privacy Commissioner may make public if he or she considers that it is in the public interest to do so.

Elsewhere

All sorts of information on this bill is available at LEGISinfo, an excellent resource from Parliament. You can also read the full text of the bill.

Bill numbers are reused for different bills each new session. Perhaps you were looking for one of these other S-4s:

S-4 (2022) Law An Act to amend the Criminal Code and the Identification of Criminals Act and to make related amendments to other Acts (COVID-19 response and other measures)
S-4 (2021) An Act to amend the Parliament of Canada Act and to make consequential and related amendments to other Acts
S-4 (2016) Law Tax Convention and Arrangement Implementation Act, 2016
S-4 (2011) Law Safer Railways Act

Votes

June 18, 2015 Passed That the Bill be now read a third time and do pass.
June 18, 2015 Failed That the motion be amended by deleting all the words after the word “That” and substituting the following: “this House decline to give third reading to Bill S-4, An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act, because it: ( a) threatens the privacy protections of Canadians by allowing for the voluntary disclosure of their personal information among organizations without the knowledge or consent of the individuals affected; ( b) fails to eliminate loopholes in privacy law that allow the backdoor sharing of personal information between Internet service providers and government agencies; ( c) fails to put in place a supervision mechanism to ensure that voluntary disclosures are made only in extreme circumstances; ( d) does not give the Privacy Commissioner of Canada adequate order-making powers to enforce compliance with privacy law; and ( e) proposes a mandatory data-breach reporting mechanism that will likely result in under-reporting of breaches.”.
June 2, 2015 Passed That Bill S-4, An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act, as amended, be concurred in at report stage and read a second time.
June 2, 2015 Failed
June 2, 2015 Failed
May 28, 2015 Passed That, in relation to Bill S-4, An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act, not more than one further sitting day shall be allotted to consideration at the report stage and second reading stage of the Bill and one sitting day shall be allotted to consideration at the third reading stage of the Bill; and That, 15 minutes before the expiry of the time provided for Government Orders on the day allotted to the consideration at the report stage and second reading stage of the said Bill and on the day allotted to consideration at the third reading stage of the said Bill, any proceedings before the House shall be interrupted, if required for the purpose of this Order, and, in turn, every question necessary for the disposal of the stage of the Bill then under consideration shall be put forthwith and successively, without further debate or amendment.

PrivacyOral Questions

May 5th, 2014 / 2:35 p.m.


See context

NDP

Charlie Angus NDP Timmins—James Bay, ON

Mr. Speaker, Canadians were spied on 1.2 million times last year, and under the government, it is about to get a lot worse. Under Bill S-4, the Conservatives will now make it legal for corporations to call telecoms and demand an individual's personal information.

Under Bill C-13, peace officers or public officers, who are defined in law as small town reeves, fisheries inspectors and officers and yes, mayors like Rob Ford will now be able to call telecoms and demand our personal information.

It is like a massive fishing expedition. Why has the government declared open season on the private rights of law-abiding Canadian citizens?

PrivacyOral Questions

May 5th, 2014 / 2:35 p.m.


See context

Oak Ridges—Markham Ontario

Conservative

Paul Calandra ConservativeParliamentary Secretary to the Prime Minister and for Intergovernmental Affairs

Mr. Speaker, Bill S-4 is an update. This is what the Privacy Commissioner had to say about it, “I welcome proposals...” in this bill. This bill contains “...very positive developments for the privacy rights of Canadians”. She went on to say, “I am pleased that the government...has addressed issues such as breach notification...”.

It is a good bill and I do hope the opposition will consider supporting it.

PrivacyOral Questions

May 5th, 2014 / 2:30 p.m.


See context

NDP

Charmaine Borg NDP Terrebonne—Blainville, QC

Mr. Speaker, in reply to our questions on the sharing of personal information between telecommunications companies and government agencies, the Minister of Canadian Heritage said last week that Bill S-4 would solve all the problems. The exact opposite is true. Even worse, we learned today from the press that the government has just launched an internal investigation to determine the extent of the problem.

In other words, the Conservatives have no idea of what is happening in their own agencies. Will they at least release the results of this investigation?

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / 1:55 p.m.


See context

NDP

Ryan Cleary NDP St. John's South—Mount Pearl, NL

Mr. Speaker, I do take the member up on the first point that she made. All Canadians should be concerned about privacy. All Canadians may be concerned about it, but the Conservative government is definitely not concerned.

I mentioned two bills, Bill C-13, the bill aimed at attacking cyberbullying, and Bill S-4, the digital privacy act. Both of these bills expand warrantless disclosure of Internet or cellular subscriber information to law enforcement.

There is no oversight. The Conservative government does not have a grip on the laws of social media.

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / 1:40 p.m.


See context

NDP

Ryan Cleary NDP St. John's South—Mount Pearl, NL

Mr. Speaker, I stand in support of the motion by the hon. member for Terrebonne—Blainville.

The motion calls on government to make public the number, and just the number, of warrantless disclosures made by telecom companies at the request of federal departments and agencies. The motion also calls on government to close the loophole that has allowed the indiscriminate disclosure of personal information of law-abiding Canadians without a warrant.

To simplify, how many times have telecom companies handed out personal information about Canadians without a warrant to government? The government must find an immediate way to shut down the loophole that allows such personal information to be released.

