Bill C-11 (Historical)

Madam Speaker, I want to thank my hon. colleague for giving a great speech. It seems like nine years ago that we sat on the ethics committee, but I think it was only three years ago. We use the number nine a lot in the House.

Today, I want to speak about why nations fail. To quote Acemoglu and Robinson, “Nations fail today because their extractive economic institutions do not create the incentives needed for people to save, invest, and innovate.” As a whole, that also includes privacy: the right of businesses to operate and the freedom of citizens to operate.

We can go all the way back to something I am very fascinated with. North America and South America were founded around the same time, but how did North America end up becoming so rich and wealthy and South America did not? It comes down to those same pillars. We allowed freedom to operate. We allowed freedom for patents to be developed, especially in the Industrial Revolution. We allowed people the freedom to have their own land, to have privacy on their own land and to own businesses with patents, allowing privacy for those businesses to operate, to get investments and capital and to grow.

What we saw from that was a tremendous amount of wealth, more wealth than the world had ever seen. It formed a capitalist society that allowed wealth to be owned by individuals. People who used to be poor became wealthy, and that allowed a nation like Canada to have socialist capitalism. With this tremendous amount of wealth, there was the ability to have socialist programs like a universal health care system.

When we do not follow the narrow corridor, and it is a very narrow corridor, not only with liberty but also with capitalism and socialism, and we stick with the fundamentals of privacy, investment, free capital and patents, we lose the wealth of the nation. With that, the citizens suffer.

After nine years, we are seeing that reality here in Canada. We have the worst housing crisis this country has ever faced. Rents have doubled. Mortgage payments have doubled. The amount needed for a down payment has doubled. Nine million Canadians are now food insecure. That is one-third of Canadians, and that number in the U.S. is barely 13%.

We see the problem with businesses fleeing this country. We talk a lot about what that means for AI and having great ideas. We also talk about IP, the currency of innovation. When we look at what happens in Canada, the numbers are startling. Canada files 40,000 patents annually compared to the 374,000 the U.S. files, and only 13 out of 100 patents are owned by Canadians. That means we give away over 87% of our patents to foreign nations; we give that data away.

When we look at what that means for the Americans, we see they generate 12 million jobs and $2 trillion from patents and IP. Of course, AI is among that. In Canada, that number is less. The best way to look at it is by using GDP per capita or income per capita. The GDP per capita for Canada is $53,000, compared to $80,000 for the U.S., more than a 36% difference. We have seen less capital and less ability to invest, save and innovate.

We can couple that with the problems with the business investment and productivity we have seen in Canada and the lack of privacy. Of course, the government has tried, but as with a lot of things, it has tried and failed. It presented Bill C-11 before the last Parliament and could not get it through. In this Parliament, it submitted Bill C-27, and at the last minute, it threw AI legislation in it called the AIDA. What happened at committee? I know the Conservatives get blamed for this, but at committee, the Conservatives, the Bloc and the NDP all came together to say this bill was terrible in the way it was presented. Even the Liberals were filibustering it in committee at one point.

We need these bills to work. The Conservatives have been steadfast that privacy is a fundamental human right, and not only privacy for individuals in Canada but privacy for our children. We know the results of not having the right legislation come forward and not having privacy protection in Canada. We saw it at the ethics committee two years ago when we faced the daunting speculation of privacy in facial recognition technology.

This technology was misused. A company called Clearview AI scraped images off the Internet, and we know how many images are on the Internet. It scraped everyone's face off the Internet and sold those images, which should not be owned by anyone.

Privacy is a fundamental right. However, the thing we have come to also understand about AI, which was discussed at committee but was not in the legislation, is that it should never be able to use someone's face or likeness without their permission. Those are the biggest problems we are having. The biggest thumbprint we have, the most unique thing about us, is our face. Our colleague from the NDP brought this up, but the main point that came up at committee about facial recognition technology was this: When this technology was used by the RCMP and our police forces in Canada in terms of marginalized and minority groups in Canada, Black women and Black men, the technology misread their face and misidentified them 30% of the time. That is terrible.

Technology is supposed to make things better, and we could not believe what we were hearing. Police representatives were at this committee multiple times and testified that it misidentified these groups 30% of the time. That is a failure; it is ridiculous. This is something that should not be used. We went through all the reports on ethics and brought the final report to Parliament two years ago, in October 2022, with the recommendation to outlaw this technology until it gets better.

Here we are today, two years later, and this technology has not been outlawed. It has been in place for two years since the ethics committee found that there were these breaches. It is terrible that these breaches have been happening for so long. Today, as we stand in Parliament, facial recognition technology, which we call digital racism, is still allowed to be used in this country.

Again, it follows the bigger problems we have with the government, and not only with the recommendations that come from committee. The government always talks about filibustering. These are recommendations in a report that could have been done without Parliament's consent, because it was enacted by Parliament and came to the House to begin with. Here we are two years later, and that has not happened.

Let us talk about all the other things that have not happened either. With respect to privacy, Bill C-27 is still in committee based on, again, the fact that the Liberals are filibustering their own bill. It is just terrible and needs to be redone. I think we all agree on the first part of PIPEDA and how that is going to be done. The Liberals do not, but we agree that the tribunal should be eliminated and that more power should go to the Privacy Commissioner. Again, those privacy breaches and the rights should be governed by the Privacy Commissioner as a whole.

We looked at the proposed AIDA as a whole. AIDA was riddled with delays and inefficient guidance. It failed to provide the necessary oversight, allowing technologies such as facial recognition to remain largely unregulated. It was supposed to be prioritized legislation, yet it was wrong. The industry minister brought the legislation to the committee, and three months later, he brought 60 different amendments to his own bill. We had never even heard of that before, and it certainly was not a good bill.

I want to talk briefly about what is happening because we do not get privacy investment right in Canada. This is going to have long-term impacts. The capital gains tax hike is expected to reduce Canada's capital stock by $127 billion, resulting in 414,000 fewer jobs and a $90-billion drop in GDP. We cannot afford to lose control of our most valuable ideas or allow unchecked technologies to undermine our freedoms. Nations fail today because their extractive economic institutions do not create the incentives needed for people to save, to invest and to innovate.

The consequences are already visible. Nine million Canadians are food insecure. Two million Canadians are visiting food banks, and this rate is 36% higher than that in the United States. It is time to reverse course. Let us regain control over our privacy. Let us make sure we give those fundamentals back to save, innovate and invest back into Canadian businesses. Let us bring home capitalism once again, where people can make a good wage, have a good job and bring home savings for them and their families.

Madam Speaker, on September 19, Bill C-354, an act to amend the Canadian Radio-television and Telecommunications Commission Act regarding the cultural specificity of Quebec and the Francophonie was tabled and read for the first time. From the outset, I would like to thank the member for La Pointe-de-l'Île for giving me the opportunity to reiterate our government's commitment to supporting the French language.

Bill C-354 aims to amend the Canadian Radio-television and Telecommunications Commission Act, and this is closely tied to the government's ongoing work to ensure a broadcasting system in Canada that reflects the evolution of our digital world and in which all Canadians, including Quebeckers and members of the Canadian Francophonie, see themselves represented. In fact, closely linked is an understatement. The government's efforts have already been going very much in the same direction as the objective of this bill.

On February 2, 2022, our government introduced Bill C-11, aimed at reforming the Broadcasting Act so that Canadian laws reflect the evolution of our digital world. The latter aimed to clarify that online broadcasting services fall under the act, to ensure that the CRTC has the appropriate tools, to encourage greater diversity and inclusion in the broadcasting sector and to better reflect Canadian society.

The legislative process surrounding Bill C-11 took a very long time. Indeed, one year to the day passed between the initial tabling of the bill in the House and its adoption at third reading by the Senate. Both the Standing Committee on Canadian Heritage and the Standing Senate Committee on Transport and Communications spent many hours dissecting, analyzing, hearing from witnesses and refining Bill C-11. During the same legislative process, several modifications were made to Bill C-11 to strengthen the commitment to the French language and official language minority communities.

The Broadcasting Act, as recently amended, put in place new guarantees to ensure continued support for the production and broadcast of original French-language productions, the majority of which are produced in the province of Quebec. What is more, the CRTC is required to interpret the Broadcasting Act in a manner that respects the Government of Canada's commitment to promoting the vitality of Canada's French-speaking and English-speaking minorities and supporting their development. Added to this is the fact that the act provides that regulations must take into account regional concerns and needs. It should also be noted that the government is already actively consulting the provinces and territories, particularly when it comes to broadcasting.

At each stage of the process surrounding the implementation of the Online Streaming Act, the provinces and territories were consulted. In particular, the government consulted its provincial and territorial counterparts as part of the consultations related to the decree of instructions proposed to the CRTC concerning the implementation of the law.

The final decree also contains various instructions to support the official languages of Canada and official language minority communities. The decree recognizes, among other things, the minority nature of the French language in Canada and North America and the fact that the broadcasting system should promote the development of Canada's official language minority communities and promote full recognition and use of French and English in Canadian society. A section was even added to the final version of the decree to support the creation and availability of programming in French.

In addition, for its part, the CRTC has published a road map describing the main stages of the implementation of the act and is already actively consulting the public. It should be noted that as an administrative tribunal, the CRTC already holds in-depth consultations before making decisions under the rules of practice and procedure that it adopted in order to respect the principles of procedural fairness and of natural justice incumbent upon it. Provinces and territories have the opportunity to participate in CRTC consultations. To this end, the provinces and territories, including Quebec, can already present observations to the CRTC on issues of provincial interest during hearings and consultations.

It is important to specify that the Government of Quebec has the right and already uses its right to intervene in the CRTC's consultative processes. The Broadcasting Act provides for three forms of consultation, depending on the decisions it is considering. They are, in no particular order, one, with official language minority communities on any decision likely to have a detrimental effect on them; two, with CBC/Radio-Canada on its conditions of services; and three, with any interested party for decisions regarding conditions of services. The latter is an open consultation, where provinces and territories and, in fact, any interested intervenor can put forward their opinions and concerns.

In other words, the addition of the consultation obligation provided for by Bill C-354 could raise concerns that are being addressed in the course of the work of the CRTC and under the requirements of the Broadcasting Act. An obligation for the CRTC to consult elected provincial governments could also have an impact on public confidence and the independence of the CRTC. It is important that we are all mindful of not just the independence of the CRTC but the importance of that independence.

As outlined, “The CRTC is an administrative tribunal that regulates and supervises broadcasting and telecommunications in the public interest. [It is] dedicated to ensuring that Canadians have access to a world-class communication system that promotes innovation and enriches [the] lives [of Canadians].”

Further to this, under the section of the CRTC's own website entitled “We listen and collaborate”, it states that, in order to “fulfill [its] mandate, [it] must understand the needs and interests of Canadians who make use of broadcasting and telecommunications services.”

In conclusion, the government supports and will continue to support the French language. The Online Streaming Act and the act to amend the Official Languages Act are concrete examples of our commitment to the French language. Once more, the government regularly consults the provinces and territories, including Quebec.

The minister has consulted her counterparts on numerous occasions when it comes to regulating the broadcasting sector. The government will welcome any questions from members regarding Bill C-354 as the debate on this legislation continues.

Mr. Speaker, I am pleased to rise today to speak to Motion No. 426, which deals with Bill C-27. For those watching who do not know Bill C-27, it is the government's piece of legislation to update our privacy laws and introduce a new act on artificial intelligence.

As to the purpose of this motion, even though the bill went through second reading and is now awaiting study at the industry committee, we are asking that the bill be split in three, because it really is three separate bills. The first bill, as my colleague from Bay of Quinte just mentioned, is the part of the legislation that deals with updating the Privacy Act, including all of the privacy terms for protecting an individual's privacy and protecting the rights of others to use someone's privacy, that is, how they can or cannot use it. The second piece of the legislation would create a new agency called the privacy tribunal. It is really a separate piece of legislation. In fact, it is classified as a separate piece of legislation, an act within this act. Then the third piece is the artificial intelligence and data act.

It really is three pieces of legislation in one bill, and that is why we have moved this motion asking that the bill be split in three. It is a massive 120-page piece of legislative change impacting every person and every business in this country. It deserves to be studied as three separate pieces, and members of the House of Commons deserve to vote separately on those three separate pieces of information.

I will start with the first piece, which is the privacy piece. We talked at second reading about the difference between our views on the purpose of this bill, this act, and the government's views. The government made the claim that this bill was making greater steps toward protecting the personal information of the individual, yet that is not what the bill does.

Clause 5 is the purpose section, the most important section of any bill that sets out what the legal structure or purpose of legislation is. It says that it tries to balance the protection of personal privacy with the rights of businesses to use people's data. It puts business interests on a par with individual privacy interests. As my colleague from Bay of Quinte just said and as I said in my second reading speech, that is a fundamental flaw of this bill. The Privacy Commissioner has already spoken out about it.

There has been discussion about whether privacy is a fundamental human right. There is language on this in the preamble, but the preamble of the bill has virtually no legal impact. It says that privacy is among the fundamental rights people have, but it is not in the purpose section. We have been seeking and will be seeking a broad discussion at committee on that issue and the legal implication of it. The purpose section of the bill, clause 5, should say that the protection of personal privacy is a fundamental right. It is not balanced between business needs and individual needs but is a fundamental right.

That is important not only for the reasons that I just outlined, but because further down, clause 18 of the privacy part of the bill creates a concept called “legitimate interest” for a business. Clause 17, just prior to that, lays out that there has to be the express consent of an individual for a business to use privacy data, but clause 18 goes on to say that there is a legitimate interest for the business to not care about an individual's express consent. In fact, it lets a company say that if something is in its legitimate interest as a company, even if it causes individuals harm, it is okay for it to use their data for something that they did not give permission for. It says that right in the legislation.

This is a fundamental flaw of a bill that pretends to be protecting people's fundamental privacy rights. It in fact protects big corporate data and the right of big corporations to use our data however they wish. It does give additional power, which is needed, to the Privacy Commissioner in that, but the second part of the bill then takes it back with the creation of the privacy tribunal.

Maybe the best explanations of the privacy tribunal is to compare it to and understand the way the Competition Act works. There are two aspects to how we decide competition issues and appeals. One is the Competition Bureau that looks at merges and acquisitions, and it says whether they are anti-competitive or not and will rule on that merger. Then there is a Competition Tribunal, like the privacy tribunal as proposed in the bill, which is the legal framework where the law gets done and the battle gets fought between the company that thinks it should do the merger and the Competition Bureau that thinks it should not.

A classic example recently was the Rogers-Shaw takeover. Quite a bit of time was spent both through the Competition Bureau process and the Competition Tribunal process, which ruled whether that sale could happen and then whether an aspect of that sale, being the sale of Freedom Mobile to Vidéotron, could be done.

The government wants to create that kind of process in the privacy law now. It is a separate act that creates this bureaucracy and this appeal mechanism, where six individuals will decide, as a privacy tribunal, whether a company has breached a person's privacy rights. However, out of the six individuals, only three of them need to any familiarity with privacy law. The others do not need any familiarity with privacy law, no familiarity with business, no familiarity with human rights, nothing. They do not need any other qualifications other than, perhaps in this case, they are a Liberal and are appointed to this board.

I have discussed this with a number of law firms since the bill was tabled a year ago. These law firms have very different views about whether this speeds up or slows down the process of dealing with individual privacy law issues. We need to have a separate study within the committee on that aspect. In fact, I have been talking to the chair of the committee about that structure, trying to get the hearings to be set up in a way that looks at these three pieces separately.

The third piece, which my colleague for Bay of Quinte spoke eloquently about, is on artificial intelligence.

Remember, the first two parts of the bill are essentially a modest rewrite of a bill from the last Parliament, Bill C-11, when the government tried to amend these acts and then complained that the bill did not pass, because it called an early election. The Liberals could not figure out why it did not pass. However, the Liberals reintroduced the bill, but then they bolted on this other thing, which has absolutely nothing to do with the first two parts.

The third part is called the “artificial intelligence act”, but it has nothing to do with the privacy of individuals and it has nothing to do with the appeal of a person's privacy. It is all about how to regulate this new industry, and it gets it wrong. The government is basically saying that its does not know what artificial intelligence is, which is not surprising for the Liberals, but it is going to regulate it. It is going to define it in regulation, and the minister is going to be in charge of defining it. The minister is going to be in charge of setting the rules on whether the law has been breached. The minister is also going to be in charge of fining someone who has breached the law of this thing the government cannot define. It is a total usurping of Parliament. The Liberals are saying that they do not know what it is, but we should trust them, that they will never have to come back to Parliament to deal with this again.

We are asking the House to split the bill into three, because it really is three separate pieces of legislation. The government would have more success in its legislative agenda if it actually brought in these pieces properly, individually, rather than a mini-omnibus bill of different types of issues. Then they could be properly studied, properly amended, properly consulted on and properly dealt with by Parliament. The government is choosing not to do that, which is why it is having such poor legislative success in all of its efforts to date.

Madam Speaker, he is certainly better known for the way his trademark mangling and misuse of words and phrases has resulted in strangely keen insights that are still widely quoted today by many. I have a few favourites. One of them is “I didn't really say everything that I said.” Another one is “We made too many wrong mistakes.” Another is “Swing at the strikes.”

When I thought about Bill C-27 and preparing to speak today, it brought to mind Yogi-isms, and not only because those examples I just cited reminded me of the Liberals' poor approach to governance but because the title of this bill is a real mouthful at 35 words long. This brought that to mind as well.

For now, I will call it the consumer privacy protection act, but it is really summed up best by what is probably the greatest Yogi-ism of all, which is “It's déjà vu all over again.” That really speaks to it. The member was looking for me to tie it back in, so there it is. There is the tie back in.

Here we are in 2023 and here I am speaking on yet another rehash of another Liberal bill from years previous. They have a real penchant for that, these Liberals. They kind of remind me of Hollywood Studios that no longer seems to be able to produce an original script so it just keeps churning out sequels. If Bill C-27 was a film, one could call it “Bill C-11, the redo”. Bill C-27 is essential a warmed-over version of previous Bill C-11, the digital charter implementation act the Liberals introduced back in 2020.

It is not to be confused with the current Bill C-11, which is also making its way through Parliament and is the online streaming act and which also poses another threat to Canadians' privacy and online freedoms.

It is really easy to see a bit of a pattern evolving here. In any case, in May 2021 the Privacy Commissioner said the digital charter act “represents a step back overall from our current law and needs significant changes if confidence in the digital economy is to be restored.” It of course died when the Prime Minister cynically called an expensive and unnecessary election nobody wanted and everybody paid for and that did not change the Prime Minister's political fortunes one iota.

Bill C-27 carries the stamp of that former digital charter proposal, which Conservatives had concerns about then, and which we still have concerns about in its new form now. Some of the text is in fact directly lifted from Bill C-11 and the text of that bill is available for all to review.

Let us talk more about the impact of the bill's content, rather than the wording itself.

The bill purports to modernize federal private sector privacy law, to create a new tribunal and new laws for AI, or artificial intelligence, systems. In doing so, it raises a number of red flags. Perhaps the most crimson of those flags, for me, is that the bill does not recognize privacy as a fundamental right. That is not actually all that surprising, because this is a Liberal bill. I hear daily from Canadians who are alarmed by how intrusive the Liberal government has become, and who are also fearful of how much more intrusive it still seems to hope to become.

