Information & Ethics Committee on Jan. 29th, 2019

—that continues to exist. Part of the solution is to say that everybody does need affordable access. That is the full stop of what we have to do, and we have to make the commitment to make sure that happens.

You've also essentially raised the question of what happens when data gets used for purposes that go well beyond what people would have otherwise expected or anticipated. On the private sector side, we would say that's a privacy violation. You collect the data. You tell me what you're going to use it for, and if you turn around and start using it for other purposes you haven't obtained appropriate consent for, then I, in theory, can try to take action against you or at least file a complaint.

Part of the shortcoming—and this comes back to even the exchange with Mr. Baylis—is that we still don't have good enough laws at the federal level to ensure that data isn't misused in certain ways. We have seen over many years, especially the years with debates around lawful access and the like, very often the notion that if we have the data, surely we need to use it. There is always going to be a reason for that. You need to establish both, I think, the rule sets and the frameworks to ensure there are the appropriate safeguards in place and there's the appropriate oversight on top of that. I think at the end of the day you need to ensure you have governments, just like companies, that recognize that where they become overly aggressive with using data, because they feel they can, they cause enormous harm to that information ecosystem, and ultimately undermine public confidence not only in them but also, I think, in governments more broadly.

I think you're right. I think consent remains very weak, but let's recognize—and I know this has been discussed before this committee as well—that we still don't have political parties subject to those sorts of privacy rules.

Oh, oh!

On the idea that we're going to say this is an issue of democracy, yes, it's an issue of democracy. It's a real problem when our political parties will collect data and aren't subject to the same kinds of privacy standards that they would subject any private company to.

I just want to say one thing. There are a variety of things, of course, that we can do, but you asked how we can regain the trust of the public in terms of what government is doing. With due respect, there was one thing that took place last year that further eroded that trust. Prime Minister Trudeau was asked by the federal Privacy Commissioner to include political parties under the privacy laws. Mr. Trudeau said no. He basically did not go in that direction.

That was a most disappointing thing. Why wouldn't political parties be subject to privacy laws just like businesses and other government departments are? Unfortunately, there is not a lot that is increasing trust in government. With due respect, I think that was a very negative point. I think these are the things....

Also, Mr. Trudeau defended Stats Canada in their pursuit of very sensitive financial data from the public. There was a huge push-back to that. This has not been really disclosed: the banks offered the chief statistician at Stats Canada.... They said, “Okay, we will de-identify the data and remove all personal identifiers and then we will give you the data. You can have the data you need but it will be privacy protected because we're going to strip the identifiers.” What did Stats Canada say to that? They said, “No, we want the data in identifiable form.” From what I heard confidentially, there were a lot of data linkages that Stats Canada wanted to make with the very sensitive financial data of citizens. That is completely unacceptable.

I just give you that, ma'am, as an example of things that are eroding trust as opposed to increasing trust.

Thank you.

It's hard to follow Ann in this regard. She has pointed to a couple of examples. I'll give you another one, which is very small and is not one that generates headlines.

I've been actively involved in the creation of legislation that created things like the do-not-call list and the anti-spam law. Political parties have consistently exempted themselves in the name of democracy. If you want to talk about how you ensure respect, stop exempting yourselves as political parties from annoying phone calls at dinner and the ability to spam people.

I think that respect starts with respecting the privacy of Canadians. It's fair to say that when presented with the prospect of real restrictions and the ability to use information, the political parties—and I think this needs to be absolutely clear: This has occurred under Conservative governments and under Liberal governments. This is not about this particular government. It is about the history of governments that, I think, have consistently said that when it comes to privacy-related issues, they are much more comfortable setting high standards for everybody other than themselves. We see that in the exemptions. We've seen that in the inability to get the Privacy Act updated in any meaningful way for decades, and we see it with some of the examples that Dr. Cavoukian just raised.