Thank you very much, Mr. Chair, and members of the grand committee, for the invitation to speak.
I will try to build on what Mr. Therrien has said in order to cover a few more points. I will also make some references to what other witnesses presented previously.
First, I will be trying to take a more international view, though the themes that are covered by the committee are very global in nature. That's why when it comes to global...the previous witness spoke about an international treaty. One of the reasons, as I will be explaining, that I have decided in my mandate at the United Nations to go through a number of priorities when it comes to privacy is that the general framework of privacy and data protection in law insofar as an international treaty is concerned, who regulates this, doesn't happen to be specifically a UN treaty. It happens to be convention 108 or convention 108+, which is already ratified by 55 nations across the world. Morocco was the latest one to present its document of ratification yesterday.
When people meet in Strasbourg or elsewhere to discuss the actions and interoperability within an international framework, there are already 70 countries, ratified states and observer states, that will discuss the framework afforded by that international legal instrument. I would indeed encourage Canada to consider adhering to this instrument. While I am not an expert on Canadian law, I have been following it since 1982. I think Canadian law is pretty close in most cases. I think it would be a welcome addition to that growing group of nations.
As for the second point that I wish to make, I'll be very brief on this, but I also share preoccupations about the facts on democracy and the fact that the Internet is being increasingly used in order to manipulate people's opinions through monitoring their profiles in a number of ways. The Cambridge Analytica case, of course, is the classic case we have for our consideration, but there are other cases too in a number of other countries around the world.
I should also explain that the six or seven priorities that I have set for my United Nations mandate to a certain extent summarize maybe not all, but many of the major problems that we are facing in the privacy and data protection field. The first priority should not surprise you, ladies and gentlemen, because it relates to the very reasons that my mandate was born, which is security and surveillance.
You would recall that my United Nations mandate was born in the aftermath of the Snowden revelations. It won't surprise you, therefore, that we have dedicated a great deal of attention internationally to security and surveillance. I am very pleased that Canada participates very actively in one of the fora, which is the International Intelligence Oversight Forum because, as the previous witness has just stated, oversight is a key element that should be addressed. I was also pleased to see some significant progress in the Canadian sphere over the past 12 to 24 months.
There is a lot to be said about surveillance, but I don't have much left of my 10 minutes so I can perhaps respond to questions. What I will restrict myself to saying at this stage is that globally we see the same problems. In other words, we don't have a proper solution for jurisdiction. Issues of jurisdiction and definitions of offences remain some of the greatest problems we have, notwithstanding the existence of the Convention on Cybercrime. Security, surveillance and basically the growth of state-sponsored behaviour in cyberspace are still a glaring problem.
Some nations are not very comfortable talking about their espionage activities in cyberspace, and some treat it as their own backyard, but in reality, there is evidence that the privacy of hundreds of millions of people, not in just one country but around the world, has been subjected to intrusion by the state-sponsored services of one actor or another, including most of the permanent powers of the United Nations.
The problem remains one of jurisdiction and defining limits. We have prepared a draft legal instrument on security and surveillance in cyberspace, but the political mood across the world doesn't seem conducive to major discussions on those points. The result is that we have seen some unilateral action, for example, by the United States with its Cloud Act, which has not seen much take-up at this moment in time. However, regardless of whether unilateral action would work, I encourage discussion even on the principles of the Cloud Act. Even if it doesn't lead to immediate agreements, the very discussion will at least get people to focus on the problems that exist at that stage.
I will quickly pass to big data and open data. In the interests of the economy of time, I refer the committee to the report on big data and open data that I presented to the United Nations General Assembly in October 2018. Quite frankly, I would advise the committee to be very wary of joining the two in such a way that open data continues to be a bit like a mother with an apple pie when it comes to politicians proclaiming all the good it's going to do for the world. The truth is that in the principles of big data and open data, we are looking at key fundamental issues when it comes to privacy and data protection.
In Canadian law, as in the law of other countries, including the laws of all those countries that adhere to convention 108, the purpose specification principle that data should be collected and used only for a specified or compatible purpose lives on as a fundamental principle. It also lives on as a principle in the recent GDPR in Europe. However, we have to remember that in many cases, when one is using big data analytics, one is seeking to repurpose that data for a different purpose. Once again, I refer the committee to my report and the detailed recommendations there.
At this moment in time, I have out for consultation a document on health data. We are expecting to debate this document, together with recommendations, at a special meeting in France on June 11 and 12. I trust there will be a healthy Canadian presence at that meeting too. We've received many positive comments about the report. We're trying to build an existing consensus on health data, but I'd like to direct the committee's attention to how important health data is. Growing amounts of health data are being collected each and every day with the use of smart phones and Fitbits and other wearables, which are being used in a way that really wasn't thought about 15 or 20 years ago.
Another consultation paper I have out, which I would direct the committee's attention to, is on gender and privacy. I'm hoping to organize a public consultation. It has already started as an online consultation, but I am hoping to have a public meeting, probably in New York, on October 30 and 31. Gender and privacy continues to be a very important yet controversial topic, and it is one in which I would welcome continued Canadian contribution and participation.
I think you would not be surprised if I were to say that among the five task forces I established, there is a task force on the use of personal data by corporations. I make it a point to meet with the major corporations, including Google, Facebook, Apple, Yahoo, but also some of the non-U.S. ones, including Deutsche Telekom, Huawei, etc., at least twice a year all together around a table in an effort to get their collaboration to find new safeguards and remedies for privacy, especially in cyberspace.
This brings me to the final point I'll mention for now. It's linked to the previous one on corporations and the use of personal data by corporations. It's the priority for privacy action.
I have been increasingly concerned about privacy issues, especially those affecting children as online citizens from a very early age. As the previous witness has borne witness, we are looking at some leading new and innovative legislation, such as that in the United Kingdom, not only the one on digital harms, but also one about age-appropriate behaviour and the liability of corporations. I am broaching these subjects formally next with the corporations at our September 2019 meeting. I look forward to being able to achieve some progress on the subject of privacy and children and on greater accountability and action from the corporations in a set of recommendations that we shall be devising during the next 12 to 18 months.
I'll stop here for now, Mr. Chair. I look forward to questions.