Bill C-27

I appreciate all that, and I agree, actually. I still want a national auto policy. We're not there yet, but there's more policy than ever before, and we're not doing Hail Mary rescue plans.

Again, though with respect to consumers, what do we do? I can't wait for a study in this committee. You raised Bill C-27, and that's going to take a long time in this committee. In the meantime, I'm not sure the government grasps the seriousness of our EV charging ports' being deficient and incompatible. As well, incentives to U.S. consumers are outperforming those to Canadian consumers. These are big margins—$5,000 Canadian versus $7,500 U.S. With $4,000 for used batteries, do you not think there should be at least a department or that the government should have some type of a plan there? If you look at other nations, even in Europe, we're way behind. There's money for companies but not for consumers.

Well, that's a very good question. That might also be a study for the committee in the future, when you've passed Bill C-27, because that is a very interesting part.

I'll give you an example. I was just in Washington recently, and in Nebraska over the weekend.

First, I'll tell you about cobalt—colleagues may know or not know. When I was in Washington, I asked my colleagues if they knew that there was only one refinery of cobalt in all of North America. Everyone was pretty surprised by that. I asked if they wanted me to tell them where it was. They said they guessed I was going to tell them even if they didn't ask. I said it was in Cobalt, Ontario. I asked them whether they knew how long it took to permit that. I said it took about a good part of a decade for that. I said to my American friends that it would probably be better if we worked together to scale, because what we need now is speed and scale. If they wanted to have theirs, it was going to take at least a decade. So, cobalt is a good example.

If I come back to the motion you had on Rio Tinto, you may have seen that now Canada is the largest producer of titanium in the world. We've displaced Russia, thanks to an investment by Rio Tinto, in fact, which invested close to $1 billion in Sorel, which is a small town in Quebec.

Now, what do you do with the titanium? Imagine, now you can produce titanium powder, and with that powder, you produce 3D printing of titanium parts. With that, you can basically repair jets on aircraft carriers. That's just giving you an example of where we're making headway. However, I would say we need to work together—and this committee has a role in that—because it's all about speed and scale, like you say, to make sure we have a resilient supply chain in North America.

Thank you, Mr. Van Bynen. I'm sorry, but we'll get back to you when we come back to Bill C-27. We've reached the end of our meeting.

I appreciate, members, your co-operation during this meeting.

Thank you, everyone.

I want to thank the witnesses.

Have a good day.

The meeting is adjourned.

Mr. Schaan, the current Privacy Commissioner, in the appendix to his submission on Bill C-27, also asks for the list.

Thank you, Mr. Chair.

Many things have been said about this amendment.

First, the government doesn't want it. The government doesn't want our extremely sensitive financial data, which can be stolen and used, subjected to a fairly high level of consent.

It's deplorable. I can't repeat it enough. We don't know who the minister consulted before tabling Bill C‑27, which ended up generating a ton of amendments because it was poorly drafted in the first place.

We don't even know which banks, which financial institutions, which insurance companies or which private interest groups were consulted. Perhaps consumer groups were involved. We don't know. However, clearly, if we're to again believe the advocates of this bill, we seem to be hearing from people in the industry.

My subamendment has been worded to include the contextual component. When we say that “the individual generally has a high expectation of privacy”, this implies that the Privacy Commissioner can incorporate the contextual component. There's absolutely no ambiguity here.

In Quebec, Law 25 provides some protection for financial data. However, we would like to remind the government that most financial institutions are federally regulated.

Mr. Chair, I would like to share the following quote from a Supreme Court ruling: “… I agree with the Privacy Commissioner that financial information is generally extremely sensitive.” I repeat: “… I agree with the Privacy Commissioner that financial information is generally extremely sensitive.”

This ruling is found in the Trang case. The Supreme Court recognizes that, in some circumstances and business relationships, a certain amount of consent is implied and the courts have leeway when it comes to interpreting that consent.

My subamendment doesn't say that financial information is always sensitive. Nevertheless, generally speaking, that's what it says for cases where the circumstances point to a high expectation. This fully aligns with the Supreme Court ruling in the Trang case. The subamendment was written with this in mind.

I also really want to emphasize that I share my colleague Mr. Masse's view that not including financial information would mean a step backwards from current law.

Once again, we stand by our position.

I also want to quickly address the comments made by my colleague, Mr. Williams.

We're saying that sensitive information isn't limited to the information on the list. Geolocation data is an example of information that could be considered sensitive, if the individual generally has a high expectation of privacy in this area and if the information is read in context.

This shows the importance of providing a certain amount of leeway given that five‑year reviews don't always take place after five years. In some cases, they take place after 8, 10 or 12 years.