It just seems just par for the course for the government that, in a bill dealing with privacy, it is failing to acknowledge that, 34 years ago, the Supreme Court said privacy is at the very heart of liberty in a modern state, individuals are worthy of it, and it is worthy of constitutional protection.

When we talk about privacy, we have to talk about consent. We have seen far too many examples of Canadians' private and mobility data being used without their consent. I think some of these examples have been cited previously, but I will cite them again.

We saw the Tim Hortons app tracking movements of people after their orders. We saw the RCMP's use of Clearview AI's illegally created facial recognition database. We saw Telus' “data for good” program giving location data to the Public Health Agency of Canada.

These were breaches of the privacy of Canadians. There needs to be a balance between use of data by businesses and that fundamental protection of Canadians' privacy. The balance in this bill is just wrong. It leans too heavily in one direction.

There are certainly issues with user content and use of collected information. For instance, there are too many exemptions from consent. Some exemptions are so broad that they can actually be interpreted as not requiring consent at all. The concept of legitimate interests has been added as an exception to consent, where a legitimate interest outweighs any potential adverse effect on the individual. Personal information would be able to be used and shared for internal research, analysis and development without consent, provided that the content is de-identified. These exemptions are too broad.

The bill's default would seek consent where reasonable, rather than exempt the requirement. In fact, there are several instances where the bill vaguely defines terms that leave too much wiggle room for interpretation, rather than for the protection of Canadians. For example, there is a new section regarding the sharing of minors' sensitive information, but no definition of what “sensitive” means is given, and there would be no protection at all for adults' sensitive information. These are both problematic. De-identification is mandated when data is used or transferred, but the term is poorly defined and the possibility of data being reidentified is certainly there.

Anonymization or pseudonymization are the better methods, and the government needs to sharpen the terms in this bill to be able to sharpen those protections. An even more vague wording in the bill is that individuals would have a right to disposal, the ability to request that their data be destroyed. Clarification is certainly needed regarding anonymization and the right to delete or the right to vanish.

There are many more examples. I know my colleagues will certainly expand on some of those questions as posed in the bill. I know my time is running short. I want to speak to the individual privacy rights of Canadians briefly.

Canadians value their privacy even as their government continually seeks ways to compromise it. The Public Health Agency of Canada secretly tracked 33 million mobile devices during the COVID lockdown. The government assured them their data would not be collected, but it was collecting it through different means all along.

Public confidence is not that high when the Liberals start to mess in issues involving privacy. The onus should be on the government to provide clarity around the use and collection of Canadians' private information because, to quote another Yogi-ism, “If you don't catch the ball, you catch the bus home.”

Mr. Speaker, it is a privilege to rise in this House to speak to this piece of legislation. I would like to start today by saying a few words about how this bill is structured, and then I plan to use the majority of my remaining time to discuss the implications of this legislation regarding personal privacy rights.

When I look at this bill, my initial response is this: Should there really not be three separate pieces of legislation? One would deal with the consumer privacy protection act and issues related to modernizing PIPEDA, perhaps a second, separate piece would create the proposed personal information and data protection tribunal act, and a third, separate component, which should absolutely be its own legislation, would be for the section dealing with artificial intelligence.

AI may present similar, very legitimate concerns related to privacy, but the regulation of AI in any practical sense is almost impossible at this juncture because so many aspects of it are still very unknown. So much is still theoretical. So much of this new world into which we are venturing with AI has yet to be fully explored, fully realized or even fully defined. This makes regulation very difficult, but it is in this bill, so it forms part of this legislation.

We can see just how vague the language related to the AI framework really is. I understand why it is that way, and do not get me wrong; I think we need this type of legislation to regulate AI. However, in the same way, this is way too big a topic to delve into in a simple 10-minute speech. It is also too big a topic to drop into an existing piece of legislation, as the government has done here, basically wedging this section into what was known as Bill C-11 in the last Parliament.

I have deep concerns with AI. They are practical concerns, economic concerns and labour concerns related to the implementation of AI. I even have moral concerns. We have artificial intelligence so advanced that it can make decisions by itself. The people who have created that technology cannot explain how it came to those decisions and it cannot tell them. The capabilities of this technology alone seem almost limitless. It is actually a little scary.

Personally, I look at some of the work being done in AI and wonder if we should, as humanity, really be doing this. Just because we have the knowledge and capability to do something does not necessarily mean it is for the betterment of humanity. I wonder sometimes where this technology and these capabilities will take us. I fear that in hindsight, we will look back and see how our hubris led us to a technological and cultural reality we never wanted and from which we will never be able to return.

However, here we are, and we have this capability partially today. People are using it, and it requires some form of regulation. This bill attempts to start that important conversation. It is a good first step, and that is okay. I think this is one of those things where we need to start somewhere as we are not going to get it done all at once. However, again, given the enormity of the topic and the vast implications, it should be its own separate piece of legislation.

Those are my thoughts on the structure of the bill, and now I will shift gears to talk a bit about personal privacy.

Personal privacy is a fundamental right. Three decades ago, long before the advent of the Internet or smart phones, the Supreme Court of Canada ruled privacy is “the heart of liberty in a modern state”. It did not say that privacy was at the heart; it said privacy is the heart. Personal privacy is the fundamental right and freedom from which all other liberties flow, and with the advent of the Internet age, the age of the smart phone and the age of digitized everything, laws related to protecting the fundamental right to privacy must be updated. Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data. The question is, how do we realistically do that?

One of the reasons I am a Conservative is that I believe in individual rights and that rights and freedoms must be coupled with accompanying accountability and responsibility. This has to be a two-way street. Canadians need to be informed, and they need to be responsible and aware of what they are agreeing to, subscribing to and giving permission for. How often do we simply and blindly click “accept” without reading the terms and conditions for using a website, using an app or allowing others the use of our information?

I would be curious to know among my colleagues in the House, when was the last time they fully read the terms and conditions of a user agreement or a disclosure statement? Most of us just hit “accept”. We do not want to be bothered.

Recognizing this, can we really say the privacy of Canadians is being violated when many individuals live every moment of their lives posting in real time online for all the world to see, and access and just click “accept” without reading what they are agreeing to?

In this context, what is the role of government and what is the responsibility of the individual user? Government and businesses need to provide clear information, but people also need to be informed. They need to take responsibility.

I recall a while back when my office received an email on this subject of privacy. The individual was deeply concerned about web giants having access to his personal data. I had to laugh, because at the bottom of the email it said, “Sent from my Huawei phone”.

As a government creating legislation, where should those legal lines between consent and informed consent be drawn? As Canadians, we are a bit too quick to consent.

However, we have also seen far too many examples of Canadians’ private and mobility data being used without their consent. We heard about the Tim Hortons app that was tracking the movement of Canadians; how the RCMP was using Clearview AI’s illegally created facial recognition database; the public doxing of all those who donated to the freedom convoy; Telus giving location data to the Public Health Agency of Canada without a judicial warrant; and, in my view, the most egregious violation of privacy in generations, the requirement by the government and others for Canadians to provide their personal health data and information in order to work and/or travel.

If I am honest, it is this violation of privacy rights that makes me truly hesitant to support any effort by the government to strengthen privacy rights: first, because it has so flagrantly violated them, but also because I and a growing number of Canadians just do not trust the government. We do not trust it to keep its word. We do not trust it to create legislation that does not have loopholes and back doors that will give it the capability to violate individual personal freedoms.

Why? Because we have seen it from the Liberals. They want to control everything. There has never been a government that has had such an utter disregard for Canadians.

I have noted before that it was the Prime Minister's father who famously said that the government had no place in the bedrooms of Canadians. However, the current government not only wants to be in our bedrooms, but in every room, on every device, in every conversation and in every thought. It wants to control what Canadians think, what they see and what they post, and, by extension I can safely say, how their private data is curated and used.

One thing that is vital if we are to trust the government with our private data and with protecting privacy, there must be clear boundaries. This leads to one of the larger issues with this legislation, an issue we are faced with every time the government brings legislation forward. It fails to provide clear definitions.

There is a section of the bill that deals with the sensitive information of minors. The fact that there is no section for the protection of sensitive information of adults is a sign.

What does it mean by “sensitive”? It is never defined. What does it mean by “scrutiny” for data brokers? It is this habitual lack of specificity that characterizes so much of the government's legislation.

It is like a band that is way more interested in the concept of the album and how it looks on the cover than the actual quality of its music. If it cared about the quality of the music, it would have brought forward a bill that looks more like the European Union's 2016 GDPR, which is widely regarded as the gold standard for digital protection. By that standard, PIPEDA fails the test, but so might Bill C-27 if we do not bring it closer in line with what other nations have done. This lagging behind does not just affect personal privacy, but the ability of Canada and data-driven Canadian businesses to work with our EU friends.

This whole new regime outlined in the bill has huge implications for businesses, something I am sure my colleagues will be addressing. There is so much that can and should be said about this legislation, but it comes down to this: Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data.

Mr. Speaker, to bring it back to the topic of this debate, Bill C-27, the intention of the bill is to modernize the protection of digital privacy rights in Canada. The previous iteration of the bill was roundly panned by stakeholders when it was introduced in the previous Parliament. However, in this new version, Bill C-27, the government has added a few new elements, for example, regulating artificial intelligence.

Unfortunately, there are so many different elements within the bill that nobody can actually address all the issues within a 10-minute speech, so I will focus on the privacy issues that are sorely lacking within the legislation.

The bottom line is that the new bill, Bill C-27, remains fundamentally flawed and is, simply put, a redux of the former bill. Essentially, what it would do is put lipstick on a pig.

The dramatic and rapid evolution in how we gather, use and disseminate digital information in the 21st century has presented the global community with not only a lot of opportunities but significant challenges as we try to protect society and individuals against the unauthorized use of their data and information. This directly implicates the issue of privacy and the various Canadian pieces of legislation that address the issue of privacy.

This is not the first time the Liberal government has tried to “fix” a problem, and I use that term advisedly. It tries to fix things, but just makes things worse. In the 21st century, we are faced with immense challenges in how we protect individuals, our Canadian citizens, against those who might misuse their data and information. Any suggestion that this digital charter is actually an articulation of new rights is simply wrong. This is a digital charter, but it is not a digital charter of rights.

I will turn to the most significant and substantive part of the bill, the privacy elements. Very little of this legislation has been changed from the original Bill C-11, and the government has not measurably responded to the criticism it received from the stakeholders when the previous version of the bill was reviewed at committee.

There are five key additions and alterations to Canada's existing privacy protection laws.

First, the bill expressly defines the consent that Canadians must give in order for their data and information to be collected and used, and there are guidelines attached to that. We commend the government for doing that clear definition of consent.

Second, Bill C-27 addresses the de-identification, the anonymization of data that is collected by private companies. Again, that is important. We want to ensure when private businesses collect information from consumers that this information is not attached to a specific individual or citizen.

Just to be clear, the bill contains numerous broad exemptions, which we could probably drive a truck through, and will likely create the loopholes that will allow corporations to avoid asking Canadians for permission.

Third, the bill provides that all organizations and companies that undertake activities that impact the privacy of Canadians must develop codes of practice for the protection of the information they collect.

Finally, the act would create harsher financial penalties, up to $25 million, for a violation of Canadian privacy rights. We, again, commend the government for doing that.

However, let me say for the record that what we do not support is the unnecessary creation of a new personal information and data protection tribunal, which is another level of bureaucracy that would add more layers of complexity, delays and confusion to the commissioner's efforts to enforce privacy laws.

Canada is not alone in expressing concern over the risks that digital information and data flows represent to the well-being of Canadians and our privacy rights. Many other countries are grappling with the same issue and are responding to these threats, and none more so than the European Union. The EU has adopted its general data protection regulation, the GDPR, which has now become the world's gold standard when it comes to privacy protection in the digital environment.

The challenge for Canada is that the EU, which is a market of over half a billion well-heeled consumers, measures its willingness to mutually allow sharing of information with other countries against the GDPR, the standard it has set. Those who fall short of the rigour of that privacy regime will find it difficult to conduct business with the EU.

Do our current regime and this legislation measure up to the GDPR from the EU? No, probably not. In fact, for years Canada's digital data privacy framework has been lagging behind those of our international counterparts. The problem is that if we do not meet the standard, we will not be able to do the kind of business with the EU we expect to. As someone who played a part in negotiating our free trade agreement with the European Union, I know it would be an absolute travesty to see that work go to waste because our country was not willing to adopt robust privacy and data protections.

I note that, as is the custom with our Liberal friends, the bill creates more costs for taxpayers to bear. There is a creation of new responsibilities and powers for the commissioner, which we support, but this legislation calls for the creation of a separate tribunal, a new layer of bureaucracy and red tape that small and medium-sized enterprises will have to grapple with.

There are other unanswered questions. Why does this legislation not formally recognize privacy as a fundamental right? Regrettably, as presented, Bill C-27 misses the opportunity to produce a path-breaking statute that addresses the enormous risks and asymmetries posed by today's surveillance business model. Our key trading partners, especially the EU, have set the bar very high, and the adequacy of our own privacy legislation could very well be rescinded by the EU under its privacy regime.

Thirty-five years ago, our Supreme Court affirmed that privacy is “at the heart of liberty in a modern state”, yet nowhere in this bill is that right formally recognized. Any 21st-century privacy regime should recognize privacy as a fundamental human right that is inextricably linked to other fundamental rights and freedoms. By the way, I share the belief that as a fundamental right, it is not appropriate to balance off the right to privacy against the rights of corporations and commercial interests. Personal privacy must remain sacrosanct. When measured against that standard, Bill C-27 fails miserably.

I have much more to say, but I will wind down by saying that this bill is another missed opportunity to get Canada's privacy legislation right by consulting widely and learning from best practices from around the world. There is a lot riding on this bill, including the willingness of some our largest trading partners to allow reciprocal data flows. This bill is not consistent with contemporary global standards.

The Centre for Digital Rights notes that this legislation “fails to address the reality that dominant data-driven enterprises have shifted away from a service-oriented business model towards one that relies on monetizing [personal information] through the mass surveillance of individuals and groups.” That should be a wake-up call to all of us. Sadly, this bill fails to listen to that call. Let me repeat that there is a move toward monetizing personal information through mass surveillance of individuals and groups, and the government has not yet recognized that.

For those reasons, I expect the Conservatives will be opposing this bill and voting against it.

Madam Speaker, I am looking at Bill C-27 and wondering what we make of the fact, and I know he commented on this, that we have three different bills that are all put together and only one is really new. We have seen the privacy pieces and the repeal of PIPEDA in the former Parliament's Bill C-11. The bill before us relating to artificial intelligence and high-impact AI and regulating that is essentially an entirely different scheme of legislation. Would the Conservatives agree that they should be split so we can examine them separately? I think that is already their position. What does the hon. member say to that?

Madam Speaker, we are here today to debate Bill C-27, the digital charter implementation act. With this bill, the government seeks to bring Canada's consumer privacy protections up to date, to create a tribunal to impose penalties on those who violate those protections and to create a new framework on artificial intelligence and data.

For my constituents, I think the most important question is this: Why are consumer privacy rights important? Our personal information has become a commodity in the modern world. Businesses and organizations regularly buy, sell and transfer our personal data, such as our names, genders, addresses, religions, what we do on the Internet, our browsing history, our viewing and purchasing habits, and more. This happens so often that it is almost impossible to know who has access to our sensitive data and what they do with those personal details. Unfortunately, this bill fails to adequately protect the privacy of Canadians and puts commercial interests ahead of privacy rights.

The first part of this bill is the consumer privacy protection act, and I will note, as many others have during this debate, that it is really three bills in one. It is the largest part of this bill and brings in new regulations on the collection, use and sale of the private data of Canadians. I will cover three issues that I have found in this act in the first part of this bill.

The first issue relates to how organizations may collect or use our information without our consent. Subclause 18(3) states:

(3) An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for the purpose of an activity in which the organization has a legitimate interest that outweighs any potential adverse effect on the individual resulting from that collection or use

Without defining what a “legitimate interest” is, this subclause risks giving organizations free rein to define “legitimate interest” in whatever way suits their own commercial interests.

The second issue I will cover relates to how the bill would protect the privacy rights of children. Subclause 2(2) states:

(2) For the purposes of this Act, the personal information of minors is considered to be sensitive information.

However, nowhere in this bill are the terms “minor” or “sensitive information” defined. This will lead to confusion about how the personal information of children should be handled, and will ultimately lead, in my opinion, to weak protection of that information. There is also no other provision in this legislation that regulates the collection and use of children's personal data.

Every parent in the House of Commons is very concerned about their child going on Minecraft and about their interactions with other people and other gaming sites. This bill does not do enough to protect children in the context of online gaming.

The last issue I will raise in this act relates to when organizations can rely on implied consent to collect and use personal data. Subclause 15(5) states:

(5) Consent must be expressly obtained unless, subject to subsection (6), it is appropriate to rely on an individual’s implied consent, taking into account the reasonable expectations of the individual and the sensitivity of the personal information that is to be collected, used or disclosed.

This subclause highlights that the bill lacks a clear definition of “sensitive information”. This means that organizations will have free rein to determine when they can rely on implied consent, and they will be free to decide what information is or is not deemed sensitive according to their interpretations and not the legislation's interpretation.

The second part of the bill relates to the creation of the new personal information and data protection tribunal act. The bill would create a new semi-judicial body with the power to levy financial penalties against those who violate the CPPA, the first part of the act. I question whether this tribunal would be able to enforce the penalties outlined in clause 128, which are tied to global revenue and a proportion of profit in the previous fiscal year.

How does the government plan on ensuring accurate figures? Does the government really believe that it will go after Google in a global context, hold Google accountable and collect up to 4% or 5% of Google's global revenue? It is farcical.

We need very clear and very big amendments to this section. We need to question whether we even need a tribunal, because if it is in charge of enforcing clause 128 of the bill, I already know it is going to fail.

Under the third section of the bill, the artificial intelligence and data act, new provisions would be created that apply to the private sector. However, this bill does nothing to address the relationship between government and artificial intelligence.

Right now in Parliament, we are debating Bill C-11, which talks about the government's use of algorithms in the context of the CRTC. This bill has rightly infuriated Canadians across the country who are concerned about how the government would determine what people say and do on the Internet and where they would be directed. Why is the government not trying to apply the same standards upon itself as it is trying to apply on private corporations?

I want to address some other key oversights in the bill.

First, in the U.K., EU and even Quebec, certain personal details, such as race, sexuality and religion, are given special protection in comparison with other personal information. Why does the government believe the most identifiable aspects of our personal information are not worthy of being defined as sensitive information in the context of privacy law?

Second, the bill does nothing to regulate the sale of personal data. I am reiterating this point. In a world where the sale of personal data has become an integral part of our economy, why is the government not concerned with setting clear rules on how data and what kinds of data can be bought and sold, especially in the context of children?

Third, the bill fails to regulate the use of facial recognition technology. The RCMP used Clearview Al's facial recognition database, which was illegally created. Why does the government not think it is appropriate to ensure this never happens again?

Fourth, the consumer privacy protection act and the personal information and data protection tribunal act proposed in this bill are nearly identical to the acts proposed under last Parliament's Bill C-11. The consequence is that Canada's consumer privacy laws will be out of date by the time they come into force.