We live in an incredibly connected world. Earlier this year I travelled to Tanzania, Africa, to tour Canadian development projects with a group called Results Canada. Its mission is all about ending extreme poverty, and I did see some extreme poverty. One of the images that will always stick with me is walking into a maternity ward at a rural hospital, or what they called a hospital. The maternity ward was crammed with nine or 10 beds, but there were two women in labour to a single bed.

The Tanzanians I met were the finest and best kind of people, a lovely people, but they were living with basically nothing. Still, almost every adult I came across, who could have absolutely nothing but the second-hand clothes on their back and be sleeping under a tree, still had a cellphone, and they looked at the screens as often as we do.

My point is that from Tanzania to Mount Pearl, Newfoundland and Labrador, my neck of the woods, the dependency on the Internet and on cellphones is universal.

Just this weekend I read an article by Stephen Hawking, the Nobel Prize-winning physicist, on how artificial intelligence—and we are almost to that point—could be the worst thing to happen to humanity. It would be more or less the rise of the machines. I cannot even imagine a country being led by a robot.

Oh, wait; yes, I can.

Another article I read this weekend outlined how U.S. intelligence whistle-blower Edward Snowden has warned that entire populations, rather than just individuals, now live under constant surveillance. I do not know if it is to that point in Canada, but we do have some serious cause for concern.

Let us look at the numbers first.

In late April, we learned that government departments and agencies—the RCMP, Canada Border Services Agency, and CSIS, the Canadian spy agency—requested personal information from telecom companies almost 1.2 million times in 2011 alone. That is staggering. It is a jaw-dropping rate. As the previous speaker said, it is one request every 27 seconds.

However, the number of requests for personal information is most likely greater than 1.2 million, because three of nine telecom companies told the Privacy Commissioner how many times they granted the government's requests for customer data, not how many times the government asked for the data. It was how many times they gave the data.

It is reported that wireless telecom companies complied with the government's requests for customer data at least 785,000 times. The 2010 data from the RCMP show that 94% of requests involving customer name and address information was provided voluntarily without a warrant.

Here is another indicator or how often warrants were used or not used. Canada Border Services Agency obtained customer data from telecom companies 19,000 times in one year, but it obtained a warrant in fewer than 200 of those cases.

Do Canadians have a problem with telecom companies handing out their personal information left, right, and centre? Yes, we do. This is not 1984 or Brave New World. The idea of a Conservative Big Brother does not sit well with Canadians.

That said, it is generally understood across the board that police need information to catch criminals and to protect Canadian society. There is no time to get a warrant when a life is in danger, when a life is in jeopardy.

However, this is beyond that. At least 1.2 million requests for personal information, most times without a hint of a warrant, is a staggering statistic. The current Conservative government is paying to access our personal information, to the tune of between $1 and $3 for each request.

More than two years ago in this House, the former minister of public safety, Vic Toews, introduced Bill C-30, a bill to expand police surveillance of the web. At the time, he said “[You're either] with us or with the child pornographers”. That statement got the attention of all of Canada, and the immediate and appropriate backlash forced the Conservatives to back down, to walk away from the bill.

Since that outrageous bill was dropped and Toews was appointed to the Manitoba bench—but that is another story—the current government has introduced other legislation to this House that it says will protect the privacy of Canadians. In fact, the legislation may actually increase spying on Canadians without a warrant. The first example, Bill C-13, is a bill that is aimed at tackling cyberbullying and is expected to expand warrantless disclosure of Internet and cellular subscriber information to law enforcement agencies. Another example is Bill S-4, the digital privacy act, which would extend the authority to disclose subscriber information without a warrant to private organizations, not just law enforcement agencies.

The government has a bad habit of doing through the back door what it cannot do through the front door. The current government also has some hypocritical tendencies. On the one hand, the Minister of Industry argued that the long form census was intrusive, so the Conservatives eliminated it. On the other hand, this administration has no qualms and sees nothing wrong with invading the private information of Canadians and not telling them about what it is doing. It has repeatedly introduced legislation that would make it easier for Conservatives to snoop on Canadians.

Here is another example of hypocrisy. This country's information watchdog has said that it has been flooded with complaints that the current Conservative government is too often citing security in order to withhold documents requested under the Access to Information Act. The Conservatives are using the security excuse to withhold public information at the same time that the floodgates are open on the personal information and security of Canadians.

We live in an age when technology is advancing at an incredible pace and rate, yet the Privacy Act that is meant to protect the privacy of Canadians and keep government accountable has not been updated since 1983. That was before the Internet, Google, email, Facebook, and Twitter. Another act, the Personal Information Protection and Electronic Documents Act, has not been updated since 2000, also before social media was born.

New Democrats believe that privacy laws should be modernized. We also believe they should be strengthened, not weakened, to better protect the personal information of Canadians. We also believe we can pursue bad guys and throw the book at them without treating law-abiding Canadians like criminals and violating their rights.

I will end with words from Edward Snowden, the former U.S. intelligence contractor, who said last week that state surveillance today is a euphemism for mass surveillance. He said:

It's no longer based on the traditional practice of targeted taps based on some individual suspicion of wrongdoing. It covers phone calls, emails, texts, search history, what you buy, who your friends are, where you go, who you love.