I think that the amendment should be passed.

Lastly, consent fatigue must be taken into account. We're told that people will become tired of having to consent to the use of their information. Given this sociological phenomenon, we should refrain from including a person's financial information in their sensitive information.

I have no doubt about the scientific training of the officials here today. However, I took the liberty of consulting the scientific literature to find out about consent fatigue. That's what I read.

I understand that people may ultimately become tired of having to give their consent when alerts pop up every five seconds on their Apple watch—like my colleague Mr. Turnbull's watch—each time a bank wants to use their personal information.

However, apart from the office of the Minister of Innovation, Science and Industry, the fact remains that no one is currently talking to us about consent fatigue.

People are afraid that their data will be stolen and used.

People are afraid of being located. We know that devices, especially cell phones, contain a great deal of information. People talk to us about it. However, I have never heard anyone ask me to be careful that we don't wear them out when we legislate to protect their personal information. That has never happened to me. I don't accept that argument.

Good morning, everyone.

I call this meeting to order.

Welcome to meeting number 122 of the House of Commons Standing Committee on Industry and Technology.

Today's meeting is taking place in a hybrid format, pursuant to the adopted order and the Standing Orders.

Before we begin, I would like to remind all members and other meeting participants in the room of the following important preventative measures.

To prevent disruptive and potentially harmful audio feedback incidents that could cause injuries, I remind all in-person participants to keep their earpieces away from the microphones at all times.

As indicated in the communiqué from the Speaker to all members on Monday, April 29, 2024, the following measures have been taken to help prevent audio feedback incidents.

All earpieces have been replaced by a model that greatly reduces the probability of audio feedback. The new earpieces are black, whereas the former earpieces were grey.

Please use only the approved black earpieces.

By default, all unused earpieces will be unplugged at the start of a meeting.

When you're not using your earpiece, please place it face down, in the middle of the round sticker on the table, as indicated.

Also, please consult the card on the table for guidelines to prevent audio feedback incidents.

Finally, the room layout has been adjusted, as you have been able to see since last week, to increase the distance between microphones and reduce the chance of feedback from an ambient earpiece.

These measures are in place to ensure that we can conduct our business without interruption and to protect the health and safety of all participants, including the interpreters, whom we thank.

I thank you all for your co-operation.

That said, we are holding a new meeting on Bill C‑27.

Pursuant to the order of reference of Monday, April 24, 2023, the committee is resuming consideration of Bill C‑27, An Act to Enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts.

With that, I would like to welcome back the witnesses who are joining us.

Joining us today by video conference from the Department of Industry is Mark Schaan, senior assistant deputy minister, and here, in Ottawa, we have Samir Chhabra and Runa Angus.

Thank you for being with us today.

Before I begin, I would like to add the following.

Colleagues, just to remind everyone of where we were, we're still on CPC-7.

(On clause 2)

There is a subamendment by the Bloc on the floor right now, which we were debating.

I will give the floor to Mr. Garon so that he can propose his subamendment.

I want to welcome all of you to meeting number 121 of the House of Commons Standing Committee on Industry and Technology.

Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders.

I'll recognize you, MP Masse, in due time, but there are some things I need to highlight first.

Before we begin, I would like to remind all members and other in-room meeting participants of the following important preventative measures.

To prevent disruptive—and potentially harmful—audio feedback incidents that can cause injuries, all participants must keep their earpiece away from their microphone at all times.

As indicated in the communiqué from the Speaker to all members on Monday, April 29, the following measures have been taken to help prevent audio feedback incidents.

All earpieces have been replaced by a model which greatly reduces the probability of audio feedback. The new earpieces are black in colour, whereas the former earpieces were grey. Please only use the approved black earpieces.

By default, all unused earpieces will be unplugged at the start of a meeting.

When you are not using your earpiece, please place it face down on the middle of the sticker on the table for this purpose, as shown on the image.

Please consult the cards on the table for guidelines to prevent audio feedback incidents.

The room layout has also been adjusted to reduce acoustic shock.

Keep that in mind, colleagues. It's very important. I'll be monitoring this more closely than ever, given what happened.

To make it simple, you need to keep your earpiece as far away as possible from the microphone, when your microphone is on, or away from that of your neighbours. Any microphone that's on, you need to keep the earpiece as far away as possible.

Pursuant to the order of reference on Monday, April 24, 2023, the committee is resuming consideration of Bill C‑27, An Act to Enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts.

With that, I’d like to welcome back our witnesses and thank you all for being here this evening.

