Evidence of meeting #60 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was pipeda.
A recording is available from Parliament.
Liberal
Ali Ehsassi Liberal Willowdale, ON
Revisiting the issue of the right to be forgotten, you agree that's a significant challenge as well.
President and Chief Executive Officer, Canadian Wireless Telecommunications Association
I do.
Liberal
Ali Ehsassi Liberal Willowdale, ON
However, you're still saying that whatever changes are made to deal with that issue, such as the changes that have been introduced by the EU and will be taking effect next year, they're too burdensome, correct?
President and Chief Executive Officer, Canadian Wireless Telecommunications Association
Exactly.
Liberal
Ali Ehsassi Liberal Willowdale, ON
What would you consider to be something less than unduly burdensome?
President and Chief Executive Officer, Canadian Wireless Telecommunications Association
That's an open-ended question.
I would like to see the status quo, from our perspective, with the CWTA, but again, you see a new law in California that relates to things and you see other jurisdictions moving in directions.... I would say, first of all, that we don't believe there should be any changes, but for anything that would happen, I would like to see a consultative process.
We want to avoid a couple of things. One is the regulatory burden it could have on companies and businesses in Canada, which could perhaps slow down innovation. We also want to make sure that for any changes that come into effect, you will see level playing fields between Canadian companies and companies that are not Canadian and operate within our market.
Liberal
Ali Ehsassi Liberal Willowdale, ON
Then what you're saying is that given that the EU is introducing change, and since you're in favour of a level playing field, that obviously would give us—operators here—a huge advantage, correct?.
President and Chief Executive Officer, Canadian Wireless Telecommunications Association
Under our rules that we don't want to change, yes.
Liberal
Ali Ehsassi Liberal Willowdale, ON
Okay.
I will ask the Canadian Marketing Association a question as well. Thank you for your testimony.
Do you have any officials who focus just on PIPEDA? How does it work? Do you have outside counsel that deals with PIPEDA-related issues?
Vice-President, Government and Consumer Affairs, Canadian Marketing Association
Within the staff of the organization, within our advocacy team, we have people who focus on the issue of privacy. As well, we have our own privacy officer within our organization to make sure that we ourselves are doing things. Of course, we also have outside counsel, through David here, advising us on privacy issues, especially those related to the digital developments.
Liberal
Ali Ehsassi Liberal Willowdale, ON
How do you monitor new technologies, or new marketing opportunities and things of that nature, which are constantly evolving?
Vice-President, Government and Consumer Affairs, Canadian Marketing Association
In much the same way you would in terms of following the literature out there and what's happening.... We also have marketing councils that deal with a variety. There's a digital marketing council, a branding council, and so on. Those councils are following very closely the changing technologies and trends within the various disciplines of marketing, so it's through mechanisms like that within the association.
Liberal
The Vice-Chair Liberal Nathaniel Erskine-Smith
Thanks very much. That concludes our five-minute round. Now we have a three or three and a half minute round for Ms. Trudel.
NDP
Karine Trudel NDP Jonquière, QC
Thank you.
Mr. Ghiz, you talked about the European agreement and about what is happening with the legislation. What good practices could Canada adopt? What would be the things not to do with regard to the bill we are considering?
President and Chief Executive Officer, Canadian Wireless Telecommunications Association
It's a good question. I remember when I was going through my remarks, I was saying to my staff that if I were sitting on the other side of the table, I would look for an area where I agreed with Europe and another one where I don't, and then call me hypocritical.
I also believe you don't always need to reinvent the wheel, so you can look at good things where they happen. Obviously, on the “forgotten” rule, we don't like what's happening in Europe. Around consent, we think they have a better consent model than ours. Those would be two that I would see there.
Vice-President, Government and Consumer Affairs, Canadian Marketing Association
They have, to some extent, a more stringent consent model. We would suggest it's not as innovation friendly, for example.
On the GDPR, the comment I would want to make is that adequacy is not the same as being identical. It would be premature for Canada to move to make changes to our privacy law before having consulted with Europeans going through the process. If need be, if they review Canadian law adequacy, then so be it. Let's see if any issues surface.
Quite frankly, Canada has one of the best privacy protection regimes in the world. It may be different from the the one in Europe, but we don't need to take second place and feel that our law is second to anywhere else in the world. I would strongly suggest that while the GDPR is very important for us all to be watching. It applies to business there. Let's see if they have issues with the adequacy of our law before we rush to make changes based on the GDPR.
President and Chief Executive Officer, Canadian Wireless Telecommunications Association
Just to be a little more clear, it's around their legitimate business interests. They allow more innovation than we would here. That would be the change that I would advocate for.
NDP
Karine Trudel NDP Jonquière, QC
You just talked about personal information. Do you have any comments or recommendations about the retention and disposal of personal information?
Vice-President, Government and Consumer Affairs, Canadian Marketing Association
I'm not an expert in that field, but PIPEDA does impose very clear responsibilities on organizations with regard to the securing of information, safeguarding information, and proper destruction of information when it is no longer needed. That varies in terms of how long you have to retain information, the level of sensitivity, and so on.
Again, it depends very much on context, the industry, and the sensitivity of the information. That is why PIPEDA is based on 10 principles and has the flexibility to apply differently to different contexts.
Liberal
The Vice-Chair Liberal Nathaniel Erskine-Smith
Thank you very much, Mr. Hill.
That concludes our formal question round. We do obviously have some time left on the clock if other members have questions.
Is it all right if I ask...? I have three questions, and I'll be quick.
My first question is this, Mr. Elder. Jennifer Stoddart was the Privacy Commissioner for 10 years. On the first review of the act, she did not recommend new powers for the Privacy Commissioner, but on the second review of the act, in her 10th year, she did. I'd also mention that she's a member of the Order of Canada. She said in 2013:
We have made use of the existing tools under the Act, and in some cases, we have been successful in prompting change—but often after we have invested significant resources and almost always after the fact. We have seen some organizations ignore our recommendations until the matter goes to Court; others, in the name of consultation with the Office, pay lip service to our concerns but ultimately ignore our advice. There is nothing in the law that provides enough incentive for organizations to invest in privacy in significant ways given that they can always renege on their agreement to change their practices and decide not to follow through with the Commissioner’s recommendations after the investigation or audit. The days of soft recommendations with few consequences for non-compliance are no longer effective in a rapidly changing environment where privacy risks are on the rise.
Then she goes on to note that several provincial commissioners and international commissioners not only have order-making powers but fine-making powers, including in the U.K., Spain, New Zealand, and of course a number of provinces within our own country.
To put it more specifically, or more directly, why is Ms. Stoddart wrong?
Special Digital Privacy Counsel, Canadian Marketing Association
Far be it for me to say that Ms. Stoddart would be wrong. What I would offer is that we would take a contrary opinion.
Special Digital Privacy Counsel, Canadian Marketing Association
Yes.
I mean, certainly there may be cases where organizations would not follow recommendations, and may not agree with the recommendations or the findings that the Privacy Commissioner may make, as is their right to do. Ultimately, the way the act is structured, the way it's supposed to be resolved, is that the matter gets brought before the Federal Court. The Federal Court, and the judges thereon, will look at it anew and come to a determination whether the statute was breached or not. That mechanism is already there.
Liberal
The Vice-Chair Liberal Nathaniel Erskine-Smith
Despite Ms. Stoddart's concerns, the Federal Court appeal mechanism is sufficient in your view.
Special Digital Privacy Counsel, Canadian Marketing Association
I think it is. From her perspective, it's more difficult to go through that hoop, rather than just to impose a fine directly, so I suspect that's where that motivation comes from.