Information & Ethics Committee on Nov. 20th, 2012

Evidence of meeting #56 for Access to Information, Privacy and Ethics in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was need.

A video is available from Parliament.

On the agenda

Privacy and social media

Committee Business

MPs speaking

Also speaking

Karna Gupta President and Chief Executive Officer, Information Technology Association of Canada

Normand Landry Professor, TELUQ

4:45 p.m.

Professor, TELUQ

Dr. Normand Landry

I think Canadian public authorities should establish some requirements, but they could provide certain benefits to balance things out. First, a secure environment would be needed. We do expect companies to actively protect their users' personal information. In return, Canadian public authorities could provide them with a stable, consistent and welcoming regulatory environment.

As for the policy-making process, the policies should be transparent, regardless of whether they apply to Canadian public authorities—and in this case, all stakeholders could be asked for their opinion—or companies. They would all be asked to be more transparent with regard to privacy issues.

Next, we have the responsibility issue, which has to do with companies' ability to address any criticisms in an effective, prompt and satisfactory manner. A public stakeholder could do the same, thus establishing a consistent and productive dialogue.

Finally—and we very much agree when it comes to this—the environment should enable businesses, encourage innovation and specifically promote the development of Canadian talent. This concerns support for small and medium businesses, which we think is absolutely crucial.

4:45 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

Thank you, Mr. Dreeshen. Your time is up.

I will yield the floor to Mr. Angus for the last five minutes.

4:45 p.m.

NDP

Charlie Angus NDP Timmins—James Bay, ON

Thank you, Mr. Chair.

This has been a fascinating discussion. I think one of the issues that we are trying to grapple with is the effect of risk if privacy is breached. This is a serious issue. We can develop as much as we want, but the risks to citizens are much higher now than they've ever been because of the ease of access.

I'm concerned about two areas. One is in terms of fraud. Scams such as the 419 scam can track people now. They can find information. They can tailor their pitch to you in an e-mail or on Facebook based on specific points of data that would not have been possible before. We're not going to know about their ability to catch people because many people who are caught up in a fraud are just too embarrassed to come forward. This is happening all the time, and it's happening because it's not the good players who are breaching data, but other people who are breaching data.

Mr. Gupta, given the seriousness of this, we're seeing that under Bill C-12, private companies should only need to report privacy breaches if it proves significant harm. That's a pretty high test. Don't you think that given what's out there, the Privacy Commissioner should be deciding whether a breach is something to be reported?

4:45 p.m.

President and Chief Executive Officer, Information Technology Association of Canada

Karna Gupta

I think when the original PIPEDA was passed by the legislature, we did go on record as part of the industry sector that agreed with the overall position of full disclosure on any of the major issues or breaches that came up.

Now, in Bill C-12 they are looking at an amendment. We haven't quite gone through all of them, but it does require further dialogue with the Privacy Commissioner as well as the industry body. That's really where it is.

We haven't done any more on Bill C-12 at this stage.

4:50 p.m.

NDP

Charlie Angus NDP Timmins—James Bay, ON

Mr. Landry, the other element of worst case scenarios is what we see in the media with so-called cyberbullying, the tragedy of the Amanda Todd case. I've listened to a lot of talk shows on it and I've seen a lot of online media commentary. It seems that even our own digital literacy isn't all that clear on these kinds of issues. We talk about an extension of kids being mean in the schoolyard to kids being mean on Facebook.

Amanda Todd was stalked by a sexual predator, who we believe was based in the United States. This adult destroyed this young woman's life. The police didn't seem able to track this predator, so he is still out there. Then we had the issue of her mother being an educator. This happened under circumstances where something could have been done.

In terms of digital literacy, what do you suggest we do as parliamentarians? Is it just about education? Do we have to ensure that there are the tools to go after not just the kids throwing rocks on Facebook, but serious predators out there? Are there tools we need to bring us up to speed in the online world?

How do we start to separate these issues so people know what we're dealing with? Cyberbullying is a broad word and is being used a lot, but I don't know if it is bringing us any further ahead in terms of the literacy of what's happening. What do we need to do? How do we empower young people and citizens to protect their privacy and create safe spaces?

4:50 p.m.

Professor, TELUQ

Dr. Normand Landry

There is much to be done, and many avenues can be taken to address this issue in a way I deem satisfactory.

First and foremost, I think we need an early educational strategy. By early, I mean as soon as children start elementary school. That is fundamental. We need a strategy where school curricula would include tools for professors to help them educate children on the risks involved in using new digital technologies.

We would also need—and I am not looking after my own interests—structured research funded by public and, especially, independent powers on the challenges related to education on digital media, with evidence on all factors of key importance.