We welcome Mr. Mark Schaan, senior assistant deputy minister, strategy and innovation policy sector; Mr. Samir Chhabra, director general, marketplace framework policy branch; as well as Ms. Runa Angus, senior director, strategy and innovation policy sector.

At the last meeting on Bill C‑27, we ended with the representative for the Bloc Québécois. Before giving him the floor, allow me to give the floor to another member.

I'd like to recognize MP Masse, who had a point of order.

MP Masse, the floor is yours.

Thank you.

Contrary to what MP Kusmierczyk said, INDU is not doing a study on this issue. I don't know why he keeps saying it. Perhaps he was having some challenges with the Internet connection when I was speaking earlier to it, when I said that INDU is in the middle of Bill C-27—the government's bill on privacy and artificial intelligence—and doing clause-by-clause to 256 amendments that have been proposed, all of them substantive, including the 55 amendments from the broken bill that the government proposed to its own legislation. There is no ongoing study of this, and it's misleading to say that, even though he heard me say it earlier.

The reason we're here is because this isn't me, this is the union, the Canada's Building Trades Unions, saying that this is happening. Let me get into some specifics, since apparently the Liberals missed the point on the $50-billion subsidy that they should be Canadian jobs if you're going to subsidize. Here's what the union is saying. They said LG has instructed Jeil and Daejin—they are subcontractors on employment—to use eligible Korean nationals and Mexican nationals who could qualify for a certain work visa on the site, and even told them to seek out refugee claimants in Canada who could perform the work. This is apparently in an effort to keep their costs low. NextStar is increasingly tapping into two contractors that are using foreign workers to take work originally promised to local contractors. This includes work on multi-million dollar press lines and installing module lines. The CBTU has told folks that they have lots of proof that foreign workers are performing this unspecialized work, and they have unionized members who are unemployed that could be doing this. In fact, after the Prime Minister met with NextStar on March 14, the union actually amped up their hiring of foreign workers after talking to him. I'd be curious as to what was discussed in that meeting that they felt after meeting the Prime Minister they could actually hire more foreign workers for the construction.

And there is no pause going on, as was claimed. That's the reason the union wrote this letter—there is no pause. In fact, they've got to the point where they're frustrated. Even after the threat of going to the media, the union had yet another meeting with management to try to get an MOU, an understanding, on not having foreign replacement workers. These are jobs, just to be clear, that Canadians can be hired for; workers who are available for work but are being replaced by people not from Canada. They're generally known as a foreign person coming in to replace workers in Canada—a foreign replacement worker—and that is what's happening at this plant.

The contract says they can only hire Canadians, or a limited number. I can tell you at one point NextStar said they were going to hire 600 full-time foreign replacement workers in the running of the plant. They also said they would have up to 1,000 foreign replacement workers. That was in the media. They changed their tune once they started to get public pressure by this committee and others.

This is a real issue. It's not something the government says Conservatives are making up. This is the letter from the union. Perhaps they didn't hear it. I could read it again, Mr. Chair, just in case some of the members' earpieces weren't working. I'll leave that.

However, if you don't know this, this is on the Government of Canada's website: material handler for the plant, languages needed, Korean. This is the Government of Canada's own website, and it says who can apply: candidates with or without a valid Canadian work permit. That's on the Government of Canada's website. Do you recognize the logo of NextStar Energy? A general affairs specialist is hardly some specialized worker from Korea who needs to come here. Let's see, it says that as a general affairs specialist, you will be responsible for various aspects of the company's operations, providing administrative and organizational support. Your tasks will be related to the efficient functioning of the office and ensuring smooth daily operations of the company. It also says here, “Responsibilities: office management and organization, correspondence handling and mail management, coordination of meetings and events, administrative support for various departments, document management and archiving, managing office supplies and inventory”.

These are really specialized tools that only Koreans have: “Supporting HR in recruitment and training”; “Building and maintaining positive relationships with vendors and clients”; “Assisting with travel arrangements for employees”; and “Ensuring compliance with safety and company policies”. Requirements include “Experience in a similar role or related field”; “Strong organizational and multitasking skills” and “Excellent verbal and written [skills]”.

They sound like very specialized, unique things that you can only find in South Korea, plus “Fluency in Korean”.

However, that's not all, Mr. Chair.

Here is another general affairs specialist with similar types of things, including more office management, in a separate posting by NextStar. It says that Korean is preferred. For the position of material handler, Korean is an asset. The position of general affairs specialist requires fluency in Korean. The position of electrode quality engineer is bilingual in English and Korean. A module production planner position requires English and Korean proficiency. In quality management systems, global experience is preferred. For a module production technician, the language requirement is reading and writing in English. Hey, we found one! A listing for a cell/electrode quality engineer says, “Bilingual in English [and] Korean”.