In so many ways, the Internet and social media are the new frontier. They are still the new frontier. It is our duty to ensure that laws and security do not fall to Big Conservative Brother.

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / 1:25 p.m.


See context

NDP

Mathieu Ravignat NDP Pontiac, QC

Mr. Speaker, I have the honour of rising in the House on behalf of the people of Pontiac to support the opposition motion moved by my hon. colleague, who does an excellent job when it comes to protecting the privacy of Canadians in the digital age.

I will be sharing my time with the wonderful member for St. John's South—Mount Pearl, who tells me that his riding is the most beautiful in the country. However, I have to disagree with him because surely Pontiac is the most beautiful.

The subject of this motion could not be more important: the privacy of Canadians. The good people of the Pontiac are as concerned as other citizens that the increasingly technological world we live in should respect the privacy of individuals. This privacy may be breached in all sorts of ways today, but governments, as well as companies, have a fundamental responsibility to ensure that they protect the private lives of Canadians.

To me, the privacy of Canadians is sacrosanct. We are a G7 country where democracy has been stable, and we have a duty to our fellow citizens in this regard. However, we must remain constantly vigilant when the government begins to creep into the lives of Canadians. This is a slippery slope in any democracy, and certain inherent dangers exist in the sharing of private information with the government. This begs the question: what limits are imposed on governments today when they request information that is not voluntarily given by Canadians?

We have learned recently that Canadian law enforcement agencies have begun to request massive amounts of information on Canadians from telecommunications companies. Due to advances in technology, it is the telecommunications sector, and providers in particular, who collect massive amounts of data about their subscribers.

What is worrying is that this is not the first time we have heard this. In 2011, according to the Privacy Commissioner, telecommunications providers responded to 1,193,630 requests for the personal information of Canadians. That is an average of one request every 27 seconds. This does not even cover it, since only three of the nine major telecom companies actually informed the commissioner's office of how many times they granted the government's request for consumer data.

Of this staggering number of requests, figures provided to the office in late 2011 show that wireless telecom companies complied with the government's request for customer data, and the vast majority of these requests were done without a warrant or even information sent to the individuals concerned. No consent was sought, and no consent was given.

The situation is so bad, and so many requests have been made, that one major company actually had to install a mirror of their data on a network so that it could send this raw data traffic directly to the federal authorities requesting it.

A concerted government response is clearly required and urgently needed to protect the privacy of Canadians. Instead, seemingly to have an increased amount of information on Canadians, the government has actually eroded the protection of the privacy of Canadians since it formed government. Whether this has been on purpose or by accident, we can judge the consequences.

For example, it has consistently refused to update any of the laws that keep the government accountable with regard to the privacy information of Canadians. The privacy laws have not been updated since the 1980s. That was before Facebook. In fact, the Internet was in its infancy back then. We have to do better.

By allowing thousands of breaches of personal information, the government has also consistently shown itself to be incapable of adequately protecting Canadians' privacy within its own departments, as we have seen with the recent Heartbleed situation or as one can recall from the letter debacle at the CRA. Contradictions abound, because under the pretext of protecting the privacy of Canadians and while decrying heavy-handed government, the industry minister argued that the long form census was intrusive and eliminated it, yet the government sees nothing wrong with invading Canadians' private information without a warrant and without even telling them.

It has repeatedly introduced legislation that makes it easier for Conservatives and the government to snoop on Canadians. For example, we can remember the public safety minister's introduction of the infamous Bill C-30, known as the online snooping bill. Fortunately, Canadians were paying attention. They were outraged, and the government was forced to back down. Since then, though, Bill C-13, the government's cyberbullying law, though well-intentioned, includes lawful access provisions that would expand warrantless disclosure of information to law enforcement by giving immunity from any liability to companies holding Canadians' information if they disclose it without a warrant. This makes it more likely that companies would have to hand over information without a warrant, as there are no risks they would face or any criminal or civil penalties if they do so.

We can also mention Bill S-4, the new so-called digital privacy act, which would go even further and allow private sector organizations to hand over Canadians' private information. This again could be done without consent and without a court order to any organization investigating a breach of contract or potential violation of any law. This could also be done in secret, without the knowledge of the affected person.

We may, quite reasonably, ask why the government is not taking the privacy of Canadians more seriously. Where is the libertarian zeal that motivated so many of my colleagues on the other side of the House, the idea that government was too big and too intrusive in the lives of Canadians? The reality is that government has crept more into the lives of Canadians under the watch of this government than at perhaps any other time in Canadian history.

Many questions remain unanswered. The citizens of my riding would like to understand why breaches to their privacy are happening more and more frequently. The onus is on the government to prove there is enough crime or potential terrorism or other matters of national security to justify 1.2 million requests for personal information in a single year.

However, what concerns me the most is the lack of due process. It seems to me that when law enforcement agencies decide they want private information on citizens, at the very least there should be a good cause for them to seek it. In our current situation, that determination is assured by the warrant process. If a request does not meet the requirements of a warrant, then it should simply not be made.

Since I am short on time, I will skip ahead. Essentially, Canadians have a right to know who is snooping on them and how they are doing it. I just do not understand why the Conservative government does not simply come clean with Canadians and give them the whole picture of what is really going on. On our side of the House, we want this information to be provided to Canadians as rapidly as possible.