In addition, of course, we need public resources where individuals, groups and organizations concerned by these issues could easily find all the tools they need for action.

I think those are the three key aspects. Of course, the issue—and you know this better than I do—is resource investment for resolving this problem.

4:50 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

Thank you, Mr. Angus.

Your time is up, but I can allow Mr. Gupta a few minutes to answer your question.

4:50 p.m.

President and Chief Executive Officer, Information Technology Association of Canada

Karna Gupta

Thank you, Mr. Chair.

Do you want me to give a closing comment or answer the question?

4:50 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

You can answer Mr. Angus's question.

4:50 p.m.

President and Chief Executive Officer, Information Technology Association of Canada

Karna Gupta

Okay. I think the points are very valid. The issues are very serious in the arena of what is going on with young people and how vulnerable they are. Most of the industries take this very seriously.

Several innovative technologies are being talked about within the industry, regarding how to create more parental control and the consent mechanism. Today a lot of it is not available.

When the Privacy Commissioner meets with the industry groups, this is a very topical item. We talk about the innovative technologies they are looking at to provide the proper parental control.

Going back to my earlier comment, the biggest thing, the educational part, is very critical to know at a very early age how online tools need to be used. We use online tools today almost like a babysitter. We hand the kid an iPod or iPhone while they are waiting in a doctor's office. They learn to use these things. Education is needed at a very early stage. Tech companies that we know, our members, are engaged with the Privacy Commissioner in terms of new technologies to look at consent forms.

4:55 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

Mr. Gupta, thank you for your testimony.

I have a short question for our witnesses. I am taking advantage now because I often don't have time to ask questions.

Do you have any suggestions for the committee members regarding questions they could ask Facebook representatives? They should eventually appear before our committee. Do you have any suggestions on what the focus of such a meeting should be?

4:55 p.m.

Professor, TELUQ

Dr. Normand Landry

Yes, I have a number of questions in mind. I would be curious to know what the company thinks about the information it provides its users for effectively protecting their privacy. Is that something they feel is important? Do they think the confidentiality policy available online answers users' key questions and, if so, why? If not, why?

I would very much like to get a clear answer from them about that. Would they be interested in developing non-judicial dialogue and conflict resolution mechanisms? I'm talking about internal discussion processes that would make it possible to first change confidentiality parameters, obtain user input and avoid potentially serious public repercussions.

I think that would be the fundamental issue. In short, do they want greater user participation in the establishment of confidentiality policies on the site?

4:55 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

Thank you.

Mr. Gupta, what do you think?

4:55 p.m.

President and Chief Executive Officer, Information Technology Association of Canada

Karna Gupta

Thank you, Mr. Chair.

I think the main question I would frame for them, given today's discussion, is what they are doing from a technology point of view to provide control. At the end of the day, all of the things we talk about come down to the element of control at the user end and what kind of technology and innovation they're looking at to allow a level of control that could be managed at the user level. Then education can support and work at it. That's the technical question I would pose.

4:55 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

Thank you for your time. This brings today's testimony to an end.

As the committee members know, we have a number of other items on the agenda to discuss.

I want to thank our witnesses. We may see each other again.

4:55 p.m.

Professor, TELUQ

Dr. Normand Landry

Thank you.

4:55 p.m.

President and Chief Executive Officer, Information Technology Association of Canada

Karna Gupta

Thank you.

4:55 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

I will interrupt the meeting for one or two minutes, and we will then come back with only the committee members to discuss the other items.

4:55 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

We are continuing our meeting.

I see that Mr. Warkentin would like to speak.

4:55 p.m.

Conservative

Chris Warkentin Conservative Peace River, AB

Thank you, Mr. Chair.

4:55 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

You were eager for us to begin.

4:55 p.m.

Conservative

Chris Warkentin Conservative Peace River, AB

I know that we have a couple of things that we want to undertake, including some motions that would impact future meetings. I think it would be helpful for us to get an indication as to what we have on the schedule moving forward. I know that you would probably like to give us an update on that, but I think in order to do that it's best that we deal with that in camera, so I'm wondering if we could move in camera.

5 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

The motion cannot be debated. Therefore, we will have to proceed with the recorded division.

I will let the clerk conduct the vote.

5 p.m.

Conservative

Blaine Calkins Conservative Wetaskiwin, AB

Mr. Chair, you had called the question before I heard anybody ask for a recorded vote. If you look at the rules, the request for the recorded vote has to happen before you call the question.

5 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

I asked that before people even raised their hands. It makes no difference when it is asked.