It goes on and on and on.

MP Kusmierczyk clearly isn't looking at the job sites when he is making this defence of his government, and I understand why he's doing this. He's embarrassed by the fact that his government didn't think to use the words “employ Canadians” when they made this commitment. He's embarrassed by the fact that the company has said it is going to hire up to 1,000 construction workers who are outside specialists.

Therefore, there will be 600 Canadians and 1,000 foreign workers. I guess it takes 1,000 specialized people to oversee 600 general construction workers. Also, there will be 500 to 600 permanent workers from Korea out of 2,500.

This is not one or two here or there. This is a serious issue. This is $15 billion in taxpayer production subsidies in this plant. This is half a billion dollars in construction costs being paid by the taxpayer. If you're going to do business with the Government of Canada, and you're going to suck all this government taxpayer money—Volkswagen, Stellantis, Northvolt, Honda—you had better be prepared for some public scrutiny. You had better be prepared to prove that you're hiring Canadians.

It's beyond me why the NDP does not want clarity on this. The motion at the industry committee, by the way, for those of you who don't watch the clock, ended an hour ago. That's why people are here. That motion was only to have the ministers appear. It wasn't to actually have the contract—

Thank you, Mr. Chair.

Just to clarify, INDU is not studying Stellantis. We're in the middle of a very lengthy clause-by-clause discussion on Bill C-27. There was a motion proposed at the end of INDU—they're probably still discussing it now—to have the Minister of Industry appear, but the motion has nothing to do with the contract. They're very different.

The effort on Bill C-27 will probably take us well into the fall, so I don't imagine that there will be another study at industry on this. We had one meeting in camera with officials after we viewed the contract. That's it, and that's not a study. There's not going to be a report either, because it was in camera, just for clarification.

On this, lobbing it off to industry is lobbing it off to a committee that won't get to it until before Christmas. That's not timely when you're spending $52 billion of Canadian money. This committee has the right to look into any spending and spending commitments—government operations is its name, the mighty OGGO, as I'm told—and actual expenditures of the Government of Canada. Some of these expenditures are actual now, particularly the construction ones. The government is already subsidizing half a billion dollars on the construction of the Stellantis plant and investing $778 million dollars of subsidy on the construction of the Volkswagen plant before you even get to the production subsidies. Those are the contracts right now that are in dispute, and the money we're spending is for the construction contracts.

I appreciate not wanting to distract the committee and take time from its important work, but I think that this is the appropriate place to study it, as my friend MP Genuis put forward, because, one, it is a government expenditure, and two, industry can't look at this in the foreseeable future because of the extensive nature of Bill C-27, the privacy and artificial intelligence bill.

Thank you, Chair.

I just wanted to say we had a very detailed subcommittee report that came back to the committee. We had agreed on a set schedule. We have quite a lot of business that we've prioritized and we've even wedged in some additional meetings to make sure that everybody has opportunities to study their various topics.

Obviously, Conservatives, we know that you are bringing a new motion every single week with a timeline that seems to want to delay Bill C-27 work. I'm not saying this isn't an important topic. I don't want you to hear it that way.

I notice, though, Mr. Williams, Honda isn't even included. You started by talking about Honda and it is not even in the motion you brought, which is kind of strange.

Regardless, I think that our committee calendar is completely full until the end of June when we break for the summer, so I would say that we stick to that. We reached consensus with the Conservatives around having an additional meeting on SDTC. If you want to have this instead of that, I think that's an option you could consider, but when you bring a new topic every single week that is supposedly urgent, I would just say that you've got to prioritize at some point and say what you really want to study.

I think we've all agreed Bill C-27 is taking priority. We're digging in; we're doing some great work together. We want to keep that momentum going. Maybe you can wait until the fall to study this or swap out SDTC. That's what I would humbly suggest as an alternative.

Thanks.

We're studying C-27. It's a motion we had to make.

I didn't think we'd get this far today.

This follows nicely the good dialogue we just had with Mr. Schaan regarding how implicit or explicit this bill actually becomes. CPC-7 proposes to define sensitive information:

sensitive, in relation to information, includes any information pertaining to an individual that reveals

(a) their racial or ethnic origin;

(b) their political opinions, religious or philosophical beliefs, trade union or political membership, or political contribution history;

(c) their sexual orientation or sexual habits;

(d) genetic data or biometric data that can uniquely identify them;

(e) their health condition, including any treatment or prescription on their medical record;

(f) government identifiers, such as their social security, passport or driver's license numbers;

(g) the content of their electronic devices, including messages, images, address books, calendars and call history;

(h) their passwords; or

(i) financial data.

