Thank you very much, Mr. Chair and committee members, for this opportunity to provide the perspective of the Canadian Wireless Telecommunications Association, to which I will refer as the CWTA, on the Personal Information Protection and Electronic Documents Act.
This is new to me, so bear with me. I sat on these committees for 12 years, but I was in your seats. Now this is a bit of a different perspective for me. I'll do my best.
CWTA represents member companies from every part of the wireless sector, including wireless carriers, equipment manufacturers, and other businesses that provide services and products to the industry. Over the past 30 years, Canada's wireless carriers have made more than $42 billion in capital investments in wireless infrastructure, and they continue to invest at the rate of more than $2.5 billion per year. These investments are paying off. Today, 99.3% of Canadians have access to Canada's world-class networks.
With 5G technology at our door, the entire wireless communications sector is working to maintain its role as a driver of innovation.
Maintaining the flexibility of the Personal Information Protection and Electronic Documents Act and applying it fairly to all sectors will also help foster innovation.
In his testimony, the Privacy Commissioner highlighted the main strengths of the act: it is technologically neutral, and it is based on general application principles.
The commissioner suggested four issues to guide your study: consent, reputation, enforcement powers, and the adequacy of the Canadian regime compared with the new European regulation.
My comments will focus on the impact of those four issues on the ability of the wireless sector to serve its clients, as well as on its ability to compete and innovate in the digital economy.
On the issue of consent, the commissioner suggested that relying on consent alone may no longer be reasonable in every possible circumstance, given the impact of technology. To that I would first paraphrase a comment submitted by one of our members at the Privacy Commissioner's consultations on consent, that as technology evolves, so do customers' appreciation and understanding of it.
The care that our member companies take in being transparent with their customers about how they are processing personal information—for instance, through clearer privacy policies—is a key part of their trust relationship with their customers. The most important asset for doing business in the 21st century is trustworthiness, and our members are well aware of it.
As for the application of the consent principle, the fair and equitable application of this across industry sectors is essential to our members' ability to compete in the digital marketplace and to preserving consumer trust in the digital economy. What we refer to as the wireless sector is roughly 30 years old, which is younger than a good portion of the companies we represent, yet today Canada's dynamic wireless sector is responsible for close to 139,000 full-time jobs and $13.3 billion in direct GDP contribution. To continue to grow, innovate, and compete with larger global entities, our members must be confident that the rules will apply the same way to Canadian companies as they do to non-Canadian players. This symmetry in the application of the rules also benefits consumers, who would be right to expect their personal information to be treated similarly in similar contexts.
We would suggest that expanding the definition of what is acceptable use for legitimate business interests could provide more clarity in that regard. For instance, in the European Union, personal information can be used for purposes that support the data controller's legitimate interests so long as these purposes are not incompatible with the original purpose for which the information was collected and so long as it does not violate the fundamental rights and freedoms of the data subject. Such a model would allow our members to innovate and compete on the global stage in a way that respects people's fundamental rights and the business relationship that already exists between companies and their customers.
On the issue of reputation, several witnesses have suggested that Canada may want to follow Europe's lead and include an explicit right to be forgotten into its legislative framework. In practical terms, the European right to be forgotten requires that commercial entities receive complaints directly from individuals, that they evaluate the merit of these complaints, and that they alter their systems as required. I am not one to advise the committee on whether a European-style right to be forgotten strikes the right balance between privacy and freedom of expression for Canadians. However, I do urge the committee to be mindful of the potential burden such measures could place on the operations of Canadian businesses involved in the digital economy.
On the issue of enforcement powers, the Privacy Commissioner suggested that stronger enforcement powers would foster greater compliance with PIPEDA. CWTA believes the current ombudsman model is best suited to the current principles-based framework. A collaborative relationship between industry and the regulator is more efficient, and results in better outcomes for consumers. By investing the commissioner with the power to issue fines and impose orders, Canadian businesses would find themselves in an adversarial relationship that would discourage the informal and expedient resolution of complaints, which would be to the detriment of consumers.
As it stands, the commissioner is already naming companies that are deemed to be in violation of PIPEDA. The potential reputational damage from a finding of non-compliance by the commissioner is a sufficient deterrent, given the importance of consumer trust in the digital economy. We would argue that fines would be no stronger a deterrent than the damage to business reputation.
In the specific case of breaches, we are anticipating the coming into force of mandatory reporting and record-keeping requirements, which were added to PIPEDA through the passage of the Digital Privacy Act in 2015. These provisions will be supported by fines of up to $100,000. Breaches themselves are already subject to class action. We submit that the principles-based structure of PIPEDA does not call for enforcement powers. It would be better served by regular guidance from the Privacy Commissioner. Proactive guidance from the commissioner could explain how PIPEDA's general principles should be applied to new business models. It is ultimately not fair to consumers that the companies they do business with should have to wait for complaints to arise in order to develop policies on personal information management for new business lines.
One specific example is the Privacy Commissioner's upcoming guidance on connected cars. The connected car—and in a few years from now, the automated car—is one example of the many social benefits that will come from 5G wireless networks. As such, CWTA shares the Privacy Commissioner's concern with getting privacy right early on in the process. We hope to have the opportunity to share our industry's perspective on this with the commissioner and future guidance documents.
On the issue of preserving Canada's adequacy status with the European Union, I will say that our members recognize the importance of maintaining Canadian businesses' ability to operate on other continents, just as foreign Internet companies compete with us on our own turf. We would urge the committee to take into account the operational repercussions for Canadian companies of any legislative changes made to the Canadian regime.
In closing, I would once again say that we are determined to maintain our strong record in terms of complying with the act and our good relationship with the commissioner. The current model supports a collaborative approach with the commissioner. That has enabled us to emphasize positive results for our clients.
Thank you very much for your time today. I will be looking forward to questions after.