Canadians understand that law enforcement agencies need information to track down criminals.

However, the fact that the government is requesting Canadians' personal information from telecommunications companies without a warrant 1.2 million times a year is completely unacceptable. The problem with warrantless disclosure is that it is uncontrolled and results in information being disclosed much more frequently than is justified.

In conclusion, it is clear that our privacy laws need to be updated in order to better protect Canadians' personal information. These laws must not be weakened. We need to be able to take effective legal action against criminals without infringing on the rights of law-abiding Canadians and treating them like criminals.

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / 12:55 p.m.


See context

NDP

Charmaine Borg NDP Terrebonne—Blainville, QC

Mr. Speaker, although I appreciate the fact that they are participating in the debate, I have to say that the Conservatives seem a little confused. This is not a debate on Bill S-4; this is a debate about an NDP motion to make the system for the disclosure of telecommunications information to government agencies more transparent.

I would like to ask my Conservative colleague the following question. It costs between one and three dollars every time a government agency or department makes a request for personal information from a telecommunications company. If we add that up, it costs at least $1.2 million and as much as $3 million every year. How can the member justify these costs to the citizens who elected him?

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / 12:50 p.m.


See context

Conservative

Dave Van Kesteren Conservative Chatham-Kent—Essex, ON

Mr. Speaker, I am pleased to rise in the House today to highlight the measures that our government has taken to protect the privacy of individual Canadians.

First and foremost, I would like to discuss Bill S-4, the digital privacy act. The bill would make important amendments to the Personal Information Protection and Electronic Documents Act, otherwise known as PIPEDA, with the express purpose of providing new protection for Canadians when they surf the web and shop online. PIPEDA was passed in the House of Commons in 1999 and implemented in 2001. There is nothing new about it, and there has been no mention from the opposition on amendments since that time. With Bill S-4, the government would implement new measures to better protect the personal information of Canadians.

Let me speak a little about PIPEDA in general. PIPEDA is our primary piece of legislation that lays out the ground rules for how private sector businesses collect, use, and share personal information. What kind of personal information are we speaking about? It includes name, age, banking records, shopping history, et cetera.

We know that this kind of information is gathered by many companies and organizations in the course of their day-to-day transactions. The fear, of course, is that in the wrong hands this kind of information can be exploited. In the worst cases, it is used to commit fraud, identity theft, or other harmful acts. To combat these kinds of malicious deeds, the digital privacy act would implement tougher rules to protect the privacy of Canadians.

Protecting Canadians is a major pillar of digital Canada 150, which the Minister of Industry launched last month, to help our country take full advantage of the economic opportunities of the digital age. Under the pillar of protecting Canadians, the digital privacy act would protect consumers online, simplify rules for businesses, and increase overall compliance with our privacy laws.

Before we tabled Bill S-4, the government consulted the Privacy Commissioner and got her views on how to best move forward with modernizing Canada's intellectual property laws. The minister spoke to her again before tabling the legislation. In fact, here is what she said about our digital privacy act and our efforts to best protect Canadians online. She said she welcomed the proposals in the bill. She said this bill contains “very positive developments for the privacy rights of Canadians”.

In addition, the NDP digital critic, the member for Terrebonne—Blainville, said this about our government's digital privacy act: “Overall, these are good steps. We have been pushing for these measures and I'm happy to see them introduced”.

The first element I would like to touch on is a familiar one to Canadians in this digital age, data breaches. New rules in the digital privacy act would require organizations to tell Canadians if their personal information has been lost or stolen. As part of this notification, organizations would also have to tell individuals what steps they can take to protect themselves from potential harm, actions that could be as simple as changing their credit card PIN or email password. At the same time, the bill would require organizations to report these data breaches to the Privacy Commissioner of Canada. With the passage of the bill, organizations that deliberately break the rules would face significant penalties, of up to $100,000 for every individual they fail to notify.

In keeping with the motion before us and its reference to the Privacy Commissioner, I would like to address the changes in the digital privacy act that would ensure that the Privacy Commissioner has the right tools to help protect Canadians' privacy. Bill S-4 would give the Privacy Commissioner the ability to negotiate voluntary compliance agreements with organizations. Under these agreements, organizations would make binding commitments to ensure the privacy of Canadians. This would allow organizations to be proactive and work collaboratively with the Privacy Commissioner to quickly correct any privacy violations that may have been discovered. In exchange, those organizations can avoid costly legal action. At the same time, the agreements would be binding and would give the Privacy Commissioner more power to hold organizations accountable in court and make sure that they follow through on promises to fix privacy problems.

The digital privacy act will also provide the commissioner with more power to name and shame companies that do not play by the rules. This will ensure that Canadians are informed and aware of issues that affect their privacy.

Finally, the digital privacy act will extend the timeframe, to one year, for Canadians as well as the Privacy Commissioner to take a company to court. Under the current rules, the Privacy Commissioner has only 45 days. In many cases, this is not enough time for an organization to either voluntarily fix the problem or for the Privacy Commissioner to prepare a proper application.

At all times an individual's right to privacy, as guaranteed by the Canadian Charter of Rights and Freedoms, must be respected. Despite any exception provided for in PIPEDA, law enforcement agencies must respect the charter and have a warrant or other justification to obtain private information.