Bill C-27 makes several references to the terms “sensitive information” and “sensitivity” without providing definitions for the terms. This approach is incredibly problematic for consumers and businesses if the definition is left to interpretation, with the obvious risk that some information will be regarded as sensitive data and other information as not, and those interpretations will vary. To resolve this issue, stakeholder groups and the Privacy Commissioner have advocated for a clear definition of the term, outlining a list of items legislators constitute as sensitive information.

I note that, in committee testimony on October 31, the Centre for Digital Rights stated:

At the moment, the definition of sensitive categories of personal information is left open and the words “sensitive” and “sensitivity” are used throughout Bill C-27 without definition (with the exception of minors). Thus, the definition is left to the organization with the obvious risk that some sensitive data will not be regarded as such, and that interpretations will vary.

This is a key element that differentiates the CPPA from other modern privacy laws like the EU GDPR and those found in California and Quebec:

So as to provide certainty for Canadians and Canadian businesses, and to align with both Quebec's Law 25...Bill C-27 should define “sensitive information” first by establishing a general principle of sensitivity followed by an explicitly open-ended list of examples....

The Office of Privacy Commissioner, in its submission to our committee, stated:

That a definition of sensitive information be included in the CPPA, that would establish a general principle for sensitivity followed by an open-ended list of examples.

In the GDPR, article 9, paragraph 1, it states:

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.

It's very clear we relied heavily on the GDPR example in putting forward this proposed amendment.

I note that the Canadian Research Insights Council, on May 9, stated:

Bill C-27 could offer more protection for minors, for which the Bill is nearly silent. Bill C-27 indicates that information with respect to minors be considered sensitive information but offers no definition of minor nor sensitive information.

Australia's Privacy Act follows a similar line of language to the GDPR.

In America, the American Data Privacy and Protection Act outlines a whole suite of matters related to their definition, including:

(i) A government-issued identifier, such as a Social Security number, passport number, or driver's license number....

(ii) Any information that describes or reveals the past, present or future physical health, mental health, disability, diagnosis or health care condition or treatment of an individual.

The list includes financial information and:

(iv) Biometric information.

(v) Genetic information.

(vi) Precise geolocation information.

(vii) An individual's private communications....

The list includes passwords, sexual orientation or:

(ix) ...sexual behaviour in a manner inconsistent with the individual's reasonable expectation regarding disclosure of such information.

(x) Calendar information, address book information, phone or text logs, photos, audio recordings, or videos, maintained for private use by an individual, regardless of whether such information is stored on the individual's device....

It includes non-consensual intimate images, information that reveals the video content or services requested or selected by an individual, and minors' information.

I'll go on.

Daniel Konikoff from the University of Toronto stated:

The term “sensitivity” appears often throughout the CPPA, yet it remains undefined in the Bill's glossary. Bill C-27 should follow global standards and explicitly define sensitive information to capture the above-mentioned categories with an emphasis on biometric information, which is at the core of an individual's identity. The EU AI Act is already ahead of the curve on this, explicitly defining biometric data in a way that acknowledges its sensitivity, its unique capacity to identify a person, and the importance of consent in systems that identify based on “...physiological, behavioural and psychological human features”....

The CPPA's failure to capture biometric data as sensitive information leaves far too much up to interpretation, and may lead businesses to establish inadequate protections—or none at all—for information that merits stronger safeguards. Without this definition, other sections of the CPPA—such as 53(2) and 62(2)(e), which refer to retention periods for sensitive personal information, or 57(1), which pertains to establishing safeguards proportionate to the sensitivity of the information—are left open to interpretation.

California follows the federal law in America, which provides much of the same language in terms of sexual orientation, racial or ethnic origin, or religious or philosophical beliefs.

I'll note that the Canadian Civil Liberties Association outlined that sensitive information remains undefined in Bill C-27. It said, “Parliament should follow international standards and explicitly define sensitive information to better protect special categories of personal information.”

Bill C-27 defines “personal information” as “information about an identifiable individual.” According to the European Union's General Data Protection Regulation, personal information includes names, ID numbers, “location data, an online identifier or...factors...to the physiological, genetic, mental, economic, cultural or social identity” of the person.

I think there is ample testimony from business and civil liberties groups as well as the Privacy Commissioner outlining the need to have a definition in there. At the same time, I acknowledge some of the rationale we've heard from the department about the nature of lists. However, I also relied heavily on the expertise of the Privacy Commissioner when putting this forward. Our intention behind it is to avoid broad interpretation if and when this bill is enacted and becomes the new standard for Canada.

Thank you, Mr. Chair.