This bill was an opportunity to put forward strong regulations on the collection and use of personal data, but it failed to meet some basic criteria and thresholds. While the increased penalties for violating the act are welcome, they are watered down by the implementation of a tribunal that would take months or potentially even years to make a decision and levy fines. It is even questionable whether such a tribunal could actually do what it is purported to be responsible for.

Do we really need privacy legislation that fails to protect the privacy of Canadians? Do we really want privacy legislation that fails to put consumer interests ahead of corporate interests? Do we really want privacy legislation that fails to protect the personal information of children? Do we really want Al regulations that do not apply to government? Frankly, the government needs to withdraw Bill C-27, break it up into different parts and come back to Parliament after it has looked at the drawing board again and done something a little more comprehensive.

Madam Speaker, in a previous Parliament, the government killed Bill C-11 because it wanted to have an election. It did not see the importance of that bill. Now the government is proposing a flawed bill and expecting us to support it. We will support a bill that really makes sense, a bill that will help and work for Canadians.

I do not think we have any interest in wasting time. It is up to the government to do something with its bill to make it acceptable for other parties to support it.

Madam Speaker, last week, the federal government banned the use of the TikTok app on government devices because of data privacy concerns, so it is very appropriate for us to be discussing this matter today. Digital data privacy can be seen as a fundamental right, one that urgently requires strengthened legislation, protections and enforcement. Canadians must have the right to access and control the collection, use, monitoring, retention and disclosure of their personal data.

This is a pressing issue. Realizing that, the European Union introduced the GDPR, its General Data Protection Regulation, in 2016. EU countries were given a couple of years to adapt to this new privacy reality, with the regulation coming into effect in 2018. The GDPR has been used by many other countries as a framework for privacy protection.

With the GDPR as an example, and faced with a changing digital data universe, the government basically did nothing to protect data privacy for Canadians. Perhaps that is an unfair statement. After all, digital and online data privacy was addressed in the last Parliament under Bill C-11. The Liberals recognized that Canada needed to bring its privacy laws into the 21st century.

However, that bill was never passed. Apparently, data privacy was not a big enough issue to be made a priority, and the digital charter implementation act was scrapped in favour of an election that Canadians neither wanted nor needed. Now we are asked once again to address this subject. It is indeed better late than never. I would have hoped, though, that with the delay, the government could have improved on what it is proposing.

Perhaps if the government had moved a little faster, Canadians would not have had to question how their data was being used and how their privacy was being invaded by governments and corporations. We are left to wonder how many privacy breaches have gone undetected or unreported. The ones we know of are disturbing enough. Tim Hortons used its app to track customer movements. The RCMP used Clearview AI’s illegally created facial recognition database. Telus gave customer location data to PHAC.

It has been more than 20 years since Canada’s existing digital privacy framework, the Personal Information Protection and Electronic Documents Act, PIPEDA, was passed. With technological changes in recent years, legislation is needed to address subjects such as biometrics and artificial intelligence. We have to consider how Canadians understand the issue of consent when it comes to the use of their data and their privacy.

I am deeply concerned and disappointed with how sloppy the Liberal approach in Bill C-27, the digital charter implementation act, 2022, currently is. Privacy is a fundamental right. This bill does not mention that, despite the Supreme Court of Canada having acknowledged it. We need to clearly distinguish the extent to which Canadians’ digital privacy will be protected. If the government wants the bill to be fully effective, it needs to further explore the scope of accountability required when privacy is breached.

The clear definition of consent is a major improvement from what it once was in the Personal Information Protection and Electronics Document Act, but a good definition is only the beginning. Because technology has greatly expanded and evolved since the implementation of PIPEDA, should we not also expand the umbrella of activities that consent would cover? The large number of exemptions allowed would weaken the impact of the legislation.

Bill C-27 may be a good beginning, but I had hoped for something better. It is sad that the bill’s title is perhaps the strongest statement in the legislation. While the title gives some idea of what the legislation is all about, it is already dated. We are no longer in 2022, and the Liberals are once again falling behind.

As parliamentarians, we know the power of words and the importance of speaking in a way that can be understood by those receiving the message. It is important that legislation can be understood. It is even more crucial that the bills we pass spell out exactly what we intend.

Perhaps the most important part of any of the laws is the section that provides definitions. They need to be clear and comprehensible and not subject to differing interpretations that weaken the intent of the legislation. Legislation that allows each person to provide their own definitions is problematic. Bill C-27 uses words such as “significant impact” or “sensitive information”. I cannot help but question what is covered by these vague terms.

Before the people of Edmonton Manning sent me to represent them in the House, I was a businessman. I understood the importance of safeguarding the personal information my customers entrusted to me and not to abuse that trust. However, as we have seen, some companies make unauthorized use of the information they gather to gain a competitive edge or for profit.

With that in mind, there must be a balance between acceptable use of data by business and the fundamental protection of our privacy. It seems to me that the balance is wrong on this bill, given the way it addresses user consent and the use of collected information.

The more I read Bill C-27, which 100 pages-plus, the more questions I have. There is too much in it in need of clarification. Yes, that will be done when it goes to committee after second reading, but the government could have presented a better bill to make the committee’s work easier.

I do not want to sound too negative. I know the Liberals mean well, even if they do not seem to be able to quite understand just how important digital privacy is to Canadians in the 21st century. I am pleased therefore to see that they understand that sometimes mere words or a scolding are not enough.

It makes sense to me that the Privacy Commissioner will receive new powers to enforce violations of the consumer privacy protection act. That may be the most impactful change the legislation brings about. It is not enough to simply recommend that perpetrators stop their violations. Any parent could tell us that consequences are needed if we want to ensure improved behaviour.

With the Privacy Commissioner finally being able to force violators to conform to the rules, I think we will see increased respect and better treatment of Canadians' personal information. The harsh financial penalties for non-compliance will be a powerful motivator.

Given the amount of time the Liberals had before presenting Bill C-27, we must question why they did not come up with a better bill. They have left me, and all Canadians, asking if they really understand what their own legislation is supposed to do.

Does the consumer privacy protection act, as proposed in the bill, do enough to properly protect Canadians’ personal information? The Liberals had a chance to look at the EU’s GDPR and see how well that worked. Did they learn anything?

Would Bill C-27 improve the protection of Canadians’ personal information or are there so many exemptions for needing consent in the sharing of personal information that the words of the bill are meaningless?

Would the legislation create proper protections for Canadians’ biometric data? Given that no such protection currently exists, perhaps we should be thankful that the subject is addressed at all.

Is it reasonable to exempt security agencies and departments, such as CSE, CSIS and DND from AI regulations? How do you balance privacy and security concerns?

Canadians’ digital privacy and data needs to be properly protected. This bill is a flawed attempt to start the long overdue overhaul of Canada’s digital data privacy framework. The Conservatives will be looking at putting forward some common-sense amendments at the committee stage to ensure we have the best possible legislation.

Madam Speaker, I want to use my speaking time in the House to note that today is the 85th day of the blockade of the Lachin corridor. This blockade has left 120,000 Armenians in Nagorno-Karabakh without access to health care, food and medication. This situation has been denounced by the European Parliament, by Amnesty International and, last week, by the International Court of Justice. I urge the federal government to do more and apply pressure to ensure that these 120,000 Armenians can have access to food and to prevent a humanitarian crisis.

I am pleased to rise in the House today to speak to Bill C-27, an act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other acts.

This bill includes many things and covers many topics. I want to begin with the part on artificial intelligence. The NDP was a bit concerned by the fact that in the wake of Bill C‑11, this whole new part on the Artificial Intelligence and Data Act was added to Bill C‑27. We think this is a separate issue that needs to be dealt with separately. It is a huge topic in and of itself. We are pleased that the bill is being split so that we can study it in two parts.

In my riding, Rosemont—La Petite-Patrie, there is a burgeoning AI hub that provides jobs for hundreds, maybe even thousands, of professionals. I have met people who were a little worried about the federal government being kind of hasty in dealing with an issue as complex as AI. They are particularly worried about the fact that the U.S. and the EU have laws and regulations already. They think we need to take the time to make sure Canada's regulations are compatible with what is being done elsewhere, with our trading partners and our competitors, just so that it will be easier to attract talent down the line and get these professionals to go work in Montreal, Toronto, Vancouver and other places in Quebec and Canada. They want to avoid the kind of incompatibility that could result in unnecessary obstacles.

With respect to the protection of personal information, I believe that, sadly, a string of scandals has made people aware of this issue, and they realize that our laws and regulations must be updated and adapted. Consider the personal information and data breaches and the problems this causes for people. I will quickly mention a few examples. The problems with Yahoo, Marriott, and Mouvement Desjardins in Quebec, as well as Facebook, all revealed the need for new measures to help victims who have had data and their personal information stolen in several countries. We need only think of the 2019 settlement in the U.S. for the Equifax data breach. It is quite significant, given that Equifax is one of the largest companies people rely on for their credit score so they can make purchases or borrow money. This is not trivial.

Here, in 2019, the Office of the Privacy Commissioner of Canada found that Equifax fell short of its obligations to Canadians and Quebeckers. He then had the company sign a compliance agreement that did not require the payment of any fines or damages for Quebec or Canadian victims. This happened just a few years ago and clearly demonstrates just how outdated Canada's legislation is.

That is why the NDP will be supporting Bill C-27 at second reading. We think it is important that the bill be sent to committee, because we see all the cracks and gaps currently in the bill. It is important that the Office of the Privacy Commissioner be strengthened to bolster enforcement measures to protect consumers and Canadians. Bill C-27 needs to be amended to improve things. There are some shortcomings in this bill. There is even some backsliding in relation to Bill C-11, its predecessor in the previous Parliament, before the last election.

Privacy concerns everyone. In a digital world where social media and online entities are taking up more and more space, we have to remember that, although it is nice to use them sometimes—and they can be of great service—we are the ones who have become the product. Our personal information is the source of huge profits, and we need to be aware of that.

Our information is used to target the advertising we see on our devices when we go to websites. That targeting is based on our personal choices, preferences and searches. Big corporations create profiles and use them to sell advertising. We are the product. These companies make money off the information we give them for free. I have met people who had an interesting suggestion. Maybe these companies should pay us because we are their source of profit. They make money off the targeted advertising they sell, and that is how they plump up their bottom line.

We need to modernize our privacy protection laws. We also need to start thinking about the implications of handing over so much information about our consumer behaviour, our travel patterns, our interests and everything we search for online. We have to prompt people to think about that.

The bill is interesting because it creates a lot of new regulations and a new tribunal. The NDP thinks that is a good thing, but the bill does not go far enough. For example, the bill sets out a private right of action for individuals, but it does not really make it possible for consumers who have fallen victim to privacy breaches to be compensated, unlike what is being done in the United States. This right comes with various rather ineffective stipulations, so although there are new provisions, like this new tribunal, the bill provides for very little recourse.

A few years ago, the NDP published a digital bill of rights for Canadians. In it, we called for new, more effective provisions on consent and the sustainability of data. We called for the government to give the commissioner order powers and to impose larger and more consequential monetary penalties. We also called for transparency with regard to algorithms and more protection against abuse.

I think that the government could draw inspiration from the NDP's digital bill of rights to amend, enhance and improve the bill before us today. Once again, I have to say that this bill takes half steps because it proposes half-measures. There are some rather interesting measures in this bill, but they do not go far enough.

For example, there is still a significant imbalance between commercial interests and individual rights. Unfortunately, the Liberals are still in the habit of putting commercial interests ahead of the rights of citizens. For example, the new preamble of Bill C‑27 tries to present privacy as an individual interest tied to fundamental rights, but still does not directly recognize that privacy is not just an essential aspect of fundamental rights, but a fundamental right in and of itself. It considers the right to privacy to be part of Canadian norms and values, rather than a fundamental right. I think this part of the preamble of the bill should be changed.

There is also some backsliding. Under Bill C‑27, individuals would have less control over the collection, use and disclosure of their personal data, even less than what was proposed in Bill C‑11, which was introduced during the last Parliament. That is really the crux of the matter. If we do not have control over the information we provide or the way it is used or shared, it will be a wild west, total chaos. That is what we are seeing now, in fact. This is a step backwards, and I think that the NDP will be proposing amendments to restore this balance.

Under the bill, information that has been de-identified is still personal information, with some exceptions. There are quite a few exceptions, including in clauses 20 and 21, subclauses 22(1) and 39(1), and the list goes on and on. Roughly a dozen clauses contain multiple exceptions, so it gets extremely complex and confusing. It seems to me that this is going to give big corporations and web giants a way out, through loopholes and back doors. They will be able to do whatever they want because of this list of exceptions.

We in the NDP will be supporting the bill at second reading, but there is still a lot of work to be done to improve the bill.

Madam Speaker, I am concerned. I said that right off the top. When Bill C-18 was introduced over a year ago, the bill was designed to help local newspapers in this country. Now we find out when we peel back the onion that public broadcaster CBC, Rogers and Bell, are going to get 75% of the funding from Meta and Google. Why are they at the trough?

We dealt with Bill C-10 and Bill C-11 before, which pertained to those industries. Bill C-18 was designed for newspapers, as we have found out with the department saying only $150 million will be raised. Is it $150 million, or what the PBO said is a bigger pot of $239 million?

Mr. Speaker, it is an honour to speak today in the House about Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making other consequential amendments.

This is a critical bill, and I am very happy to see the debate being undertaken today in the House. I do know that cybersecurity is important to the Minister of Public Safety, so I will give him credit for bringing this bill forward. It should be something that is important to all government ministers of every level of government. It is very important that we are having this debate today.

I was provided a briefing from cybersecurity experts from the minister's department just under a year ago. It was very informative about the risk Canada faces in terms of cybersecurity. Just to speak simply, I asked them what would be, in the worst case scenario, sort of a Pearl Harbor moment for Canada. They responded that it would be a cybersecurity attack on our electrical infrastructure or our pipeline infrastructure in the middle of winter. If there were a cyber-attack or a ransomware attack on the infrastructure that keeps Canadians warm in the middle of winter, that would be absolutely devastating, specifically in our coldest provinces, regions and territories in Canada.

Just to give Canadians an idea of the gravity of what we are talking about today and how important it is, not only that we bring forward cybersecurity legislation that builds capacity, but also that it be done right. There was a series of questions before my remarks that outlined a number of the issues in this bill.

I will just outline a number of recent cybersecurity attacks in Canada and also in the United States of late. We know that the Canada Revenue Agency was attacked in August 2020, impacting nearly 13,000 Canadians who were victims of that. There was also a hospital in Newfoundland, in October 2020, where the cybersecurity hackers stole personal information from health care employees and patients in all four health regions, as well as social insurance numbers belonging to over 2,500 patients. Very deeply personal and private data from these hospitals was stolen by cybersecurity hackers.

Global Affairs also most recently was attacked in January 2022, right around the time that Russia engaged in the illegal invasion of Ukraine. It was reported that it may have been Russian, or Russian state-sponsored, actors who were responsible for the cyber-attack on Global Affairs.

That was a very serious attack on another government department. The government is certainly not immune to these types of cybersecurity attacks.

Most famously, I would say, there was a ransomware attack on critical infrastructure in the United States back in May 2021. Pipeline infrastructure was attacked. President Biden issued a state of emergency. Seventeen states issued these states of emergency. It was very serious, and it just shows the capabilities of some of these cyber-threat actors, and the threat they pose to Canadians in their everyday lives and to Canada as a whole, as well as the threat to our allies.

This bill is coming forward in light of the government announcing most recently, in the past year, that it would ban Huawei from our 5G infrastructure. Conservatives and the House of Commons, in fact, have been calling on the government to do that for quite for some time. This legislation would help enable the practical implications of that ban. Again, it is certainly a very long time coming. Had this been done years ago, it would have saved our telecommunications and thereby the everyday users of our telecommunications companies, a lot of pain and a lot of money. I am concerned about the financial impact, although this is critical, that waiting so long to bring it forward would have on everyday Canadians and their cellphone bills, just as an example.

I am the vice-chair of the public safety and national security committee. I championed a study we are undertaking, which is in the process of being finalized right now, of Canada's security posture in relation to Russian aggression. A large part of that study was about cybersecurity. The experts we brought in repeatedly sounded the alarm that cybersecurity is of the utmost importance. It is something that the Government of Canada, the private sector, provincial governments and, frankly, municipal governments must take extremely seriously. It is rapidly evolving. I am going to give some quotes from a few of the experts to the lay the stage of what we are facing as Canadians.

Professor Robert Huebert of the University of Calgary said:

With regard to other cyber threats, we also know the Russians have shown an increasing capability of being able to interfere in various electronic systems and cyber systems of other states. We've seen this with their ability to influence the Ukrainian electrical system prior to the onset of the war in 2014.

This is the other war it engaged in over the last number of years. He also said that we are seeing this in other locations across the globe.

He went on to state:

Once again, it's hard to know exactly how well-defended [Canada has] become in being able to harden that part of cyberwarfare. There's no question, whatsoever, that the attention the Russians and the Chinese are giving this is increasing....

He compared that to the reports we are hearing from our American and British friends and allies who are saying the Chinese and Russians are extremely active on the issue of cybersecurity and involving state-sponsored actors launching attacks against countries like Canada and the United States.

We also had a woman named Jennifer Quaid, who is the executive director of the Canadian Cyber Threat Exchange, which is a private company that supports various companies to help boost their cybersecurity. She talked a lot about cybercriminals. This is an important piece. Even the minister talked about this as well.

First and foremost, she flagged that the Minister of National Defence of the current government said, “Cyber security is one of the most serious economic and national security challenges we face.” Therefore, it is quite a serious issue we are talking about today.

Ms. Quaid went on to say, “cyber-threats are becoming more sophisticated and are increasingly pervasive. Driven by the growth and global adoption of innovative technologies, cybercrime pays.”

She meant that cyber-threat actors can be grouped roughly into two categories, nation states conducting espionage and statecraft through the Internet, and criminals engaging in cybercrime for financial gain.

She went on to say, “It's this criminal element that has commercialized cybercrime”, meaning that cybercriminals and cybercrime have now become a thriving industry. She pointed out that the barriers to entry, the technical expertise needed to be a hacker, so to speak, is increasingly low. She said that several countries now are allowing cybercriminal groups to operate within their borders.

She also named something called a “hacktivist”, an activist hacker, of all things. We may have someone, in the name of social justice, hacking into a fossil fuel company, for example. Imagine if that happened in Canada in the middle of winter to our gas pipeline infrastructure. It would be devastating and deadly, so we have to keep an eye out for hacktivists, as she said.

She also pointed out that 25% of organizations in Canada have reported a cyber-breach. One in four. That is pretty significant. She said that the small and medium-sized enterprises that make up 98% of our economy are also being impacted. Almost 100% of our economy is being attacked in some form or another.

This is really important when we think of big banks and big, wealthy corporations that have pretty good cybersecurity infrastructure and have the money to do so. What feeds them is third party suppliers that may provide the various components or various mechanisms to undertake their important parts of the industry that company is engaged in. They are also at risk. Therefore, if a lower third-party provider of a major telecom is attacked, for example, that may seriously impact the ability of that telecom to deliver its services adequately to Canadians.

She mentioned that 44% of SMEs, small and medium-sized enterprises, do not have any defence. Almost half of our small and medium-sized enterprises, which dominate our economy, do not have any sort of defence and are not even thinking about cybersecurity. That is why today's discussion and this bill are important to be debated and have experts weigh in.