Equally important in any of these circumstances, nothing in PIPEDA forces a company to turn over private information to police, government agencies, other private companies, or anyone. PIPEDA protects privacy; it does not force companies to violate it.

Bill S-4 makes sure that organizations can share information with appropriate authorities in situations that would involve providing information that will allow police to contact and communicate with the family of an injured or deceased person, sharing information in order to detect and prevent fraud, or allowing organizations to report suspected cases of financial abuse to appropriate authorities. All of these exceptions are clearly defined, and limited to circumstances where sharing this information is in the best interests of the persons involved.

Here is an example. Let us say that a bank teller notices a regular customer, a senior citizen, has been coming in lately with another person who is unfamiliar to the teller. They are making more frequent withdrawals, for more money than usual. The teller witnesses the senior handing over the withdrawn cash to the unfamiliar person. Most tellers or financial institutions would like to have the power to inform appropriate parties of this situation, such as the police, public trustees, or the client's next of kin. At the moment, our privacy law prevents the bank from informing those people who could help. The digital privacy act will remove this barrier and make sure that suspected cases of financial abuse can be reported, and the interest of seniors protected.

The digital privacy act also creates new rules whenever an organization asks an individual for their approval to collect, use, or share their personal information. This new measure will establish stronger protection for the privacy of more vulnerable Canadians, such as children. As children and adolescents spend an increasingly large amount of time online, it is important that they clearly understand the choices in front of them before they hand over private information about themselves.

The digital privacy act strengthens informed consent. Informed consent means that individuals are not just told of what is being done with their information, but that they understand the potential consequences of clicking on yes or no.

This change will require organizations to clearly and plainly communicate with their target audience when asking for their consent to collect personal information. They will have to consider whether their target audience is able to understand the consequences of sharing their personal information.

I am very proud of this aspect of Bill S-4. Given the proliferation of iPads, laptops, and BlackBerrys among our youth, the stronger rules included in this bill will make sure that individual Canadians, in particular children and adolescents, can understand the potential consequences of the choices they make.

In conclusion, the elements of the digital privacy act that I have laid out today have been carefully thought out, with the best interests of all stakeholders in mind. Our government is confident that by better protecting consumers, streamlining rules for business, and increasing compliance, the digital privacy act will make Canadians safer and more secure.

The digital privacy act will strengthen Canada's privacy laws by making sure that Canadians are informed if their privacy has been put at risk, and by holding to account those organizations that deliberately break the rules.

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / 12:45 p.m.


See context

Liberal

Sean Casey Liberal Charlottetown, PE

Mr. Speaker, Bill C-13, presently before committee, contains in it an immunity for the voluntary, secret, and warrantless disclosure of information by telephone companies. Bill S-4, presently before the Senate, expands the entities that can receive this information, so the two of them added together would result in greater lawful, warrantless, and secret disclosure of Canadians' subscriber information.

Does the minister not feel that Canadians have any right to know when and how their subscriber information is being disclosed to an increasingly broad audience?

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / 12:15 p.m.


See context

NDP

Charlie Angus NDP Timmins—James Bay, ON

Mr. Speaker, I am very pleased to rise today on this very important issue. The New Democratic Party calls for accountability and an explanation on behalf of Canadians into the widespread spying and interference of Canadians' Internet use and their cellphone use under the current government.

What we are asking for today is eminently reasonable. We are asking simply to ensure the powers of the Privacy Commissioner of Canada, the member who represents us as a parliamentary officer, who represents the Canadian people, and that she have the authority to ensure that the laws of this land are being followed.

Now, we have a government, of course, that will do anything it can to obstruct the work of the offices of Parliament because right now the offices of Parliament are about the only bulwark standing in the way of the numerous underminings of Canadians' legal rights, and even the illegal activities that are being undertaken by the Conservative Party.

It has been said that one of the foundations of a democracy is to ensure maximum transparency for government and maximum privacy for citizens. However, the current paranoid and secretive government has flipped it. The Conservatives have maximum privacy for their black holes of administration where they refuse to answer the simplest questions, and they are getting maximum transparency on the lives of Canadian citizens to the tune of 1.2 million requests of telecoms last year.

Now that is a conservative number, and I say “conservative” in the way the Conservatives have begun to use this, because not all the telecoms bothered to even respond to the Privacy Commissioner of Canada. That is a very disturbing trend.

What does the 1.2 million requests mean? It means that every 27 seconds someone from a government agency, who, we do not know; for what reason, we do not know; for what possible motive, we do not know; picks up a telecom and asks for information about the private lives of Canadian citizens, and gets it without warrant.

Let us debunk the excuses we have heard from the Conservatives on this.

First is the bogeyman excuse. Conservatives use the bogeyman all the time. The bogeyman is out there roaming the streets. The member for Oak Ridges—Markham the other day made it sound like his neighbourhood was a case of Shaun of the Dead. There are these violent criminals and terrorists all over the place and so the Conservatives have to be able to call up a telecom immediately to gather any information they need whenever they want it.

Those laws already exist and it is fairly straightforward to get information if a violent crime is occurring. However, we are being led to believe that the bogeyman is out there and the current government has to stop it.

How does the government define terrorists?