I will also quote Dr. Ken Barker, who is a professor at the Institute for Security, Privacy and Information Assurance at the University of Calgary. He talked a lot about the impact of cybersecurity on critical infrastructure. He mentioned that, in general, it is very vulnerable because it is built on legacy systems that, in essence, predate the Internet. As our legacy systems are getting online, this creates, as he explained, some gaps that hackers can take advantage of, which again puts our critical infrastructure at risk. That came up over and over at committee. He pointed out that our large private companies and our banks are investing a lot in cybersecurity, but again, as he and Ms. Quaid pointed out, it is their SMEs that are the most vulnerable.

I will conclude my quotations here with Caroline Xavier, who is the director of the Communications Security Establishment, which falls under the Department of National Defence. It is the part of government responsible for cybersecurity. Therefore, that she is the head of government cybersecurity is a simple way to look at it.

She said, “cybercrime is the most prevalent and most pervasive threat to Canadians and Canadian businesses. Cybercriminals trying to probe Canadian systems have been found in Russia, Iran and China, among others. [They] use various techniques such as ransomware”. They are specifically focusing on our critical infrastructure, and they certainly pose, as she said, “the greatest strategic threat to Canada.”

The bill before us would do a number of things. It is quite a large bill, so I will not go into every detail of what it would do, but in essence there are two parts. One would amend our existing Telecommunications Act. Of particular importance, it would give very broad and sweeping powers to the minister of industry to do a number of things. What has been criticized by a number of organizations is a specific part of the bill, which is in the summary, that says it would allow the minister and the Governor in Council to “direct telecommunications service providers to do anything, or refrain from doing anything”.

Those are very broad powers to be given to one minister, so that should immediately put up red flags for all of us. No one should have such vast sweeping powers over our telecoms. Again, I have built the case that we need better cybersecurity, but there is a big question mark here of whether we are giving too much power to one minister, one person, in all of Canada.

The bill also has a whole financial issue involved in it. To do anything, as it said, could have massive financial implications. Big companies such as Telus may be able to afford that, but our small telecoms may not be able to so much. It might bankrupt them. That is not great news, and there would be no financial component, in terms of compensation, for any of these losses, so there is a big question mark there as well.

Also, something of importance I find quite concerning is the way the bill is structured would result in a significant exchange of a lot of information from telecoms to the minister, which he could pass on to various ministers and government agencies. Is that very confidential information? It is certainly the cybersecurity plans. Does that include state secrets? Is it safe that we would be asking our telecoms this?

The second part of the bill involves all critical infrastructure companies in Canada, as was outlined by the minister, including provincial and Crown corporations, and the like, so the bill would really establish the process that all of these companies would have to provide their cybersecurity plans, and there would be a very strict reporting mechanism. We are talking about days, if not a few weeks, to get together these plans and provide them to the minister. There would be annual updates required. If a big company were to change a third-party provider, it would have to, in essence, immediately report that to the minister of industry.

There is a whole host of very cumbersome reporting mechanisms, and I do believe we need some of these, but a question remains, as I have outlined earlier, and the government is not immune to being hacked by cybercriminals. I just outlined three or four incidents when that happened. The bill would take all of our critical infrastructure, and all of companies' cyber-defence plans, along with countless other pieces of personal data of Canadians and others, and we would give that to the government. An argument could be made that this is needed, but where are the protections for that? Where is the defence of government to ensure that this would not end up in the wrong hands or that information is not hacked by cyber-actors?

That is a significant threat that needs to be addressed by the minister, and I was not assured from his remarks that this is something that is front and centre in his objective through the bill.

I would also say that there is a number of civil liberty organizations that have raised serious alarm as well. There was an open letter written to the minister from the Canadian Civil Liberties Association, the Canadian Constitution Foundation, the International Civil Liberties Monitoring Group, Leadnow, Ligue des droits et libertés, OpenMedia, and the Privacy and Access Council of Canada. All of the leaders of research and discussion of our civil liberties, all such major organizations in Canada, were quite alarmed by the bill in many ways and wrote an open letter to the minister that outlined a number of things.

In essence, they said the bill would grant the government sweeping new powers, not only over vast swathes of the Canadian economy, but also in intruding on the private lives of Canadians. To sum it up, and I think they said really quite well, “with great power must come great accountability.” There is great power in the bill, but the accountability side is lacking.

Before I go on to detail some of their concerns, I do want to outline what some other countries are doing. If we look at the U.S. and the EU, they have established similar bills in the past year or so. The EU actually has greater and more significant fines in many ways, and the U.S. provides more prescriptive and strict reporting mechanisms, such as, if a U.S. critical infrastructure company has a ransomware attack, the legislation outlines the company must report it to the government within 24 hours.

That actually might be something we may want to consider for the bill. If we are going to go there, we might as well have it in line with our American allies and make it tight. I do think that a reporting mechanism is one of the most important parts of this bill.

I want to go back to the civil liberties issue. With the government's track record on Internet regulation bills, such as Bill C-11 and others, a lot of people have their backs up about their personal freedoms online and their data, rightfully so. The civil liberties associations are raising some of the concerns that have not been assuaged thus far by the government or the Minister of Public Safety.

In the open letter, they mention that this, “Opens the door to new surveillance obligations”, which is quite concerning. In their view, and this has not been proven, “Bill C-26 empowers the government to secretly order telecom providers ‘to do anything or refrain from doing anything’”, as I mentioned. They believe that, if there was an abuse of this extreme power, it could be utilized by a government with ill intent, not to say that is the Liberal government's intent, but it could be utilized to survey Canadian citizens. It is quite concerning.

They go on in that realm to outline that the powers in this bill allow the administrative industry to terminate who telecoms work for, for example. They believe that could also be applied to individual citizens. They are looking at this and thinking, if a government wanted to punish a group of people, it could call up Telus, and this is very blunt and not overly academic in the way I am explaining it, to direct Telus it cannot do business with these people, cut off their access to the Internet and cut off their cell phones.

It is an extreme worst-case scenario, but it is worth flagging that there may be a bit of a backdoor in this bill that would allow that, should an evil government ever come along that is looking to abuse the civil liberties of Canadians. I would like to see that addressed and have safeguards put in place to prevent that type of abuse, should it ever happen in an extreme circumstance.

They also talk about how it “Undermines privacy” and that there are “No guardrails to constraint abuse”. Again, I think this is an area where opposition parties, in particular, and hopefully government members on the committee, can come together to ensure that there is an ombudsman put in place or an oversight body. We need something where the rights of companies, and more importantly of citizens, are protected from the abuses I have outlined, and there are many others.

There were also a lot of concerns from the Business Council of Canada. It wrote an open letter to the minister on behalf of large companies, and also small and medium-sized enterprises. In essence, what we are seeing is the red tape is extremely high, so we are worried that will impact our small and medium enterprises.

The business community, in general, has said that it seems that this bill, to sum it up bluntly, is all stick and no carrot. It is all hard-hitting. It is going to be super hard on us, and we better comply. I can hopefully go into more details about that in the question part of this debate, but there is no incentive structure built in.

There is no incentive to have companies share best practices with each other. I think the government should be a leader in encouraging the open sharing of best practices and experiences that protect the confidentiality of companies but allow them to share information, so other companies can be better equipped, and we can all work together as one big happy, cyber-secure family.

The Conservative Party of Canada is, first and foremost, concerned about national security and ensuring the federal government takes that leadership role in ensuring that Canada, as a whole, is secure against any possible threat, every eventuality, as the Minister of National Defence likes to say.

We are seeing serious gaps in our military. We can have stronger alliances in our Five Eyes intelligence sharing and other agreements. Certainly, that involves cybersecurity. Canada is vulnerable, like many countries in the world. In fact, most countries are dealing with these problems. The Conservative Party of Canada wants to see a more robust framework to incentivize and enforce reporting mechanisms to ensure our cybersecurity is protected, and to make sure there is not a ransomware attack on our pipelines in the middle of winter, which could kill thousands of Canadians from the cold, for example.

We will be looking to support this bill in going to committee, but I want to make it very clear that, if the issues in this bill, and I have outlined a few of them concerning privacy and impacts to business, are not addressed, the Conservative Party is ready to pull its support immediately and put up a very strong defence to stop this bill from going beyond committee. I want to make that very clear to the minister and the Liberal government.

We will get this to committee to hear from experts because we believe that is important, but it must be fixed. There are serious issues that need to be addressed and amendments that need to be made. I would ask Liberal members on the committee to get to work with us, so we can make this bill what it needs to be and make it better to ensure cybersecurity is protected in Canada today and for years to come.

Mr. Speaker, I thank my colleague from Winnipeg North for his remarks.

Indeed, I think such a bill was urgently needed. I commend the government's leadership and congratulate it on having understood the errors in Bill C-11 and making some improvements.

I met with the Minister of Innovation, Science and Industry in January, when it was time to think about developing this bill. I emphasized the importance of the Quebec legislation and of ensuring its primacy. I thank him for listening to me and for the respect evident in Bill C-27.

With respect to the urgent need to take action, Europe is putting a lot of pressure on us. Indeed, Europe has set guidelines and is currently threatening to withdraw its confidence in our artificial intelligence systems in Canada, particularly in the banking sector. It was necessary to act; better late than never.

I hope the principle will be adopted quickly, but more importantly, I hope that the committee work will be thorough and that the experts will be heard. This will be more than welcome.

Mr. Speaker, I am pleased to speak to this bill after my colleague from Rivière‑des‑Mille‑Îles, whom I would like to congratulate. I am also pleased to be following my colleague from Trois‑Rivières, an ethics expert who enlightened us on the potential impact of this bill and the dangers involved.

Unfortunately, very few people are interested in this type of bill, and yet, in the digital age, we cannot afford not to regulate the use of personal information. We cannot deny the fact that the digital shift has exploded in Quebec and elsewhere over the last decade, and it has greatly changed our lifestyles.

It is impressive to see which path companies have chosen during the pandemic, and I think it is a timely discussion to have today. However, I would like to draw attention to the new part of the bill that deals with artificial intelligence. I think it deserves serious consideration.

Part 3 of the bill raises many questions, and opinions from experts in the field of artificial intelligence are mixed. The use of artificial intelligence is a rapidly growing field that risks expanding beyond our control and jurisdiction if we do not begin to regulate the practice and define certain concepts.

Recent developments in AI in general and deep learning in particular have led to the creation of autonomous intelligent agents, which are essentially robots capable of deciding what to do without third-party intervention. These agents' autonomy raises new questions about civil liability, so we have to think about criminal provisions that would apply if someone were put in a dangerous situation, for example.

How should we approach this, and what legal status are we granting them? What legislative framework is the best fit for these autonomous agents?

At this point, we think some important definitions are missing. The law clerks who are examining the bill's provisions from a legal standpoint told us that again today. What is a high-risk intelligence system? What is a high-impact system?

The algorithms produced in applications that use artificial intelligence enable artificial beings to create goods or services or to generate predictions or results. If we compare them to human beings and use the existing framework, how will we interpret the notions of independence and unpredictability attributable to these artificial beings? The experts will help us understand all that.

Quite a few goods already exist that have a layer of artificial intelligence built into them, and 90% of those goods should not pose a problem. Experts at Meta have even said that this technology has reached its limits, because the data to train an algorithm is insufficient in quantity and lacks depth.

Let us get back to the main problem we have with Bill C‑27. Until the department clarifies its thinking on what constitutes a high-impact system, it will be difficult to assess the scope of part 3. Let us assume that everything can be considered high risk. This would mean that many companies would be accountable. If we had greater accountability, the Googles of this world might be the only ones that could risk using artificial intelligence.

The bill does not need to cover everything a machine can do for us or everything software can do once it is developed and generates predictions and results like a calculator.

If we compare it to the European legislation, we note that the latter is currently targeting employment discrimination systems, systems that would determine whether or not a permit to study there can be granted. That is essentially the limit of what the machine can do in our place.

Although the law in this document concerning artificial intelligence is far from being exhaustive, I believe it is important that we start somewhere. By starting here, with a framework, we can lay the groundwork for a more comprehensive law.

My speech this evening will help my colleagues better understand what needs to be clarified as soon as possible so we can have an important discussion about how to regulate the applications that use artificial intelligence and how to process these systems' data.

First, we will have to implement regulations for international and interprovincial exchanges for artificial intelligence systems by establishing Canada-wide requirements for the design, development and use of AI systems. Next, we must prohibit certain uses of AI that may adversely affect individuals.

The legislation is very clear on many other aspects, including on the fact that there would be a requirement to name a person responsible for artificial intelligence within organizations that use this technology. The responsibilities are fairly extensive.

In addition to the artificial intelligence and data act, which is in part 3, Bill C‑27 also includes, in part 1, the consumer privacy protection act, as well as the amendments to the former legislation. Part 2 of the bill enacts the personal information and data protection tribunal act, while part 4 includes the coming into force provisions of the bill.

As my colleagues explained, the other sections of the bill contain a lot of useful elements, such as the creation of a tribunal and penalties. One of the acts enacted by Bill C‑27 establishes a tribunal to process complaints under litigation when it comes to the use of private data. In case of non-compliance, the legislation provides for heavy penalties of up to 3% of a multinational's gross global revenue. There are provisions that are more in favour of citizens when a company misuses digital data.

Yes, this bill does have its weaknesses. I believe those weaknesses can be addressed in committee, but they may require the introduction of new legislative measures. Public services, however, are not covered by this bill. Data in the public sector requires a greater degree of protection; this bill covers only the private sector. Take, for example, CERB fraud and the CRA. In 2020, hackers fraudulently claimed $2,000 monthly payments and altered the direct deposit information for nearly 13,000 accounts.

The government can do more to tackle fraud. Unfortunately, this bill offers no relief or recourse to those whose information has already been compromised. There are digital records of nearly every important detail about our lives—financial, medical and education information, for example—all of which are easy targets for those who want to take advantage. It has been this way for a while, and it is only going to get worse when quantum computers arrive in the very near future.

This means that we must find and develop better means of online identity verification. We must have more rigorous methods, whether we are changing our requirements for passwords, for biometrics or for voice recognition.

Recently, at the sectoral committee, we heard about how easy it is for fraudsters to call telecommunication centres and pass themselves off as someone else to access their information. We must improve identity verification methods, and we must find a way to help those who are already victims of fraud. We must do so by amending Bill C-27 or introducing an additional legislative measure.

Since this is a fairly complex bill, it will be referred to the Standing Committee on Industry and Technology, where we will have the opportunity to hear from experts in the field. At this step, I would like to recognize the leadership of the Minister of Innovation, Science and Industry and his team. We have been reassured by the answers we have received.

Since Quebec already has data protection legislation—Bill 64, which became law 25—we want to understand when the federal act will apply and whether the changes we requested to Bill C-11, introduced in the previous Parliament, were incorporated into this bill. I want to say that we are satisfied with the answers we have received so far.

We will do our due diligence because this bill includes a number of amendments. Obviously, the devil is in the details. During the technical briefings held by the department since Bill C-27 was published, we asked how much time businesses would have to adjust their ways of doing things and comply with the legislation.

We expect that there will be a significant transition period between the time when Bill C-27 is passed and when it comes into force. Since the bill provides for a lot more penalties, the government will likely hold consultations and hearings to get input from stakeholders.

In closing, I would like to say that I have just come back from Tokyo, where I accompanied the Minister of Innovation, Science and Industry to the Global Partnership on Artificial Intelligence Summit, where Quebec and France took the lead. The first summit was held in 2020. I would like to list some important values that were mentioned at this summit that deserve consideration and action: responsible development, ethics, the fight against misinformation and propaganda, trust, education, control, consent, transparency, portability, interoperability, strict enforcement and accountability. These are all values that must accompany open data and ecosystems.

Madam Speaker, I acknowledge that I am standing today, as any day that I am on Parliament Hill, on the Algonquin land of the Anishinabe peoples. I say a large meegwetch to them.

I am speaking today, as we all are, to Bill C-27, which is really three bills in one. My other parliamentary colleagues have already canvassed the bare outline of this, in that we are looking at three bills: an act to create a consumer privacy protection act; a personal information and data protection tribunal act, which largely replaces some of what there was already in PIPEDA in the past; and a brand new artificial intelligence and data act.

I want to start with the artificial intelligence and data act because it is the part with which all of us are least familiar. Much of what we see in this bill was previously before Parliament in last session's Bill C-11. There is a lot to dig into and understand here.

As I was reading through the whole concept of what kinds of harms are done by artificial intelligence, I found myself thinking back to a novel that came out in 1949. The kind of technology described in George Orwell's book, famously called 1984, was unthinkable then. The dystopian visions of great writers like George Orwell or Margaret Atwood are hard to imagine. I will never forget the scene in the opening of The Handmaid's Tale, where a woman goes into a store and her debit card is taken from her. At that moment, we did not have debit cards. Margaret Atwood had to describe this futuristic concept of a piece of plastic that gave us access to our banks without using cash. No one had heard of it then.

There are words from George Orwell, written in 1949, about the ways in which artificial intelligence and new technologies could really cause harm in a dystopian sense. In 1984, he writes, “It was terribly dangerous to let your thoughts wander when you were in any public place or within range of a telescreen. The smallest thing could give you away.”

More recently, there is the song by The Police and written by Sting and others. I will never forget that once I went to a session on rights to privacy being under assault and a British jurist brought with him for his opening of the speech, “Every breath you take, And every move you make, Every bond you break, Every step you take, I'll be watching you.”

We live in a time when artificial intelligence can be enormously invasive of our privacy with things like visual recognition systems, as the hon. member for Selkirk—Interlake—Eastman was just speaking to. These are things that, for someone like me born in 1954, are all rather new, but they are new for people born in 1990 too. It is very new technology and bringing in legislation to control it is equally new and challenging for us as parliamentarians. The whole notion that we are going to be able to spot the ways in which artificial intelligence can affect our democracy is something that will take time.

We talk about harms from this kind of technology, from capturing algorithms, from invading our spaces. We do not have to look any farther than the way Cambridge Analytica was used by the Brexit forces in the U.K. to harness a public outrage against something based on a pile of disinformation, by targeting individuals and collecting their data. That kind of Cambridge Analytica concern also gets into part 1 and part 2 of this bill. We really do need to figure out how to control the digital tech giants harvesting our information.

As an example used earlier today in debate, there is the idea that big digital giants and large corporations can profit from data without the consent of Canadians who may have put a family photo on social media, never knowing that their privacy has been invaded and their personal information and photos have been used for profit without their permission. In this sense, I am going to flag that in the context of the artificial intelligence and data act, I hope we will be taking the time necessary to hear witnesses specifically on this.

We have developed a pattern in recent years, which is to say the last decade or so, of having three or four witnesses appear on panels. All of us in this place know that committees are trying to hear from a lot of people and receive a lot of evidence. It will do us a disservice in our dive into the artificial intelligence and data act if we combine panels of people who are experts on PIPEDA and people who are experts on other aspects of this bill, with panels on artificial intelligence and data.

The committees that study this bill will control their own process. Committees are the masters of their own process, but I would urge the government, the Liberal legislative managers of this piece of legislation, Bill C-27, to follow the lead of the Speaker's ruling earlier today. If we are going to vote on the artificial intelligence act as a separate piece when we come to vote, we could at least make an effort to ensure that the concentrated effort of committee members and hearing witness testimony is not diluted through several different pieces of legislation and panels with three or four witnesses.

Members' questions will inevitably and invariably go to one or two. In this format of panels and pushing witnesses through quickly, we lose a lot of content. Compared with when I worked in government back in the 1980s, which I know seems like the dark ages and no one in this room was on committees in those days, committees would hear from a witness who could speak for 15 minutes and then we would have the rest of an hour to ask that one witness questions. Now that we are into something as complicated as this area, I would urge the committee to give it that kind of attention or to ask the government to send part 3, the artificial intelligence and data act, to a different committee, so that the study can be thorough and we can educate ourselves as to the unintended consequences that will inevitably occur if we go too fast.

Turning to the parts of the bill that deal with privacy, I want to put on the record again a question that was raised just moments ago about whether privacy legislation should apply to political parties in Canada. At the moment, it does not. Political parties are exempted from the kinds of privacy protections that other organizations, NGOs and corporations must use to protect the privacy information of their customers, consumers and citizens.

The Green Party of Canada believes it is essential that political parties be added to the list of organizations that have an obligation to protect the privacy of Canadians.

I will say quickly that I tend to agree with the first analysis of one of the NGOs that are very concerned with privacy information. OpenMedia, in an article by Brian Stewart, says very clearly that this legislation could actually make things worse for some privacy protections. They give the efforts of Bill C-27's consumer privacy protection act and its personal information and data protection tribunal act a grade of D. In other words, it passes but just barely. There will be many witnesses.

I can certainly confirm that, as a Green Party member of Parliament in this place, I will be bringing amendments forward, assuming this bill gets through second reading, which I think we can assume, and ends up at committee.

In the time remaining, I want to emphasize that Canada is aware that privacy is a fundamental human right. It is part of the UN declaration on the rights of individuals. I echo some of the sentiments from the hon. member for Selkirk—Interlake—Eastman in asking why we are looking at consumer privacy. Maybe we should change that word to Canadians' rights and privacy.

I also agree with many members who have spoken today about the problems of subclause 18(3) and the number of exemptions along with the question of what is a “legitimate” reason that people's privacy can be invaded. That should be further clarified. I find “a reasonable person would expect the collection or use for such an activity” to be fine, but the exemptions seem overly broad.

If I dive into anything else I will go over my allotted time.

This is important legislation. We must protect the privacy of Canadians. I think we will call on all parties in this place to set aside partisanship and make an honest effort to review it. That is not to delay it but to make an honest effort to review the bill before it leaves this place.

I am now prepared to rule on the point of order raised on November 22, 2022, by the member for New Westminster—Burnaby concerning the application of Standing Order 69.1 to Bill C-27, an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act and to make consequential and related amendments to other acts.

The member for New Westminster—Burnaby stated that there is a clear link between the first two parts of Bill C‑27, which respectively enact the consumer privacy protection act and the personal information and data protection tribunal act. He further noted that these elements were both part of the previous Bill C-11, which was introduced in the House during the 43rd Parliament.

However, the member argued that part 3, which enacts the artificial intelligence and data act, should be considered separately, because it does not directly concern privacy protection or the analysis, circulation and exchange of personal information. Accordingly, he asked the Chair to divide Bill C‑27 for the purposes of voting, as Standing Order 69.1 permits.

The official opposition House leader concurred. He added that, outside of clause 39 of the bill, which mentions the new consumer privacy protection act in the definition of the term “personal information”, part 3 of Bill C-27 does not refer to parts 1 or 2. Furthermore, the member for South Shore—St. Margarets stated that parts 1 and 2 of Bill C-27 deal with privacy protection, which has nothing to do with the subject of part 3, the regulation of the new industry of artificial intelligence.

On November 23, the parliamentary secretary to the government House Leader pointed out that privacy protection is the common theme that links every part of Bill C-27. In his view, the bill’s three parts constitute a framework for protecting the privacy of Canadians from the risks posed by artificial intelligence systems. He argued that dividing the bill would prevent members from considering all the risks and impacts that new artificial intelligence technologies may create for the security of personal information. He also noted that privacy laws do not adequately protect the public from new artificial intelligence systems and that, as a result, Bill C-27 should be considered as a whole.

Standing Order 69.1 gives the Chair the authority to divide the questions, for the purposes of voting, on the motions for second or third reading of a bill. The objective here is not to divide the bill for consideration purposes, but to enable the House to decide questions that are not closely related separately.

The Chair has carefully reviewed the provisions of Bill C‑27 and taken into account members' statements on the issue of dividing it for voting purposes. The Chair agrees that the bill's three parts are connected by a broad theme, namely, the use and protection of personal information. While parts 1 and 2 of the bill are closely related, this is not true of part 3.

The Chair is of the view that, given the lack of cross-references between part 3 and the preceding parts of the bill, with the sole exception being one reference to the new consumer privacy protection act—which serves to propose a common definition of the term “personal information”—dividing the bill for voting at second reading is justified.

In his intervention, the parliamentary secretary to the government House leader emphasized the common theme that links the three acts enacted by Bill C-27. In a decision on a similar matter, delivered on March 1, 2018, which can be found at pages 17550 to 17552 of the Debates, Speaker Regan said the following, at page 17551:

…the question the Chair must ask itself is whether the purpose of the standing order was to deal only with matters that were obviously unrelated or whether it was to provide members with the opportunity to pronounce themselves on specific initiatives when a bill contains a variety of different measures.

In the absence of a clear link between the three parts of Bill C-27, other than the theme of privacy protection, the Chair is willing to divide the question. Accordingly, two votes will take place at the second reading stage for Bill C-27. The first will be on parts 1 and 2, including the schedule to clause 2. The second will deal with part 3 of the bill. The Chair will remind members of this division before the voting begins.

If any part of this bill is negatived, the Chair will order the bill reprinted for reconsideration at committee.

I thank the hon. members for their attention.

Madam Speaker, for the average citizen in the digital age, we have entered uncertain times. To almost everyone, at face value, the convenience of our time is remarkable. Access to any piece of information is available at our fingertips. Any item imaginable can seamlessly be ordered and delivered to our doors. Many government services can be processed online instead of in person. Canadians have taken these conveniences for granted for many years now.

The pandemic accelerated our ascent, or descent, depending on who you ask, into the digital age. The inability to leave our homes and the necessity to maintain some rhythm of everyday life played a significant part in that, but around the world, we saw governments taking advantage of the plight of their citizens. Public health was used as a catalyst for implementing methods of tracking and control, and social media platforms, which have been putting a friendly face on exploiting our likes, dislikes and movements for years, continue to develop and implement that technology with little input or say from their millions of users.

Canadians no longer can be sure that their personal information will not be outed, or doxed, to the public if doing so would achieve some certain political objective. We saw that unfold earlier this year with the users of the GiveSendGo platform.

The long-term ramifications of our relationship with the digital economy is something Canadians are beginning to understand. They are now alert to the fact that organizations, companies and government departments operating in Canada today do not face notable consequences for breaking our privacy laws. As lawmakers, it is our responsibility to ensure that Canadians’ privacy is protected and that this protection continues to evolve as threats to our information and anonymity as consumers unrelentingly expands both within and beyond our borders.

That brings me to the bill we are discussing today, Bill C-27. It is another attempt to introduce a digital charter after the previous iteration of the bill, Bill C-11, died on the Order Paper in the last Parliament. My colleagues and I believe that striking the right balance is at the core of the debate on this bill. On the one hand, it seeks to update privacy laws and regulations that have not been modernized since the year 2000 and implemented in 2005. It would be hard to describe the scale of expansion in the digital world over the last 22-year period in a mere 20-minute speech. It is therefore appropriate that a bill in any form, particularly one as long-awaited as Bill C-27, is considered by Parliament to fill the privacy gaps we see in Canada’s modern-day digital economy.

Parliament must also balance the need for modernization of privacy protection with the imperative that our small and medium-sized businesses remain competitive. Many of these businesses sustain themselves through the hard work of two or three employees, or perhaps even just a sole proprietor. We must be sensitive to their concerns, as Canada improves its image as a friendly destination for technology, data and innovation. This is especially true as our economic growth continues to recover from the damaging impact of pandemic lockdowns, crippling taxes that continue to rise and ever-increasing red tape.

That extra layer of red tape may very well be the catalyst for many small businesses to close their operations. No one in the House would like to see a further consolidation of Canadians’ purchasing power in big players such as Amazon and Walmart, which have the infrastructure already in place for these new privacy requirements.

In a digital age, Canadians expect businesses to operate online and invest a certain amount of trust in the receiving end of a transaction to protect their personal information. They expect that it will be used only in ways that are necessary for a transaction to be completed, and nothing more.

In exchange for convenience and expediency, consumers have been willing to compromise their anonymity to a degree, but they expect their government and businesses to match this free flow of information with appropriate safeguards. This is why Bill C-27, and every other bill similar to it, must be carefully scrutinized.

As many of my colleagues have already indicated, this is a large and complex bill, and we believe that its individual components are too important for them to be considered as one part of an omnibus bill.

There are three—

Madam Speaker, I commend my colleague. I sat with her on the Standing Committee on Access to Information, Privacy and Ethics for a few months.

We had concerns about privacy. Several recommendations were made, and that is why Bill C‑11 became Bill C‑27. I acknowledge that the bill has been improved. That being said, I wonder about two things.

First, in 2022, I do not think it is right that banking institutions are taking the lead on showing us how important it is to protect privacy. Second, this bill is important, but I would like to know if we should refer it to a committee to study it properly because it is really two bills in one. The first is on artificial intelligence, and the second is on privacy protection. What does the member think?

Madam Speaker, I will be sharing my time with the member for York Centre.

I am pleased to rise in the House today to speak to the digital charter implementation act, 2022, in particular the aspect on the consumer privacy protection act. If I have time, I will also discuss the artificial intelligence and data act.

I am very proud to speak to these two pieces of legislation that introduce a regime that seeks to not only support the technological transformation, but also help Canadians safely navigate this new digital world with confidence. These past few years, Canadians have witnessed these technological shifts take place. They have taken advantage of new technologies like never before. In 2021, more than 72.5% of Canadians used e-commerce services, a trend that is expected to grow to 77.6% by 2025.

According to TECHNATION, a 10% increase in digitalization can create close to a 1% drop in the unemployment rate. What is more, every 1% increase in digitalization can add $8.7 billion to Canada's GDP. In order to take advantage of those major benefits for our economy, we must ensure that consumers continue to have confidence in the digital marketplace.

Technology is clearly an intrinsic part of our lives, and Canadians have growing expectations regarding the digital economy. It is absolutely essential that the Government of Canada be able to meet those expectations.

With this bill, the government is putting forward a regime that gives Canadians the protection they deserve. First, as stated in the preamble of the digital charter implementation act, 2022, Canada recognizes the importance of protecting Canadians' privacy rights. Similarly, the 2022 consumer privacy protection act also provides important protections for Canadians.

That said, our government has listened to the input of various stakeholders, and we have made changes to improve this bill. I was on the committee in the last Parliament, and there was a lot of discussion about the previous bill, Bill C‑11. I am very pleased to be able to speak to Bill C-27, so that we can get all that work done in this Parliament.

One of the most important changes we have made is enhancing protection for minors. Some stakeholders felt that the previous legislation did not go far enough to protect children's privacy. I agree. Consequently, the bill was amended to define minors' information as sensitive by default. This means that organizations subject to the law will have to adhere to higher standards of protection for that information. The legislation also provides minors with a more direct route to delete their personal information. This will make it easier for them to manage their online reputation. I think this is a really important change, because we know that young people are very aware and very capable of using all types of digital platforms, but at the same time, we need to make sure that they are able to protect their reputation.

In addition to protections for minors, we also made changes to the concept of de-identification of personal information. According to many stakeholders, the definitions in the old bill were confusing. We recognize that having well-defined terms helps ensure compliance with the act and provides more effective protection of consumers' information. In that regard, I understand that, because we are talking about new technologies and an evolving industry, it is important for all members to share their expertise, since that will help us develop a better piece of legislation.

The difference, then, between anonymous information and de-identified information needs to be clarified because, clearly, if information is de-identified but an organization or company is able to reidentify it, that does not serve the purpose of having anonymous information.

Data-based innovation offers many benefits for Canadians. These changes contribute to appropriate safeguards to prevent unauthorized reidentification of this information, while offering greater flexibility in the use of de-identified information.

The new law also maintains the emphasis on controlling the use of their personal information by individuals. That remains a foundation of the law, namely that individuals must be able to fully understand the purpose for which information will be used and consent to that purpose in the most important circumstances.

However, the modern economy must also have flexible tools to accommodate situations that are beneficial but that may not require consent if the organization respects certain limits and takes steps to protect individuals.

The approach advocated here continues to be based on the concept of individual control, but proposes a new exception to consent to resolve these gaps as a tool for safeguarding privacy. The new provisions propose a general exception to cover situations in which organizations could use personal information without obtaining consent, provided that they can justify their legitimate interest in its use for circumstances in which the individual expects the information to be used.

In addition, to prevent abuse, the exception is subject to a requirement that the organization mitigate the risk. For example, digital mapping applications that take photos of every street and that we use to view them, particularly to help with navigation, are widely accepted as being beneficial. However, obtaining individual consent from every resident of the city is impossible.

I believe that everyone in the House will agree that it is hard to imagine how we managed before we had access to those navigation applications. Last evening, I had a visit with a family member in Ottawa and was very happy to have my mapping application to find my destination.

The presence of an exception, combined with a mitigation requirement, therefore allows individuals to take advantage of a beneficial service while safeguarding personal information. The example shows another key aspect for building trust and transparency. Digital mapping technology presents a certain level of transparency. The vehicles equipped with cameras can be seen on our streets and the results can also be seen posted and available online.

However, there are some technologies or aspects thereof that are more difficult to see and understand. That is why the bill continues granting individuals the right to ask organizations for an explanation regarding any prediction, recommendation or decision made in their regard by an automated decision-making system.

What is more, these explanations must be provided in plain language that the individual can understand. These provisions also support the proposed new artificial intelligence act. However, I do not think that I have time to get into that, so I will end there.

Madam Speaker, I applaud the minister for bringing the issue forward to Parliament. Again, I want to exercise some caution that the first two pieces of the legislation are much easier to deal with, because at least there was some discussion on those with Bill C-11. It is a bit different in this one, and the tribunal is an issue, but I am open to looking at it. I just have concerns about that. However, the artificial intelligence part of it is critical. I am glad it is in front of us, but it is going to require much more extensive debate and care, and that is why it should be entirely separate.

We in the NDP have proposed a fairly reasonable compromise, and the Speaker will rule on it. The proposed compromise is that there would be a separate vote for that particular part of the bill. The reason is that perhaps the first two parts could lead to a decision that might be different from the decision on the last part, just to ensure that we get enough testimony and time in committee for it.

I am looking forward to all perspectives in the House on this. It is time for us to look at that. It is a reasonable position, and I am glad it is in front of us. I do not like the way it is in front of us, but we will deal with that.

Madam Speaker, I am happy to start this week by speaking to Bill C-27. It is quite an extensive bill at over 140 pages in length. It would amend several acts and the most consequential are three of them in particular, as it is an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act and to make consequential and related amendments to other acts.

I should start by saying that this is really three pieces of legislation that have been bundled up into one. As New Democrats, we have called for different voting for the third and final part of this act.

The first two parts of the act, concerning the consumer privacy protection act and the personal information and data protection tribunal act, do have enough common themes running through them to be put together into one piece of legislation. I still think, for these issues, that they would have been better as two separate pieces of legislation because one of them is brand new and the first one, the consumer privacy protection act, is the former Bill C-11, which was highly controversial in the previous Parliament.

When we had an unnecessary election called by the Prime Minister, that bill died, along with all of the work from Parliament, which was not concluded, despite extensive lobbying and consultation going, particularly, through the ethics committee at that time. This has now been bundled with some other legislation to go through the industry committee, which is fine.

The personal information and data protection tribunal act is a new component of this legislation. I have some concerns about that element of it, but it does have a common theme, which is worthwhile, and at least it has the potential to be put together and bundled. Although, again, it is extensive, it is a bundling that we can accept.

We have called for a Speaker's ruling with regard to the artificial intelligence and data act, as this is brand new legislation as well, but it does not have the same connections as the previous two pieces, which are bundled together, in the way that one could argue for them. We want a separate vote on the second part of this because the legislation would be studied at committee together.

There will be a high degree of interest in this legislation, since Bill C-11 had that in the past. The new bill changes position from Bill C-11 significantly, and I expect that this in itself will garner a lot of chatter, as well as review and interest, from a number of organizations, many of whom we have already heard from as of now.

The other part, with the tribunal, would be another important aspect, because it is a divergence from our traditional way of enforcement and creates another bureaucratic arm. Again, I would like to see more on this, and I am open to considering the idea, but it is certainly different from our traditional private right of law for dispute settlements about data breaches and other types of corporate malfeasance, that actually have to deal with the types of laws that are necessary to bring compliance among people.

This goes to the heart of, really, where a political party resides in their expectations of companies and their use of data, information and algorithms. For New Democrats, we fall very much in line with something I have tabled before, several years ago, which is a digital bill of rights, so that one's personal rights online are consistent with that of our physical rights, where one is expected to be properly treated in a physical world and in the digital format world. That includes one's right to privacy, right to the expectation of proper behaviour conducted toward oneself and right to not be abused. It also includes significant penalties to those who do those abuses, especially when we are looking at the corporate world.

Where this legislation really becomes highly complicated is the emergence of artificial intelligence, which has taken place over the last decade and will be significantly ramped up in the years to come. That is why the European Union and others have advanced on this, as well as the United States.

Our concern is that this bill tries to split both worlds. We all know that the industries of Google and other web giants have conducted significant lobbying efforts over the last number of years. In fact, they have tripled their efforts since this administration has come into place and have had a direct line of correspondence about their lobbying, which is fine to some degree, but the expectation among people that it would be balanced does not seem to be being met.

I want to bring into the discussion the impact on people before I get into the technical aspects of the bill, as well as the data breaches that remind us of the need for protection among our citizens and other companies as well. One of the things that is often forgotten is other SMEs, and others can be compromised quite significantly from this, so protecting people individually is just as important for our economy, especially when we have the emergence of new industries. If they are behaviours that are hampered, manipulated or streamed, they can become significant issues.

I want to remind people that some of the data breaches we have had with Yahoo, Marriott, the Desjardins group and Facebook, among others, have demonstrated significant differences in the regulatory system between Canada and the United States and how they treat their victims. A good example is a settlement in the U.S. from 2009 with the Equifax data breach, where Equifax agreed to pay $700 million to settle lawsuits over the breach in agreement with the U.S. authorities, and that included $425 million in monetary relief to consumers. We have not had the same type of treatment here in Canada.

This is similar to the work I have done in the past with the auto industry and the fact that our Competition Bureau and our reimbursement systems are not up to date. We have been treated basically as a colony by many of the industries when it comes to consumer and retail accountability.

We can look at the example of Toyota and the data software issue, where the car pedal was blamed for the cars going out of control. It turned out this was not the case. It was actually a data issue. In the U.S., this resulted in hundreds of millions of dollars of investment into safety procedures. We received zero for that. Also, consumers received better treatment, where their vehicles were towed back to different dealerships to be fixed. In Canada, consumers did not receive any of that.

The same could be said with Volkswagen, another situation that took place with emissions. Not only did we not receive compensation similar to that of the United States, we actually imported a lot of the used Volkswagen vehicles from Europe. However, that was of our own accord and time frame when those vehicles were being sunsetted in those countries because of emissions.