I think we should say that, in this whole piece on spying, we are dealing with the revenge of Vic Toews. I refer members back to February 2012 when Vic Toews branded the new anti-terrorism strategy, “building resilience against terrorism: Canada’s counter-terrorism strategy”.

The government was going to go after terrorists, which included domestic extremism that is “based on grievances--real or perceived--revolving around the promotion of various causes such as animal rights...environmentalism and anti-capitalism”.

If a person is against the Northern Gateway Pipeline, under the current government's framework, he or she is a potential terrorist. Therefore, the government can decide to follow his or her movements, as he or she is one of the bogeymen.

A concern about animal rights is not that of concern for animal rights such as our Prime Minister's wife who tells us that 1,000 murdered or missing women may be a great cause, but they are here for abandoned cats. The government is probably not spying on the Prime Minister's wife. However, someone else who might have concerns about animal rights, and it is in there, is a potential terrorist and worthy of picking up the phone.

One of the other excuses is that the Conservatives are not asking for anything that is not already the norm. It is just like picking up a phone book and looking up a number. Calling a telecom and demanding private information on Canadians is just like using a phone book.

The Privacy Commissioner of Ontario, Ann Cavoukian, says that is a load of bunk. She said the following about getting even basic subscriber information such as ISP numbers:

...customer name and address information ties us to our entire digital life, unlike a stationary street address. Therefore, “subscriber information” is far from the modern day equivalent of a publicly available “phone book”. Rather, it is the key to a much wider subset of information.

Then the Conservatives say, “Don't you trust our police?” We certainly would trust the police. However, we also see that Ann Cavoukian has said that at no time have Canadian authorities provided the public with any evidence or reasoning that Canadian law enforcement agencies have been frustrated in the performance of their duties as a result of shortcomings in the current law. The privacy commissioners in their joint letter, also write to the Prime Minister saying, “The capacity of the state to conduct surveillance and access private information while reducing the frequency and vigour of judicial scrutiny” is the heart of the issue.

We all remember when Vic Toews stood up in the House and told Canadian citizens who were concerned about the fact that they were being spied on, that they were basically in league with child pornographers if they had the nerve to stand up for them. That was such a boneheaded move and it caused such a blowback on the government that they had to retract the legislation. Why would the Conservatives show intent on pushing that through? We now know, they were trying to legalize what has become the common practice. Their shadow world of spying on Canadians is not legal. Gathering this information without warrants is not legal. This is why they put forward Bill C-30, to attempt to deal with it. We all remember Vic Toews had one of those pieces, “The Minister may provide the telecommunications service provider with any equipment or other thing that the Minister considers the service provider needs to comply with” their ability to spy on Canadians.

That seemed like such a bizarre request at the time, but we have seen with the NSA and the widespread spying on American citizens and citizens around the world is exactly what Vic Toews was getting at, which is the ability to create mirror sites. The fact that we just learned in Der Spiegel that the NSA tapped the underwater cable network between Europe and U.S.A. to listen in on what ordinary citizens were doing on the Internet. The Conservatives have the same vision. They wanted to legalize that ability, and they were frustrated.

We are hearing the biggest excuse from the Conservatives. They realize the Vic Toews approach of accusing ordinary Canadians of being like child pornographers really did not work, but now they would reassure Canadians that they would fix it. They will fix it all right. They will fix it so that not only they will get to spy on Canadians, but anybody who wants to will be able to spy on Canadians: corporations can spy on Canadians, and all manner of very dubiously named authorities now will be able to spy.

Let us go through some of the issues on Bill S-4 and Bill C-13. According to Michael Geist, Bill S-4 will “massively expand warrantless disclosure of personal information”, because under Bill S-4, “an organization may disclose the personal information without the knowledge and consent of the individual...if the disclosure is made to another organization”. Not the laws of the land, not the RCMP, not anti-terrorism units, but if an individual is in dispute with a corporation over some contractual obligation, it can call their telecom, have their information handed over and they will not be told.

The Conservatives will certainly fix it. They will fix it to make widespread snooping of everything we do all the time perfectly legitimate for any corporation that just phones up and says it wants to know what they are doing on the Internet.

That is not all. Let us look at Bill C-13, which will give a public officer or a peace officer the ability to call telecom, demand information, and the telecoms will receive legal immunity for passing over this private information.

An interesting article in the National Post points out that Rob Ford will now be able to make these requests, because, oh, yes, he is a public officer, and under the act, if Rob Ford wants to find out what his neighbours are doing, interfering with the drug gangs in Rexdale with whom he might be friends, he would actually be able to make the calls.

The Criminal Code describes these peace officers, public officers, as including reeves of small towns, county wardens, who would be able to get information, and even people designated under the Fisheries Act. However, there is another element that is really important. Under the present laws, even with all this snooping that is going on, it has to be part of an investigation. The government would remove the caveat that says this snooping, this spying on the rights of Canadians does not have to have anything to do with an investigation. If the Conservatives want a fishing trip, if they want to keep tabs on them, they will be able to do so.

This needs to be dealt with. This is a government that is spying on law-abiding citizens and treating them as criminals, and it needs to be held accountable for this abuse of Canadians' rights.

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / 12:10 p.m.


See context

NDP

Charlie Angus NDP Timmins—James Bay, ON

Mr. Speaker, I want to thank my hon. colleague. I have great respect for the excellent work she does for Canadians on this very important file.