In the case of Facebook, the U.S. Federal Trade Commission was able to impose a $5-billion fine for the company's violation, while the Privacy Commissioner's office was forced to take the company to federal court here in Canada. One of the things I would like to point out is that our Privacy Commissioner has stood up for the needs of Canadians, and one of the concerns with this bill would be the erosion of the Privacy Commissioner's capabilities in dealing with these bills and legislation.

The Privacy Commissioner has made some significant points on how to amend the bill and actually balance it, but they have not all been taken into account. One of the strong points we will be looking to is to see whether there are necessary amendments from our Privacy Commissioner on this.

One of the big distinctions between Canada and the United States, which is to our benefit and to Canada's credit, is the office of the Privacy Commissioner. Where we do not have some of the teeth necessary for dealing with these companies, we do have the independent Privacy Commissioner, who is able to investigate and follow through at least with bringing things to a formal process in the legal system. It is very laborious and difficult, but at the same time, it is independent, which is one of the strengths of the system we have.

If the government proceeds, we will see the bill go to committee, which we are agreeing to do. However, we do want to see separate voting. Before I get into more of the bill, I will explain that we want to see separate voting because we really distinguish that this is inappropriate. The artificial intelligence act is the first time we have even dealt with this topic in the House of Commons, and it should be done differently.

We will be looking for amendments for this, and big corporate data privacy breaches are becoming quite an issue. Some of these privacy breaches get highly complicated to deal with. There have been cases with cybersecurity and even extortion. The University of Calgary is one that was well noted, and there have been others.

We need some of these things brought together. The bill does include some important fixes that we have been calling for, such as stronger enforcement of privacy rights, tough new fines, transparency in corporate decisions made by algorithms.

I have pointed out a lot of the concerns that we have about the bill going forward because of its serious nature. However, we are glad this is happening, albeit with the caveat that we feel the bill should be separate legislation. The minister does deserve credit for bringing the bill forward for debate in the House of Commons.

Bill C-11 should have been passed in the last Parliament, but here we are again dealing with it. The new tribunal is the concern that we have. It could actually weaken existing content rules, and we will study and look at the new tribunal.

The tribunal itself is going to be interesting because it would be an appointment process. There is always a concern when we have a government appointment process. There is a concern that there could be complications setting up the tribunal, such as who gets to go there, what their background is, what their profession is and whether there will be enough support.

One of the things that gives me trouble is that the CRTC, for example, takes so long to make a decision. It is so laborious to go through and it has not always acted, most recently, in the best interest of Canadians when it comes to consumer protection and individual rights. It gives me concern that having another tribunal to act as a referee instead of the court system could delay things.

Some testimony has been provided already, some analysis, that suggests the tribunal might end up with lawsuits anyway, so we could potentially be back to square one after that. The time duration, funding, the ability to investigate and all these different things are very good issues to look at to find out whether we will have the proper supports for a new measure being brought in.

Another government resource for this is key. At the end of the day, if it is a tribunal system that is not supportive of protecting Canadians' privacy and rights, then we will weaken the entire legislation. That is a big concern because that would be outside Parliament. The way that some of the amendments are written, it could be coming through more regulatory means and less parliamentary oversight.

Who is going to be on the tribunal? How will it be consistent? How will it be regulated? I would point to the minister providing the CRTC with a mandate letter, which is supposed to emphasize the public policy direction it should be going. In my assessment, the CRTC, over the last number of years, has not taken the consumer protection steps that New Democrats would like to see.

When it comes to modernizing this law, we do know that this will be important to address because there are issues regarding the data ownership, which is really at the heart of some of the challenges we face. There is algorithmic abuse and also areas related to compensation, enforcement, data ownership and control, and a number of things that are necessary to ensure the protection of people.

We can look at an area where I have done a fair amount of work related to my riding, which is automobile production. There has been the production of the car and the value there, but there will also be the data collection. The use of that data collection can actually influence not only one's individual behaviour, but also that of society. That is a significant economic resource for some of these companies.

It is one of the reasons I have tabled an update to my bill on the right to repair. The right to repair is a person's ability to have their vehicle fixed at an auto shop of their choice in the aftermarket. The OEMs, the original manufacturers, have at times resisted this. There have been examples. Tesla, for example, is not even part of what is called the voluntary agreement, but we still do not have an update with regard to the use of data and how one actually goes about the process of fixing the vehicle.

It also creates issues related to ownership of the vehicle, as well as insurance and liability. These could become highly complicated issues related to the use of data and the rules around it. If these types of things are not clear with regard to the process of rights for people, expectations by those who are using the data, and protection for people, then it could create a real, significant issue, not only for individuals but for our economy.

Therefore, dealing with this issue in the bill is paramount. A lot of this has come about by looking at what the GDPR, the general data protection regulation, did in European law. Europe was one of the first jurisdictions to bring forth this type of an issue, and it has provided an adequate level of protection, which is one of the things Europe stands by with regard to protection of privacy. There have been some on the side over here in North America who have pushed back against the GDPR, and even though this landmark legislation has created a path forward, there still is a need for transparency and to understand what the monetary penalties for abuse are going to be, which are also very important in terms of what we expect in the legislation.

Erosion of content rights is one of the things we are worried about in this bill. Under Bill C-27 individuals would have significantly diminished control over the collection, use and disclosure of their personal data, even less than in Bill C-11. The new consent provisions ask the public to install an exemplary amount of trust to businesses to keep them accountable, as the bill's exceptions to content allow organizations to conduct many types of activities without any knowledge of the individuals. The flexibility under Bill C-27 allows organizations to state the scope not only of legitimate interests but also of what is reasonable, necessary and socially beneficial, thus modelling their practices in a way that maximizes the value derived from the personal information.

What we have there is that the actors are setting some of the rules. That is one of the clearer things that we need through the discussion that would take place at committee, but also from the testimony that we will hear, because if we are letting those who use and manage the data make the decision about what consent is and how it is used, then it is going to create a system that could really lead to abuse.

There is also the issue or danger of de-identification. Witnesses, artificial intelligence and people being able to scrub much of their data when they want and how they want is one of the things we are concerned about. There is not enough acknowledgement of the risk that is available in this. That includes for young people. We believe this bill is a bit lopsided towards the business sector at the moment, and we want to propose amendments that would lead to better protection of individual rights and ensure informed consent as to what people want to do with their data and how they want it to be exercised as a benefit to them and their family, versus people being accidentally or wilfully brought into exposure they have not consented to.

As I wrap up, I just want to say that we have a number of different issues with this bill. Again, we believe there should be a separate vote for the second part of this bill, being the third piece of it. It is very ambitious legislation. It is as large as the budget bill. That should say enough with regard to the type of content we have. I thank the members who have debated this bill already. It is going to be interesting to get all perspectives. I look forward to the work that comes at committee. It will be one that requires extensive consultation with Canadians.

Mr. Speaker, I rise today on a point of order regarding government Bill C-27, an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act and to make consequential and related amendments to other acts.

Standing Order 69.1 states the following:

(1) In the case where a government bill seeks to repeal, amend or enact more than one act, and where there is not a common element connecting the various provisions or where unrelated matters are linked, the Speaker shall have the power to divide the questions, for the purposes of voting, on the motion for second reading and reference to a committee and the motion for third reading and passage of the bill. The Speaker shall have the power to combine clauses of the bill thematically and to put the aforementioned questions on each of these groups of clauses separately, provided that there will be a single debate at each stage.

You will find that, in the case of Bill C-27, the bill enacts three new laws and amends several other existing laws.

Bill C-27 enacts the consumer privacy protection act and the personal information and data protection tribunal act.

These two acts were at the core of the former Bill C-11 in the 43rd Parliament, a bill that was introduced in November 2020 and died on the Order Paper a year later, without ever having been voted on at second reading.

Here is the purpose of part 1 of Bill C-27, as described in the text of the bill:

The purpose of this Act is to establish — in an era in which data is constantly flowing across borders and geographical boundaries and significant economic activity relies on the analysis, circulation and exchange of personal information — rules to govern the protection of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

Part 2 of the bill sets up the personal information and data protection tribunal, which would have jurisdiction with respect to appeals made under different sections of the consumer privacy protection act. The link between part 1 and part 2 of Bill C-27 is clear, and I am not putting it into question in this appeal at all.

Where we have an issue, however, is with the third part of the bill.

Bill C‑27 also enacts the artificial intelligence and data act, which was not part of Bill C‑11, the previous version of this bill.

The purpose of part 3 of Bill C‑27, which enacts the artificial intelligence and data act, is as follows:

The purposes of this Act are:

(a) to regulate international and interprovincial trade and commerce in artificial intelligence systems by establishing common requirements, applicable across Canada, for the design, development and use of those systems; and

(b) to prohibit certain conduct in relation to artificial intelligence systems that may result in serious harm to individuals or harm to their interests.

During his second reading speech on Bill C‑27, the Minister of Innovation, Science and Industry said that the new artificial intelligence act would “set a foundation for regulating the design, development, deployment and operations of AI systems”.

The development of artificial intelligence systems in the past decade has led to profound changes in the way we do things. Regulating AI systems is something we believe must be done. However, it seems odd to add these regulations to a bill that has to do with privacy protection and with the analysis, circulation and exchange of personal information. Artificial intelligence is its own beast in a way, and it should be studied and treated separately.

In a ruling by Speaker Regan on March 1, 2018, he said the following.

The principle or principles contained in a bill must not be confused with the field it concerns. To frame the concept of principle in that way would prevent the division of most bills, because they each apply to a specific field.

The House leader of the Bloc Québécois and member for La Prairie will remember this, since it is from page 400 of Parliamentary Procedure in Québec.

The Speaker continued as follows:

While their procedure for dividing bills is quite different from ours, the idea of distinguishing the principles of a bill from its field has stayed with me. While each bill is different and so too each case, I believe that Standing Order 69.1 can indeed be applied to a bill where all of the initiatives relate to a specific policy area, if those initiatives are sufficiently distinct to warrant a separate decision of the House.

We find ourselves in a similar situation here. While some of the measures in Bill C-27 relate to digital technology, part 1 and part 2 have nothing in common with part 3.

Therefore, it would certainly be appropriate to divide this bill for the vote. The Speaker has that authority, and that would make it possible for members to thoroughly study this legislative measure and better represent their constituents by voting separately on these bills, which are quite different from one another.

Mr. Speaker, I would like to begin by giving a shout out to my constituents in Trois-Rivières, whom I will be visiting all next week in my riding.

When I talk to people on the street, privacy is a topic that comes up a lot. They know that I sit on the Standing Committee on Access to Information, Privacy and Ethics, and privacy comes up often. People tell me that it is important, that we must do our best to rise to the challenge. Today, we have the opportunity to debate that very subject.

Society is a human construct. It is a reflection of how we organize our lives together. It reflects our vision of the world, the role of a citizen, the role of the state. In a democratic society where elected officials are chosen by the people to represent them, our laws must reflect our desires and the desires of our fellow citizens, as well as the way in which their visions can be realized. In other words, a society and its laws are eminently cultural constructs.

When we compare the legislation passed in the House of Commons with that of the Quebec National Assembly, the difference is striking. Ottawa tends to emphasize the enforcement mechanism, whereas in Quebec, the emphasis is on the legislator's intent. Ottawa wants to arbitrate, while Quebec wants to prescribe and guide.

When it comes to privacy, this is especially true in the digital age: the difference is dramatic.

At one end of the spectrum, so to speak, is the United States. In the United States, laws are primarily intended to arbitrate disputes rather than to shape how the digital economy operates. Laws are based on the good faith of the players and on voluntary codes. As one might imagine, this has its limits. Ultimately, if someone is wronged, they can get redress through the common law.

At the other end of the spectrum is the European Union. The legislation there prescribes clear obligations. I am referring to the General Data Protection Regulation, better known by the acronym GDPR.

In between is Canada, a hybrid creature whose intentions on privacy oscillate between the European and American extremes. This may seem like an academic debate, but there are practical implications that bring us to Bill C-27.

When it comes to privacy, European law is the most prescriptive in the world. It is based on a clear principle, namely that our personal information belongs to us and us alone, and no one can use it or benefit from it without our free, informed and explicit consent.

Once the government set out that principle or objective, it then provided a mechanism for achieving it. That mechanism is the GDPR. The GDPR is becoming the standard to follow when it comes to privacy, because it is the legal standard with the clearest objectives and the most binding application. Simply put, the GDPR does a good job of protecting privacy. That is one reason why it is the standard we should be emulating; the other is that the EU is projecting its standard-making power beyond its borders.

In order to protect the personal information of European citizens, the European Union will soon prohibit European businesses from sharing this information with foreign businesses that do not offer comparable protection. This does not affect us yet, but next year, the EU will be reviewing Canada's laws to see if they offer sufficient protection.

The existing legislation on personal electronic information protection dates back to 2000. That was 22 years ago. We were in the dinosaur era, the pre-digital era, an era we barely remember now. Also, it is far from clear whether Canada passes the comparable protection test required under the GDPR.

Information exchanges between Canadian businesses and their European partners could become more complicated. This is particularly true in areas that deal with more sensitive information, such as the financial sector. It is therefore absolutely necessary to redraft the Personal Information Protection and Electronic Documents Act, which is completely outdated. It has not kept pace with technological change and the data economy, where we are both the consumer and the product. It has not kept pace with the legal environment, where Canada is a dinosaur compared to Europe, as I was just saying.

Nevertheless, my colleagues will have figured out that the Bloc Québécois is in favour of the principle of Bill C‑27. Nevertheless, I would like to make a general comment about Bill C‑27. For some reason, the government has put into one bill two laws with completely different objectives. The bill would enact the consumer privacy protection act and also the artificial intelligence and data act. Although there is a logical link between these two acts, they could be stand-alone bills. Their objectives are different, their logic is different and they could be studied separately.

I have a suggestion for the government. It should split Bill C‑27 into two bills. We could create what I would call the traditional Bill C‑27, which would deal with personal information and the tribunal. Then, what I would call Bill C‑27 B would address artificial intelligence. As I was saying, there are logical reasons for that, but there are also practical reasons. Let me be frank and say that the artificial intelligence act being proposed is more of a draft than a law. The government has a clear idea about the mechanism for applying it, but, clearly, it has not yet wrapped its head around the objectives to be achieved and the requirements to be codified.

The mechanism is there, the bureaucratic framework is there, but the requirements to be complied with are not. Apart from a few generalities, the law relies essentially on self-regulation and the good faith of the industry. I have often faced these situations, and I can say that the industry's good faith is not the first thing I would count on.

Apart from a few generalities, this relies on good faith, but that is not a good way to protect rights. I am not convinced that this bill should be passed as written; I think it needs to be amended. Bill C‑27 probably deserves the same fate that Bill C‑11, its predecessor, encountered in the last Parliament. The government introduced it, debate got under way, criticism was fierce, and the government let it die on the Order Paper so it could keep working on it and come back with a better version. I think that is exactly what should happen to the artificial intelligence act.

The government has launched a healthy discussion, but this is not a finished product. If we decide that the government needs to keep working on it and come back with a new version, we will also be delaying the modernization of privacy and personal information legislation. Given the European legislation, which I talked about earlier, that is not what the government wants to do. That is why I would cordially advise the government to split Bill C‑27.

I am going to focus primarily on personal information protection because that is the part of Bill C‑27 that is ready to go and has the most practical applications. As I said before, Bill C‑27 is an improved version of Bill C‑11, which was introduced in the fall of 2020.

However, Bill C-27 still does not establish privacy as a fundamental right. Bill C-11 was strong on mechanics, but weak on protection. The principles were also weak and consent was unclear. It was tough on large corporations and much less so on small businesses. When it comes to privacy, however, it is the sensitivity of the data that should dictate the level of protection, not the size of the company.

A new start-up that develops an app that aggregates all of our banking data, for example, may have only two employees, but it still possesses and handles extraordinarily sensitive information that must be protected as much as possible. I cannot help but think of the ArriveCAN app, which was developed by just a few people but has a large impact on the data that is stored.

Finally, Bill C-11 did not provide for any harmonization with provincial legislation, such as Quebec's privacy legislation. The Bloc Québécois was quite insistent on that. A Quebec company subject to Quebec law would also have been subject to federal law as soon as the data left Quebec. It would have been subject to two laws that do not say the same thing and have two different rationales. This would mean duplication and uncertainty. It was quite a mess. Passing Bill C-11 would have diminished, in Quebec at least, the legal clarity that is needed to ensure that personal information is protected.

Here is what Daniel Therrien, the then privacy commissioner, told the Standing Committee on Access to Information, Privacy and Ethics, of which I am honoured to be a member. He said, and I quote, “I believe that C-11 represents a step back overall from our current law and needs significant changes if confidence in the digital economy is to be restored.”

He proposed a series of amendments that would make major changes to the bill. I want to commend the government here. It listened to the criticism. It is rare for this government to listen, but it did so in this case. It buried Bill C-11. We never debated it again in the House and it died on the Order Paper. It reappeared only after being improved.

Bill C-27 shows more respect for the various jurisdictions and avoids the legal mess I was talking about earlier.

Our personal information is private and it belongs to us. However, property and civil rights fall exclusively under provincial jurisdiction under subsection 92(13) of the Constitution of 1867.

What is more, privacy basically falls under provincial jurisdiction. That is particularly important in the case of Quebec, where our civil law tradition leads us to pass laws that are much more prescriptive.

Last spring, Quebec's National Assembly passed Bill 25, an in-depth reform of Quebec's privacy legislation. Our law, largely inspired by European laws, given that we share a legal tradition, is the most advanced in North America. As we speak, it is clear that Quebec has exceeded the European requirements and that our companies are protected from any hiccups in data circulation.

Our principles are clear: Our personal information belongs to us. It does not belong to the party who collected it or the party who stores it. The implication is clear. No one can dispose of, use, disclose or resell our personal information without our free, informed and express consent. Bill C-11 challenged this legal clarity but Bill C-27, at the very least, corrects that.

Under clause 122(2) of Bill C‑27, the government may, by order, “if satisfied that legislation of a province that is substantially similar to this Act applies to an organization, a class of organizations, an activity or a class of activities, exempt the organization, activity or class from the application of this Act in respect of the collection, use or disclosure of personal information that occurs within that province;”.

In other words, if Quebec's legislation is superior, then Quebec's legislation will apply in Quebec.

When I met with the minister's office earlier this week, I asked for some clarification just in case. Will a Quebec business be fully exempt from Bill C‑27, even if the information leaves Quebec? The answer is yes. Will it be exempt for all of its activities? The answer is yes.

There is still some grey area, though. I am thinking about businesses outside Quebec that collect personal information in Quebec. In Europe, it is clear. It is the citizen's place of residence that determines the applicable legislation. The same is true under Quebec's legislation.

It is not as clear in Bill C‑27. Since the bill relies on the general regulation powers for trade and commerce as granted by the Constitution, it focuses more on overseeing the industry than on protecting citizens. That is the sort of thing we will have to examine and fix in committee. I look forward to Bill C‑27 being studied in committee so we can debate the substance of the bill.

I have to say that I sense the openness and good faith of the government. In that regard, I would like to tell the member for Kingston and the Islands to take note that, for once, I feel he is working in good faith.

Bill C‑27 will have a much greater impact outside Quebec than within it, because it is better drafted than Bill C-11. That is not the only aspect that was improved. The fundamental principles of the bill are clearer. Consent is more clearly stated. The more sensitive data must be handled in a more rigorous manner, no matter the size of the entity holding them. That is also more clear.

If the principles are clear, the act will better stand the test of time and adjust to the evolving technologies without becoming meaningless.

We will support it at second reading after a serious debate, but without unnecessary delays. However, we believe and insist that the real work must be done in committee. Bill C-27 is complex. Good principles do not necessarily make good laws. Before we can judge whether Bill C-27 is indeed a good law, we will need to hear from witnesses from all walks of life.

When it comes to privacy, it only takes one tiny flaw to bring down the whole structure. This requires attention to detail and surgical precision. The stakes are high and involve the most intimate part of our lives: our privacy.

For a long time, all we had to do to maintain our privacy was buy curtains. That is how it used to be. It kept us safe from swindlers. Then organizations started collecting data for their records. Bankers collected financial information, the government collected tax information and doctors collected medical records. This sensitive information had to be protected, but it was fairly simple, since it was written on paper.

Today, we live in a different world. Whereas personal information used to be a prerequisite for another activity, such as caring for a patient or getting a loan from a bank, it has become the core business of many companies. Information has become the core business of many companies, which are also large companies.

Computerization enables the storage and processing of astronomical volumes of data, also known as big data. Networking that data on the Internet increases the amount of available data exponentially and circulates it around the globe constantly, sometimes in perpetuity, unfortunately.

For many corporations, including web giants, personal data is crucial to the business model. Citizen-consumers are now the product they are marketing. To quote Daniel Therrien once again, we are now in the era of surveillance capitalism. Speaking of which, The Great Hack on Netflix is worth seeing. This is troubling.

Furthermore, for our youngest citizens, the virtual world and the real world have merged. Their lives are an open book on Instagram, Facebook and TikTok. They think they are communicating with the people who matter to them, but they are in fact feeding the databases that transform them into a marketable, marketed product. We absolutely have to protect them. We need to give them back control over their personal information, which is why it is so important to amend and modernize our laws.

I would like to close my speech with an appeal to the government. Bill C‑27 does a lot, but there are also many things it does not do, or does not do properly. Consent is all well and good, but what happens when our data is compromised, when it has been stolen, when it is in the hands of criminals? These people operate outside the law and therefore are not governed by the law. All the consent-related protocols we can think of go out the window. To avoid fraud and identity theft, we will have to clarify the measures to be taken to ensure that anyone requesting a transaction is who they say they are. This really is a new dynamic. In that respect, we are somewhat in the dark, even though, curiously, this is a growing problem.

There is another gap to fill. Bill C‑27 provides a framework for the handling of personal information in the private sector, but not in the public sector. The government is still governed by the same old legislation, which dates back to the pre-digital era. The legislation is outdated, as we saw with the fraud related to the Canada emergency response benefit. The controls are also outdated. I therefore call on the government to get to work and to do so quickly. We will collaborate.

Finally, there is another thing the government needs to work on and fast. We addressed this issue in committee when we were looking at the geolocation of data. Bill C‑27 indicates what we need to do with personal data, nominative data. However, with artificial intelligence and cross-tabulation of data, it is possible to recreate an individual based on anonymous information. As no personal information was collected at the outset, Bill C‑27 is ineffective in these cases. However, we started by recreating the profile of a person with all their personal information. It is not science fiction. It is already happening. Nevertheless, this is missing from Bill C‑27, both in the part on information and the part on artificial intelligence.

I am not bringing this up as a way of opposing Bill C‑27. As I said, we will support it. However, we have to be aware of the fact that it is incomplete. As legislators, we still have some work to do. The time has come to treat privacy as a fundamental right.

Mr. Speaker, once again, I am disappointed. I guess the Liberals and NDP do not really care about privacy rights for children, which we are talking about today. This is fundamental to the bill.

The minister did a lot of hard work putting this bill together and there have been a lot of consultations. This is the second iteration. Bill C-11 died only because there was an election called. Now we have Bill C-27, which is very serious. It talks about the rights of our children and Canadians that have been trampled on. I gave a lot of different examples where we just have not gotten it right in protecting children.

I am surprised that the NDP also does not seem to think that privacy is a fundamental right and something that we should protect. The Conservatives will certainly protect it. We are the only ones speaking about it today.

Mr. Speaker, 34 years ago, the Supreme Court said that “privacy is at the heart of liberty in a modern state”. In the words of Justice Gérard La Forest of the Supreme Court of Canada in 1988, it is worthy of an individual and “it is worthy of constitutional protection”. All Canadians are worthy of having their privacy respected.

It is our duty as parliamentarians to do our best to protect Canadians' privacy rights, especially as we struggle so much for it today.

Bill C-27, formerly Bill C-11, is designed to update Canada’s federal private sector privacy law, the Personal Information Protection and Electronics Documents Act, or PIPEDA, to create a new tribunal and to propose new rules for artificial intelligence systems. It is a reworking of Bill C-11, and it has three components: the consumer privacy protection act; the personal information and data protection tribunal act, creating a new tribunal; and the artificial intelligence and data act.

The bill applies to Canadians' private rights. It does not apply to CSIS, RCMP or CSE. That and other government-held data is governed by the Privacy Act. Privacy laws for Canadians have not been updated in 22 years, and Europe updated the General Data Protection Regulation in 2016.

When we last updated this act, 22 years ago, the member for South Shore—St. Margarets was turning 21 years old, and society was going through big changes. The world had just gotten past the Y2K scare. We were looking at what was going to happen to computers when the clock changed from 1999 to 2000. In certain areas, we did not know if the power would go out or what would happen.

People listened to music on CD Walkmans. Apple was over a year away from launching a cutting-edge new technology called the iPod. Less than 30% of Canadians actually owned a cellphone. The most popular cellphones were the Motorola Razr, which was a flip phone, and the Nokia brick phone, with texting that used the number pad and almost no web browsing capabilities. The most sophisticated app was called Snake. A fledgling Canadian telecommunications company was just starting, and it was called BlackBerry.

That is how long it has been since we updated our laws. Today, 22 years later, data collection is getting more sophisticated, and surveillance is more of the norm than the exception.

Apple Watch announced a few weeks ago that it can track and tell when a woman is ovulating. What is concerning, and we are going to talk a lot about data for good and data for wrong, is that this technology can tell if a woman skips a cycle, and then can identify if there has been a miscarriage or an abortion. This is very concerning.

Our Fitbits, our web history and our Apple phones can tell us how many steps we did in a day. Sometimes when we are in Parliament it is about 10, and if we are door knocking it is about 25,000. That does not sound important, but that information is also letting those regulators know where we have been, where we are going and where we live.

Facial recognition technology can identify a face like a fingerprint. Sometimes that is good. We have heard from law enforcement that it can be used for human trafficking. Sometimes that is wrong, when people are identified in a street and when people are identified with their names, their data and where they have been. Let us think of Minority Report, where everywhere someone goes, they are identified. It did not matter where they where going or where they had been. That is something that could happen with facial recognition technology.

Google and Amazon listen and collect our data in our bathrooms, living rooms, kitchens and cars. How many times have we been in conversations and Siri asks, “What was that?” Siri is always listening. Amazon is always listening. Speaking of cars, they are cellphones on wheels. When we connect to a rental car, and a lot of us rent cars, we see five or six other phones in the history. That car has downloaded all the data from our phone into that car. A lot of times, if we see that in the rental car, that car holds our information. It is very concerning.

There are many examples where it has hurt Canadians in the last several years. Two summers ago, Tim Hortons had a data breach, where every time someone rolled up the rim, it told Tim Hortons where they went afterwards, if they went home or where they were staying. It collected all that data, and it was a big problem.

In the ethics committee, we studied facial recognition technology. There was a company called Clearview AI, which took two billion images off the Internet, including a lot of ours, and just gave them to the police. There was no consent. The information just went and ended up in the hands of law enforcement.

There is Telus's “data for good”. During the pandemic, Telus collected our data. It knew where we went and if we went to the grocery store or the pharmacy, or if we stayed home. It just gave that to the government. It was called “data for good”. They called it de-identification. I am going to talk about how that hurt everyone later.

Lastly is doxing or using personal information to try to out people. GiveSendGo is a big one. It gave a U.S. company the information of people who donated to different causes or events. At one point, Google identified all those donors on a website showing exactly where they lived. Everyone's information, when they donated to a company, was identified and outed. That was terrible.

Surveillance has not just resulted in a wholesale destruction of privacy but a mental health crisis in children and youth as well. I am glad to hear the minister speak about children and youth because data has certainly affected them and continues to.

Canada’s federal government has repeatedly failed to take privacy seriously and construct a legal framework that protects the rights of Canadians in the digital age. This bill normalizes surveillance and treats privacy not as a fundamental human right and not even as a right to consumer protection. To make this point very clear, nowhere in the document for Bill C-27 does it state that privacy is a fundamental human right. However, this should be the crux of new legislation to update privacy laws, if not the outward premise, with the statement hammered from the preface until the end of Bill C-27 and following through the entire document. However, it is not there. It is nowhere and, therefore, holds no value.

This bill does not use that statement from the onset. It should be the pillar by which the bill is designed and led. Only a strong bill will ensure that Canadians' privacy rights are protected. Because of its omission, the bill is very weak, making it easier for industry players to be irresponsible with people's personal data. This is ironic as Canada has signed on to the UN Declaration of Human Rights and the International Covenant on Civil and Political Rights. That is where the bill starts and ends, with its failure to properly address privacy for Canadians.

Conservatives believe that Canadians’ digital privacy and data need to be properly protected. This protection must be a balance that ensures Canadians’ digital data is safe and that their information is properly protected and used only with their consent, while not being too onerous to be detrimental to private sector business. It is a balance.

Let us be clear. We need new privacy laws. In fact, it is essential to Canadians in this new digital era and to a growing digital future, but Bill C-27 needs massive rewrites and amendments to properly protect privacy, which should be a fundamental right of Canadians. The bill needs to be a balance between the fundamental right to privacy and privacy protection and the ability of business to responsibly collect and use data.

It also needs more nuance, but parts of this bill are far too vague. The definition of tyranny is the deliberate removal of nuance, so to create more equality or fairness on those privacy rights and to ensure businesses and AI use data for good, we need more nuance with more detail and more explanation, not less. There was a saying I used to love that my grandfather would say: “If you're going to do something, make sure you do it right or don't do it at all.”

Besides the omission of privacy rights as a fundamental right, the bill needs a massive rewrite. First, the bill doubles down on a flawed approach to privacy using a notice and consent model as its legal framework. The legal framework of Bill C-27 remains designed around a requirement that consent be obtained for the collection, use and disclosure of personal information, unless one of the listed exceptions to consent applies. Those exceptions are called “legitimate interest”.

What is scary about legitimate interest is that the businesses themselves will determine what legitimate interest means and what will be exempt. A quote on this from Canada’s leading privacy and data-governing expert, Teresa Scassa, says that this provision alone in the bill “trivializes the human and social value of privacy.” The legitimate interest provision allows Facebook, for instance, to build shadow profiles of individuals from information gathered from their contacts, even those with no Facebook access or accounts, without asking for their permission.

Have colleagues ever seen the “people you may know” feature on Facebook? Sometimes people turn up there, although one might not know where they had ever met and even though neither party is actually on Facebook. That is because Facebook builds profiles and shadow profiles from other members' contacts. Facebook has a feature that will suggest that one share their contacts: It will be great. People will give all their friends' information to Facebook: their emails, addresses and sometimes their private phone numbers. The U.S. found that information was turning up in Facebook. Here are a couple of examples. An attorney had a man recommended as a friend he might know who was a defence counsel on one of his cases, when they had only communicated though a work email. Another time, a man who donated sperm to a couple, secretly, had Facebook recommend their child as a person he should know, despite not having the couple, whom he once knew, on Facebook.

Legitimate interests needs more nuance. It needs to be more defined, or it is useless. Legitimate interests allow for too much interpretation. In other words, it allows something to be something unless it is not. It is far too broad.

Additionally, consent is listed as having to be “in plain language that an individual to whom the organization’s activities are directed would reasonably be expected to understand.” Bill C-27 makes it hard to determine what legitimate interests are, and that goes back to privacy as a Human Rights Commission complaint.

If we compare this section to the European Union's privacy law, the GDPR, which is, as the minister stated, the gold standard, the legitimate interest exemption is available unless there is an adverse effect on the individual that is not outweighed by the organization's legitimate interest, as opposed to the interest or fundamental freedom to the individual under the GDPR. If adverse effects on the individual can be data breaches, which are shocking and distressing to those impacted, and some courts have found that the ordinary stress and inconvenience of a data breach is not a compensable harm since it has been a routine part of life, probably for the last two years at least, then the legitimate interest exemption will be far too broad.

However, Bill C-27 would take something that was meant to be quite exceptional for consent in the European Union's privacy laws and make it a potentially more mainstream basis for the use of data without acknowledging consent. Why would it do this? It is because Bill C-27 places privacy on par with commercial interests in using personal data, something that would not happen if privacy was noted in the bill as a fundamental right for Canadians.

Additionally, we need to be wary of consent. As a mandatory, consent should be made easier. Has anyone ever looked at their iPhone when agreeing to consent and scrolled down? Has anyone actually read all that? Has anyone read Google's 38 pages of consent every time they sign up or use Google?

Consent is not easy. It is not simple, and certainly this proposed law would not make it any simpler. We need to be wary of consent, and we need to ensure that consent is consensual, both in language and intent, and that we all know exactly what we are signing up to do, to give and to receive.

There is another term I want to explain as well called “de-identification”. The bill talks a lot about de-identification, and its definition is that it “means to modify personal information so that an individual cannot be directly identified from it,” and then goes on to say, “a risk of the individual being identified remains.” Therefore, an individual would lose all their information, but a risk of identifying an individual would remain.

Members will remember my Telus data for good example. Telus gave this information to the government during COVID, even though a risk of the individual being identified remained. It should be scrapped, and instead we should be using the word “anonymize”, which is also in the bill. This is what the GDPR does. In the bill, it “means to irreversibly and permanently modify personal information, in accordance with generally accepted best practices, to ensure that no individual can be identified from the information, whether directly or indirectly, by any means.”

I would ask members which one they would prefer. Would they like to be re-identified, as there is a possibility, or would they like no identification by any means?

Another major flaw in Bill C-27 is the creation of a bureaucratic tribunal instead of giving the Privacy Commissioner more bite. The creation of a tribunal is a time-waster, and the Privacy Commissioner should be allowed to levy fines. The Privacy Commissioner should be given more power and more bite. This is unclear because the EU, the U.K., New Zealand and Australia do not have tribunals that mediate their fines for privacy violations. Furthermore, it would no doubt cause those who have had their privacy violated to have to wait for years for the right of action.

I will put this straight. First we would have the Office of the Privacy Commissioner, or OPC, make a ruling. Then the government said that it would have a tribunal, which could then reverse the ruling of the Privacy Commissioner, and then we would have the Supreme Court, which would be allowed to rule on the tribunal's ruling. We would have a decision, another decision and a third decision, and each one of them could be countered.

Let me guess how long it would take. What do members think it would take? Would it take 48 hours or six months? Right now, the average is one year for the Privacy Commissioner, and we could add another year for the tribunal plus another year for appeals.

I ask this: Is it fair to have the average Canadian who has had their data breached, with their limited resources, have to go up against Facebook and Amazon and then spend three years in court? Does this protect fundamental privacy rights? Is this not just adding another layer of government that we certainly do not need?

The absence of rights-based language in the bill might tip the scale away from people in Canada, and the OPC and the tribunal weigh the privacy interest of people against the commercial interests of companies. Again, what does this come back to? Privacy was not listed as a fundamental right of Canadians.

Lastly, the AI portion of this bill is a complete rewrite. It needs to be split into its own bill.

I want to commend the minister for bringing this forward. He wants to be the first one in the land to bring this part of the bill forward, but to be honest, consultations only started in June. We have met with many individuals who certainly have not had any input into this deal, and although AI is there, there are many parts missing.

First of all, its findings conclude that there will be no independent and expert regulator for automated decision systems, nor does it have a shell of a framework for responsive artificial intelligence regulation and oversight. Instead, it says that the regulations will be determined at some future date and decisions will come from the Minister of Innovation, Science and Economic Development or a designated official.

Again, part of this includes a new tribunal and puts decisions where they should not be, onto the government, with enforcement and decision-making by the minister or the minister's designated ISED official. This would be political decisions on privacy. Does everyone feel comfortable that we are now shifting from a tribunal to the government?

This part of the bill will shift all of that to the government, to the minister or his designate. It reminds me of the proclamation, “I'm from the government, and I'm here to help.”

There is no mention of facial recognition technology, also, in this part of the bill, despite reports that have come from the ethics committee, the examples I gave from before on FRT. Certainly, that is worth more study.

There are some parts of the bill that have good aspects and certainly ones we can get behind, including the protection of children's privacy. As a father, I know it is so very important. Our children now have access to all kinds of different applications on their phones, iPads and Amazon Fires.

Our children are being listened to and they are being surveilled. There is no question that businesses are taking advantage of those children and that is something that we definitely need to talk about.

The attempt to regulate AI, though, as I have stated, needs major revisions. Without a proper privacy statement, it does not have a balanced purpose statement establishing that the purpose of the CPPA is to establish rules for governing the protection of personal information in a manner that balances the right to privacy and the need for organizations to collect, use or disclose personal information.

We should be shooting beyond the European Union's privacy act, shooting to be the world leader in the balance of ensuring privacy protection and that businesses and industries use data for good. In doing so, they would attract investment and technology, all the while protecting Canadians' fundamental right to privacy.

Canada needs privacy protection that builds trust in the digital economy, where Canadians can use new technologies for good while protecting them from the bad, profiling, surveillance and discrimination. The minister said that he wants to seize the moment, that we need leadership in a constantly changing world. Most importantly, the minister said that trust has never been more important.

If we do not get this right, and if we do not make sure that privacy is a fundamental human right, and declare that in the document and build the document around that right, we are doing two things: We are not prioritizing Canadians' privacy, as we are certainly not putting privacy at the forefront of the bill, and we are certainly not showing leadership in an ever-changing world.

As I noted at the onset, the technologies of 22 years ago have changed so significantly. The technologies now are changing more significantly. In the next 22 years, we are going to have technologies that are more embedded, not less, in our lives. We will have AI that do good.

One of the stakeholders that we met with actually talked about AI for good. They talked about embedding AI into the government's system of passports. That might actually mean that we could get passports within 48 hours. Could we imagine that? Could we imagine imbedding technology for good into a system that would allow Canadians to get the things that they need more often?

We love technology. We want to embrace it. We just want to make sure that, number one, privacy is protected. We want to make sure that we do the hard work of building frameworks alongside Canadians' fundamental human right to privacy and being protected in equal balance with the economy, democracy and the rule of law. This bill does not do that, not yet.

Let us work to make sure we come back with a bill that does that.

Mr. Speaker, it is a pleasure to see you in the big chair.

The answer to my hon. colleague's question is absolutely.

There are parents listening to us at home today. The greatest gift we could give children is to refer Bill C-27 to a committee so that the questions my colleague raised can be properly studied. What she said in her introduction is correct. There are three simple things behind Bill C‑27. First, we want to give individuals more control and power over their online information. Next, as a parent, I feel it is fundamental that there be better protection for our children in the digital age. Finally, it will regulate artificial intelligence so that it is used responsibly and serves the public.