I would like to ask her about the spin we are hearing from the government. Conservatives keep changing their story about how they actually somehow care for Canadians' private information, and the Minister of Industry is telling us that Bill C-13 and Bill S-4 will fix the problem. They will fix it, all right.

Under Bill C-13, anyone designated as a public officer will be able to gather information without a warrant. It is in the bill. Under clause 20, what a peace officer or public officer would be in the Criminal Code would include wardens, reeves of small towns, sheriffs, justices of the peace, and persons designated under the Fisheries Act, meaning that the Fisheries Act would be able to get information from the telecoms about folks in Timmins—James Bay who are out fishing. Of course, mayors are included as well.

It seems to me that the government is now moving backward to actually legalize widespread snooping and open up snooping to all manner of people who have no business being able to find out personal information, what people do on the Internet, or who they phone.

I would like to ask my hon. colleague why she thinks the government is telling Canadians that allowing widespread snooping by wardens, reeves, sheriffs, mayors, and people designated under the Fisheries Act will somehow protect Canadians' privacy.

Opposition Motion—Safeguarding of Personal InformationBusiness of SupplyGovernment Orders

May 5th, 2014 / noon


See context

NDP

Charmaine Borg NDP Terrebonne—Blainville, QC

moved:

That, in the opinion of the House, the government should follow the advice of the Privacy Commissioner and make public the number of warrantless disclosures made by telecommunications companies at the request of federal departments and agencies; and immediately close the loophole that has allowed the indiscriminate disclosure of the personal information of law-abiding Canadians without a warrant.

Mr. Speaker, I would like to begin by stating that I will be sharing my time with my colleague from Timmins—James Bay.

I am very pleased today to move this motion to ensure that justice is served for Canadians. However, I am very disappointed to have to rise once again to protest this government's extremely reprehensible actions.

I would have thought that, after three years, it would have finally understood. However, once again, the government has been caught spying on its own people.

With such ridiculous statements as, for example, if we did not support bill C-30 we were siding with pedophiles, the government has constantly tried to minimize the impact of its proposed measures on the lives of Canadians, all the while boasting and insinuating that it is proposing reasonable and necessary measures, which has been proven to be false by many impartial stakeholders.

The Conservative government called our assessment “speculation and unwarranted fearmongering” or a series of outlandish conspiracies made up by the NDP. After being harshly criticized by the public, media, and civil liberty and rights groups, as well as by privacy experts, the government finally listened and withdrew these bills or let them die on the order paper.

However, we still need to point out that exploiting the personal information on Canadians without reasonable cause and without a warrant is a huge violation of their privacy. I do not think I have heard about 1.2 million criminals being convicted of accessing personal information in 2011.

Last week, new revelations showed that government agencies and departments allegedly asked telecommunications companies to share personal information with them without a warrant. Not once, not a hundred times or a thousand times. They asked 1.2 million times.

We condemn this highly questionable tactic, since there is no legislative oversight to determine whether the government's reasons for accessing this information were valid.

Like many Canadians, I understand and support the need for security authorities to have the tools they need to fight crime in our country and to make us feel safe at home.

However, how can the government justify 1.2 million requests in a single year to achieve that goal? That happened in 2011, and the government was not required to explain what this information was necessary or how and for what it would be used.

When I think of the majority of Canadians who abide by the law and who could be affected by these requests, I find it unacceptable, disgusting and incomprehensible that the government is treating them like criminals.

The privacy of Canadians has been taken lightly by past Liberal and Conservative governments for far too long, and Canadians affected by the thousands of data breaches in government agencies are paying the price. To hear that the government is snooping on them as though they were common criminals when they have done nothing wrong is another blow on top of it all. Last week the government tried to make us believe these requests were made for public safety reasons, but let us look at the case of the CBSA.

In response to my order paper question, after reviewing the number of requests made from the CBSA in one year, we find that no requests were made in exigent circumstances. The 18,849 others were made in non-exigent circumstances. From these requests, only two were made for national security reasons, none for terrorism alerts, none for foreign intelligence, and none on the grounds of child exploitation, so it is hard to believe the government when it says that these millions of requests were made for national security reasons when the numbers speak a very different truth.

Canadians understand that law enforcement institutions need information to identify, catch and judge criminals. However, when the government makes 1.2 million requests for Canadians' private information from telecommunications companies per year, that is not just about cracking down own crime; that is spying.

The vast majority of Canadians are law-abiding. There is no reason for the government to engage in such broad spying activities. If the Canadian government decides to spy on its own citizens, it should do so only if it has reason to suspect them and only with a warrant.

If the law permits this kind of warrantless spying, the law must be changed immediately, and that is what the NDP is trying to do today. If the government needs a warrant to listen to Canadians' phone conversations, the same should apply to their online activities.

We understand that certain extremely urgent circumstances do not permit the obtaining of a warrant. However, the information we received from the Privacy Commissioner last week goes far beyond the imaginable: 1.2 million requests for subscriber data without a warrant is unacceptable and unjustifiable.

In Canada, we are very lucky to have a legal framework for obtaining a warrant. That framework protects Canadians and prevents abuses by the authorities. Unfortunately, there is a loophole in the system the Liberals introduced.