I believe it is time to bring our 20-year-old legislation into the 21st century. That is a good thing, and it is what Canadians want. It may reassure my colleague to know that during the study of Bill C‑11, we listened to many experts and collected comments to ensure not only that we have a good law, but that we are among the best in the world and that we set an example on the international stage.

I am pleased to hear that, like me, my colleague thinks that the best gift we can give our young people before Christmas is to send Bill C‑27 to committee to get it passed as quickly as possible.

Madam Speaker, I am very proud, as always, to rise in the House to speak for the incredible people of Timmins—James Bay.

We are here to talk about Bill C-11. We have to step back into the last Parliament where we had Bill C-10, which this is the update of, and what was then Bill C-11, which was supposed to be about addressing the long outstanding need to bring Canada's laws up to standard in dealing with the tech giants.

This Bill C-11 was the old Bill C-10, which should have been pretty straightforward. Who does not want Facebook to finally start paying tax? This is a company that made $117 billion in profit last year, up $31 billion in a single year, and it is not paying tax. That is what Bill C-10 was supposed to do, but then it was our modern Minister of Environment who was then the minister of heritage who turned it into a total political dumpster fire. It was so bad the Liberals had to call an election, just to get that thing off the table.

Now the Liberals have brought it back. At the time, then Bill C-11 was supposed to be the privacy bill, a pretty straightforward thing. However, that was another dumpster fire, because the Privacy Commissioner had to come out and say that the Liberal plan to update privacy rights would actually undermine basic Canadian privacy in the realm of digital technology. Particularly, the Privacy Commissioner found this American company, Clearview AI, broke Canadian law for their illegal use of images in facial recognition technology. In response, the Liberals were going to rewrite the rules so it would be easier for Clearview AI to break the law, rather than for the Privacy Commissioner to protect Canadians.

The Liberals had to call an election to erase all of that. Now the Liberals have been given, as they have so many times in the past, one more chance. The deus ex machina comes down and gives them a chance to do things all over again.

Now we are looking at this Bill C-11. I can say one thing about this Bill C-11 is that it fixed a lot of the problems with the previous dumpster fire, maybe by moving the minister, although God help the planet now that he is looking after the environment. That is just my own personal thoughts from having read his ridiculous environment plan today. What he was going to do for culture, he is now doing to our environment.

Having said that, I would say that there is a couple of key issues we need to be looking at. We need to be looking at the need for Canada's legislation to actually address the right of artists to get paid in the digital realm. For too long in Canada we sort of pat our artists on the head. We all talked about the favourite TV shows we had growing up. One of the Liberals was talking about the Polkaroo.

Arts policy should not be that we just pat our artists on the head. This is an industry. It is one of our greatest exports. We are not promoting arts as an export or promoting our artists to do the work they need to do. We saw from COVID the devastating impacts on Canada's arts industry, on theatre, on musicians and on the tech people, the highly skilled tech people who went over two years without working. We really need to address this. One of the areas where they have been so undermined is online.

Let us talk about Spotify. It is basically a criminal network in terms of robbing artists blind. The number of sales one needs to have on Spotify to pay a single bill is so ridiculous that no Canadian artist could meet it.

We have streaming services that are making record fortunes. Therefore, it is a reasonable proposition to say that they are making an enormous amount of profit and they have a market where they do not have any real competition, so some of that money, and this was always the Canadian compromise, needs to go back into the development of the arts so that we can continue to build the industry.

The one thing I have also come to realize is that what the digital realm gives us and what streaming services give us is the ability to compete with our arts internationally on a scale that we never had before, if we are actually investing. Let us not look at it in a parochial manner, like what was done with the old broadcasters, where it was one hour on prime time a week they had to have a Canadian show on. Let us actually invest so that we can do the foreign deals. Why is it I can watch an incredible detective show from Iceland on Netflix, yet people in Iceland are not seeing an incredible detective show from Canada?

This is what we need to be doing. This is a reasonable position to take. With the profits that Facebook and Google are making, they can pay into the system. That is simple. They have unprecedented market share.

I will go to the second point, which is dealing with the tech giants. It is something I worked on in 2018. Our all-party parliamentary committee came up with numerous recommendations. I have to speak as a recovering digital utopian because there was a time when I believed that when we let all these platforms come, if we stood back and did not put any regulations on them, they would create some kind of new market promised land, but what we saw was that those dudes from Silicon Valley who were making YouTube in their parents' garage morphed into an industrial power that is bigger than anything we have ever seen.

There is a term, “kill zone of innovation”, where these companies have become so rich, so powerful and have such unprecedented corporate strength that it dwarfs anything we have ever seen in the history of capitalism, companies like Facebook. When Facebook gets a $5-billion fine, it does not even blink. It does not bother it. When the Rohingya are launching 150-billion U.K. pound lawsuit for the mass murder caused because of the exploitation of Facebook's platform, we realize we are dealing with companies that are so much beyond that they do not believe that domestic law applies to them. There has to be some level of obligation. I have worked with international parliamentarians in London, and there were meetings in Washington, trying to see how we can address the unprecedented power.

There is one thing that changed fundamentally when we saw the growth of this power. There used to be a principle that the telecoms would always tell parliamentarians, which was that we should not be blamed for what is in the content because, as they say, the pipes are dumb. We just send out the content and people choose, but people do not choose the content on Facebook and YouTube because of the algorithms. It is the algorithms that make them culpable and responsible.

I refer everyone to Congresswoman Carolyn Maloney, who demanded Facebook explain how many of these stolen bot pages were driving misinformation during the convoy crisis here in Ottawa. Congresswoman Maloney wrote, “Facebook’s history of amplifying toxic content, extremism, and disinformation, including from Russia and other foreign actors” is well known. It is no wonder that some members on the Conservative backbench are so defensive about this bill. My God, this is their main source of news. What are they going to do if we start dealing with bot pages that they think is something that came down from the promised land?

As parliamentarians, we have an obligation to address bot accounts. We have an obligation to hold these companies to account. What does that mean? Number one, it is about algorithm accountability. I do not care what someone watches on Facebook or YouTube, that is their business, but if the algorithm is tweaked to show people what they would not otherwise see, Facebook is making decisions for them.

I would refer my colleagues to Tristan Harris, the great thinker on digital technology. He spoke to the committee in 2018 and said, “Technology is overwriting the limits of the human animal. We have a limited ability to hold a certain amount of information in our head at the same time. We have a limited ability to discern the truth. We rely on shortcuts” like thinking what that person says is true and what that person says is false. However, what he says about the algorithm is that the algorithm has seen two billion other people do the same thing, and it anticipates what they are going to do so it starts to show people content. What they have learned from the business model of Facebook and YouTube is that extremist content causes people to spend more time online. They are not watching cat videos. They are watching more and more extremist content. There is actually an effect on social interaction and on democracy. That is not part of this bill.

What the all-party committee recommended was that we needed to address the issue of algorithmic accountability and we needed to address the issue of the privacy rights of citizens to use online networks without being tracked by surveillance capitalism. With this bill, we need to ensure that these tech giants, which are making unprecedented amounts of money, actually put some money back into the system so that we can create an arts sector that can compete worldwide.

Madam Speaker, I would like to inform the House that I will be sharing my time with the chief whip of the official opposition in the House of Commons.

Let us be clear from the start. We have no problem with extending work hours at this time of the year, as in fact our standing orders provide.

However, we are extremely concerned about the motion introduced by the government and voted on a few moments ago, because we know that facilities are limited, given the current pandemic situation. A lot of technical efforts are being made and government officials have made generous offers to co-operate with us, and we greatly appreciate that. However, when we get to this time of year, there is a kind of bottleneck. That is why we have to strike a very fair and reasonable balance between extending the work hours in the House of Commons and keeping parliamentary committees running. That is where there is a disconnect with the motion put forward by the government.

I would remind members that the House of Commons is part of Parliament, and as its very name suggests, Parliament is a place for parley, in other words, for discussion. We in the official opposition discuss things with our counterparts on the government side and with the other opposition parties. I would never, ever go into the details of those discussions. However, one thing is certain and indisputable, that is, that we had honest, good-faith discussions with our counterparts and could not come to an agreement. That is the point.

As we saw, when my colleague, the chief whip of the official opposition, asked the Parliamentary Secretary to the Leader of the Government in the House of Commons a very specific question, that good man, whom I like and respect a great deal, was unable to give anything even remotely resembling the merest hint of an answer. As parliamentarians, we cannot give carte blanche in terms of which committees will survive this proposal and which will not.

It should be immediately obvious why we have some very serious concerns about the lack of clarity on the parliamentary committees. We need only look at this government's track record over the past few months in terms of parliamentary work.

However, it was funny to hear my Liberal colleague for Winnipeg North talk about everything being in limbo because of Conservative opposition members, that their tactic on a daily basis is to delay, delay, delay, and that there is a filibuster each and every step of the way on each and every bill. This is anything but true.

When we talk about filibustering, I think that the king of filibustering is the Liberal Party of Canada, especially in this session, and there is a record of that. I do not think that the member for Winnipeg North and his colleagues would be very proud of what they have done in committee.

Let us look at what the Liberals have been doing in parliamentary committees over the past few months. They were the ones who accused us earlier of filibustering, as in talking for hours and hours in order to waste time rather than get to the bottom of things.

We can look at the Standing Committee of Procedure and House Affairs where the Liberals had filibustered for 73 hours.

The Liberals filibustered for 73 hours, preventing the committee from doing its work. Why?

It is because we wanted to get to the bottom of things and allow witnesses to appear and explain why the government prorogued Parliament. The Liberals filibustered for 73 hours to prevent witnesses from testifying. Now they are the ones accusing us of being the bad guys holding up the works. It is ludicrous.

However, it does not end there.

We can look at the Standing Committee on Access to Information, Privacy and Ethics where the Liberals filibustered for 43 hours. Why? It was to block getting to the truth about the WE Charity scandal.

There is a common thread in all this, however. When we want to get accurate information on Liberal scandals, they filibuster. They are very unhappy about that and accuse us of wanting to delay parliamentary work, when we are just doing our job.

These are concrete examples, but it does not end there. At the Standing Committee on Finance, the Liberals filibustered for 35 hours, once again to prevent parliamentarians from getting to the bottom of the WE Charity scandal.

At the Standing Committee on National Defence, the Liberals filibustered for over 16 hours. The committee chair, who is a member of the government party, unilaterally suspended the meetings 23 times.

This is starting to really add up: 63 hours at one committee, 43 hours at another, 35 hours at a third, 16 hours at a fourth. I have not even mentioned the Standing Committee on Foreign Affairs and International Development, where the Liberals filibustered for 10 hours, between February and April, on the study we wanted to conduct on the COVAX facility, which was created by rich countries to provide poor countries with access to vaccines. Sadly, members will recall that Canada, a rich country, helped itself to the supply for poor countries because it did not have the vaccines that the Prime Minister had announced at his December dog and pony show. That is the reality.

I hear government members accusing us of being the bad guys and filibustering, when they are the ones who filibustered for 63 hours at one committee, 43 hours at another, 35 hours at the Standing Committee on Finance, 16 hours at the Standing Committee on National Defence, and 10 hours at the Standing Committee on Foreign Affairs.

In light of the Liberals' dismal parliamentary record, we feel it is perfectly valid to want to be sure of what is planned for the committees before we give the government carte blanche to extend the committee and House sittings. However, the government refuses to tell us its plans and instead demands a free hand. We think this is unacceptable.

I heard my colleague from Winnipeg North explaining the status of some bills, so we will take a look at that assessment.

He talked about Bill C-3, regarding judges, which is modelled on a bill originally introduced by the Hon. Rona Ambrose. We are very proud of that legislation, but the Liberal government used the strongest weapon in its arsenal to delay its passage or concurrence, namely prorogation.

Let us not forget that last summer, when the Liberal government was in a real jam over the WE scandal, the Standing Committee on Access to Information, Privacy and Ethics met day after day in July and again in August. The official opposition members strenuously challenged the government's moral authority, because it had adopted a despicable strategy for dealing with this scandal.

What did the government do when it was in trouble? It prorogued Parliament. This was the worst thing it could do to slow down the work of parliamentarians. Once Parliament is prorogued, everything goes back to square one. That is what happened with Bill C-3.

What about Bill C-11? I heard the member for Winnipeg North say how important this legislation is, and he is absolutely right. I even remember the member and Minister of Innovation, Science and Industry calling out the Conservatives on Twitter in February, accusing us of delaying Bill C-11 and saying that it was awful.

I quite like the member for Saint-Maurice—Champlain, who is the minister responsible. I have a lot of respect and regard for him, but when I saw that on Twitter, I found myself thinking that I had not seen Bill C-11 in a long time. When I checked, I saw that the last time the government had brought Bill C-11 forward in the House was on November 24, 2020. The bill then sat around for three months, through November, December, January and February, before the government brought it forward again. However, the government went after us in February, claiming that we were delaying it. That is completely absurd.

The member also mentioned Bill C-14, on the economic statement, since there was no budget. The government accused us and is still accusing us of filibustering it, when two-thirds of the official opposition members did not even speak on it.

I am proud to be the House Leader of the Official Opposition. Our caucus has 120 members who duly represent eight Canadian provinces and regions in the House of Commons. We are the only truly national party. I am very proud of the calibre of people I work with, and that is why, when they ask to speak, I am happy to add them to the political debate. However, it is utterly ludicrous to accuse us of filibustering when two-thirds of our caucus did not even speak.

That is why the motion, as currently presented, is unacceptable to us. We are ready and willing to work longer hours as long as the parliamentary work in the House of Commons can be done without compromising the work of the committees, but that is absolutely not the case with this motion.

Mr. Speaker, Privacy Commissioner Daniel Therrien is raising serious alarm bells that Bill C-11 would undermine the fundamental privacy rights of Canadians. As a case in point, Clearview AI broke Canadian law when it took millions of photos of Canadians without their consent for its controversial facial recognition technology. The Privacy Commissioner is saying that Bill C-11 would actually protect the interests of companies like Clearview over the rights of Canadians.

Why are the Liberals using Bill C-11 to rewrite the privacy laws and stack the deck in favour of corporate outliers such as Clearview over protecting the rights of Canadian citizens?

Mr. Speaker, I rise on a point of order. There have been discussions among the parties and I hope you will find unanimous consent for the following motion: That, notwithstanding any standing order, special order or usual practices of the House, at 3:59 p.m. today, or when no member rises to speak, whichever comes earlier, Bill C-11, an act to enact the consumer privacy protection act and the personal information and data protection tribunal act and to make consequential and related amendments to other acts, be deemed read a second time and referred to the Standing Committee on Access to Information, Privacy and Ethics.

Mr. Speaker, I am certain that you will find unanimous consent for the motion that, notwithstanding any standing or special order or usual practice, at 3:59 p.m. today or when no member rises to speak, whichever comes first, Bill C-11, an act to enact the consumer privacy protection act and the personal information and data protection tribunal act and to make consequential and related amendments to other acts, be deemed to have been read a second time and referred to the Standing Committee on Industry, Science and Technology.

Mr. Speaker, I appreciate the question from my good friend.

This afternoon, we will complete second reading debate of Bill C-15, an act respecting the United Nations Declaration on the Rights of Indigenous Peoples. Tomorrow morning we will start with the debate of Bill C-6, an act to amend the Criminal Code (conversion therapy), followed by the debate at second reading of Bill C-12, an act respecting transparency and accountability in Canada's efforts to achieve net-zero greenhouse gas emissions by the year 2050 in the afternoon.

On Monday of next week, we hope to complete second reading debate of Bill C-11, an act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts. As all members are aware, at 4:00 p.m. that day, the Deputy Prime Minister and Minister of Finance will present the budget. Tuesday, Wednesday and Thursday will all be days reserved for budget debate.

Finally, on Friday, we will continue with second reading debate of Bill C-21, an act to amend certain Acts and to make certain consequential amendments (firearms).

Mr. Speaker, I thank my colleague and friend for his question.

This afternoon, we will obviously continue the debate on the opposition motion. We will proceed to the supply votes a little later this evening.

Tomorrow morning, we will resume debate at second reading of Bill C-19, an act to amend the Canada Elections Act, COVID-19 response, and then in the afternoon, we will study Bill C-11, an act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other acts.

I would also like to wish all hon. colleagues a productive and safe two weeks working in their constituencies.

Obviously, members have a lot of work to do in their ridings, but I hope they will take some time for themselves and spend some time with their families. That is important.

Madam Speaker, I know that local content is a big concern all across the country. I think I addressed that well in my speech, particularly the tone and thrust of our content, as well as the perspective from which it is being brought to us.

I know that my hon. colleague shares my concern around just who is bringing this content to us and what kind of content is being produced. That is an important piece. At the ethics committee right now we are having the executives of Pornhub show up, and in the managing of that content I would like to ensure that the privacy of individuals is protected. I know that the government has introduced Bill C-11 as well for that, and I look forward to seeing how these two bills interplay to protect Canadians online.

Mr. Speaker, we live in a country where the right to privacy is fundamental.

Today's youth are vulnerable, and some are victims of traffickers who post content online without consent. Bill C-11 could be amended to protect personal information.

Is the Liberal government prepared to protect these vulnerable members of our society?

Mr. Speaker, that question was really well put, probably the best question today.

This afternoon, we will continue debate at second reading of Bill C-12 on net-zero emissions. This evening, the committee of the whole will study the votes under Department of Health. Tomorrow and Monday, we will be debating Bill C-7 on medical assistance in dying.

We hope to complete third reading of Bill C-7 on Monday to give the Senate enough time to pass the bill before the court-imposed deadline of December 18.

On Monday afternoon, at 4 p.m., the Deputy Prime Minister and Minister of Finance will deliver the fall economic statement in the House of Commons.

Tuesday and Thursday shall be allotted days.

On Wednesday, we will resume debate on Bill C-12, the net-zero legislation.

Lastly, next Friday we will resume debate on Bill C-10, concerning the Broadcasting Act, and Bill C-11, concerning personal information protection.

Mr. Speaker, I thank my kind colleague for the extremely important and very useful question he repeats every week on the status of parliamentary business.

This afternoon we will continue debate at second reading of Bill C-10, an act to amend the Broadcasting Act. Tomorrow we will resume debate at third reading of Bill C-3, an act to amend the Judges Act. Monday of next week will be devoted to the study of Bill C-8, on the Truth and Reconciliation Commission's call to action number 94. On Tuesday, we will begin our study of Bill C-11, an act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act, which was introduced earlier this week by my colleague, the Minister of Innovation, Science and Industry.

Pursuant to Standing Order 81(4), I would like to designate Tuesday, November 24 for consideration in committee of the whole of the main estimates for the Department of Fisheries and Oceans, and Thursday, November 26 for the Department of Health.

Lastly, there have been discussions among the parties, and I believe you will find unanimous consent for the following motion:

That a take-note debate on the status of the French language in Montreal be held, pursuant to Standing Order 53.1, on Wednesday, November 25, 2020, and that, notwithstanding any Standing Order or usual practice of the House: (a) any member rising to speak during the debate may indicate to the Chair that he or she will be dividing his or her time with another member; and (b) no quorum calls, dilatory motions or requests for unanimous consent shall be received by the Chair.