Today, the Conservatives are taking advantage of that loophole to spy on their own citizens. Clearly, the government is no longer in control of the warrantless disclosure procedures.

As I said earlier, the Conservatives' spying cannot be justified on national security grounds. Moreover, it is done in secret. The Privacy Commissioner is not even informed.

If the government had a real, viable motive for snooping on Canadians, it would have no problem whatsoever with warning Canadians when they were being snooped on, it would have no issue working with the OPC, and it would strengthen our laws to better protect Canadians against these types of abuses.

We do not know why, how often or how long the government has been spying. What is even more incredible is that the Conservatives have long been trying to expand the legal framework around requesting information without a warrant. If the government decides to spy on Canadians, there should be just cause, it should be overseen by the courts and it should happen only under exceptional circumstances.

What is even more ridiculous than the government's unwillingness to protect Canadians' privacy is its complete lack of understanding about the scope of the problem. Just last week, the Privy Council Office asked that all departments provide details about the number of personal information requests submitted to various telecommunications companies over the past three years.

That proves that the government has abused the loophole in the law to the point where it has lost control of its departments on this issue.

The Conservatives have proven that they are unable to protect the privacy of Canadians. The Privacy Act dates back to 1983, before the arrival of the Internet, and PIPEDA has not been updated since 2000, before the age of social media.

Instead of strengthening the laws and increasing government accountability, the Conservatives are moving in the other direction. Instead of protecting Canadians' privacy, Bills C-13 and S-4 will increase the likelihood that the government will spy on its own citizens. From an ethical standpoint, that is extremely problematic.

With Bill C-13 alone, the government would expand the number of people who can make requests for subscriber data so that even people like Rob Ford could access our personal information. It would create legal immunity for voluntary disclosure of personal information and it would expand the circumstances under which personal information could be disclosed.

As if that were not enough, the government is using taxpayers' money to spy on them. Government agencies pay telecommunications companies between $1 and $3 for each information request. That means that, at the very least, Canadian taxpayers have paid between $1.2 million and $3.6 million to be spied on. I say that is the minimum because only some of the telecommunications companies have disclosed how often they provide information to the government.

If all of those information requests were justified, and if the telecommunications companies were not worried about disclosing their practices, I would likely not be making this speech today. Unfortunately, the Conservatives are trying so hard to hide their spying that it is worrisome.

What are they using all that personal information for? Can they even justify the importance of the information? It is clear that the government believes that Canadians are criminals because it spies on them without their knowledge, as though it suspected them of something. This motion defends the privacy rights of law-abiding Canadians, and it is meant to counter the government's nefarious attempts to get information by the back door.

Since becoming the critic for digital issues, I have risen dozens of times to draw attention to and criticize the alarming state of our privacy laws. Laws that are meant to properly protect us in the digital age should have been revised years ago and are now unsuitable for protecting the public and our children.

In my time as opposition critic for digital issues, I have seen not one but four different pieces of legislation introduced in the House that would facilitate government snooping instead of fixing the problem.

Canadians are worried. They are right to be. The Internet that they have known as an open and free space for social and political discussions is threatened by the snooping of their very own government. Law-abiding citizens should be able to benefit from the Internet without the threat of being treated like common criminals.

I ask all my colleagues to vote in favour of our motion in order to restore Canadians' trust in matters concerning the protection of their privacy and of the Internet as the social and political tool it should be.

PrivacyOral Questions

May 2nd, 2014 / 11:40 a.m.


See context

Oak Ridges—Markham Ontario

Conservative

Paul Calandra ConservativeParliamentary Secretary to the Prime Minister and for Intergovernmental Affairs

Mr. Speaker, the hon. member knows quite clearly that Canadians' personal information that is protected by the charter requires a warrant. Moreover, the legislation that governs this, of course, was introduced by the Liberal Party, and we had not heard a word from the Liberals until a couple of days ago that there were any problems with it.

Having said that, we did recognize that some updates needed to happen. That is why we brought a bill forward, Bill S-4, which will address this even further. We have been consulting, and we have spoken to the Privacy Commissioner. I would suggest that the opposition support that bill.

PrivacyOral Questions

May 2nd, 2014 / 11:30 a.m.


See context

Oak Ridges—Markham Ontario

Conservative

Paul Calandra ConservativeParliamentary Secretary to the Prime Minister and for Intergovernmental Affairs

Mr. Speaker, it seems that the opposition is finally moving in the right direction. I know that yesterday the Liberals said it was millions and millions of Canadians who were being spied on. Then it was 1.2 million to two million from the NDP. Now it is thousands. I am sure by next week, the truth will actually be talked about by the opposition. What we are doing here is that the telecoms are being asked, in instances of national security, in instances when violent crime is taking place, to assist our authorities. There is, of course, civilian oversight to make sure that this is all done properly.

Moreover, any personal information protected by the charter requires a warrant. There is Bill S-4 in front of the Senate, which will help improve this even further.

Mathieu Ravignat NDP Pontiac, QC

Mr. Speaker, he is referring to the famous Bill S-4, as though it will fix everything. I do not know if they have read their own bill, but I must say that it will not change a thing. As long as the government continues to use national security as an excuse to invade the privacy of hundreds of thousands of Canadians, this problem will continue.

When will the government propose measures to ensure that telecom companies disclose the information collected on Canadians? When?