Evidence of meeting #68 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was online.
A recording is available from Parliament.
3:30 p.m.
Conservative
The Chair Conservative Bob Zimmer
I call the meeting to order.
Welcome, everyone, to the Standing Committee on Access to Information, Privacy and Ethics. Today we're continuing to study PIPEDA, as we all know it, the Personal Information Protection and Electronic Documents Act.
We'll start off with Jane Bailey.
You have 10 minutes.
3:30 p.m.
Professor Jane Bailey Professor, Faculty of Law, University of Ottawa, As an Individual
Thank you.
Together with Professor Valerie Steeves, I co-lead a seven-year project funded by SSHRC called the eQuality project. It's focused on understanding how big data practices, especially targeted advertising, affect young people's online interactions and can set them up for conflict and discrimination.
Today, I'm going to be drawing from research from several Canadian studies on young people. Two are 2017 studies. One was conducted by the eQuality project for the Law Commission of Ontario and is related to online defamation. The other was co-conducted by the eQuality project and MediaSmarts, under a grant from the OPC. It focused on young people's decision-making about privacy in the context of posting photos online. I'll also draw from the eGirls project, which was a three-year project co-led by Professor Steeves and I that looked specifically at young women's and girls' online experiences. Finally, I'll draw from the results of the MediaSmarts study entitled “Young Canadians in a Wired World”, most recently reported on in 2015-16.
Basically, I think there are three take-aways from these studies of relevance to this committee. First of all, young people are very concerned about reputational harm, and for girls and young women in particular, permanent reputational harm is considered by many to be the danger associated with networked media. Second, privacy, particularly the mechanisms for controlling access to and use of young people’s data is foundational to addressing these harms, particularly as young people think about whether and how the information they post or that is posted about them now may be unfairly used out of context in the future in ways that interfere with their prospects for employment and maintaining healthy relationships, among other things. Third, young people do have strategies and norms to mitigate these dangers, but corporate practices and online architectures make it very difficult for them to implement those strategies, or invisibly undermine them through machine-based processes such as algorithmic profiling for targeted advertising.
In a nutshell, from the studies on youth perspectives from our Canadian research, young people do actively seek out online publicity, but they are also particularly aware of the complications that publicity introduces. Because of this, they rely on a number of strategies to protect their online reputations, including thinking very carefully about what they post, monitoring what other people are posting about them, and getting colleagues to assist them when material is posted about them that is negative. However, the commercial nature of networked media makes it very difficult for them to keep control over their reputations.
In what we've come to call a perfect storm, digital architectures incent young people to shed data that is in turn used to profile and categorize them for purposes of targeted advertising. This involves predictions about who they are and who they ought to be that are often premised on narrow, mediatized stereotypes and presumptions about the groups into which they are aggregated. When young people try to reproduce these stereotypes themselves in order to attract the “likes” and “friends” set up by platforms as numeric markers of success, they are opened up to conflict with others who monitor, judge, and sometimes stalk them.
In this environment, we asked young people what policy-makers should do. I have four things I want to share with you.
The first thing is that you need to directly engage young people in the policy-making process. Policy development models need to be reformed to require direct engagement by young people from diverse social locations as experts in the policy formulation process itself, because research to date indicates a serious gap between policies set by adults and the experiences of young people.
Second, we need to look for responses that go beyond telling youth what to do and what not to do. The young people in the research that I'm drawing from today understood that being involved in networked spaces was essential to their lives, and all indications of our social, economic, and cultural worlds affirm that reality. It's not just an impression that they have. In fact, we’ve spent billions of dollars and years of policy and program development trying to get them online and to keep them online as part of our economic development plans. As such, advice like just going offline if you want to protect your privacy or you don't want to be harassed is both unrealistic and insulting.
Third, move beyond informed consent models. In the current environment of surveillance and prediction that is largely invisible to the user, traditional data protection models based on consent just aren't enough to protect young people's privacy and equality because, in many cases, no one can even explain what it is that machines are doing with our data. Further, and in any event, if we could explain that, simple disclosure of those processes wouldn't be enough because network technologies are so embedded in young people's lives that young people really have no choice but to consent to terms of use that purport to allow these practices, even when they don't agree with or understand them.
Fourth, we need to regulate platform providers to improve privacy and equality. Many of our participants suggested that platform providers should not be permitted to keep young people's data as long as they do. This was in part because they were so conscious of how the permanent cache of information about them opened them up to judgment and reputational harm that could affect them now and in the future.
There are a number of potentially responsive regulatory options. First of all, as many people have testified before this committee, we can ensure that the OPC has enforcement powers in order to deal with these issues effectively.
Second, we can mandate greater accountability and transparency by service providers as a first step to better understand what exactly it is they are doing with our data to profile us and shape our online experiences, and to find out how often that profiling and those processes are premised on discriminatory stereotypes or yield discriminatory outcomes that affect individuals' life chances.
This kind of profiling—machine-based, invisible to users, involving processes humans often cannot understand or explain—can lead to discrimination on grounds that are currently legally prohibited, some of which could have serious implications for young people in particular. Currently, it's very difficult to open up the black box and understand exactly what it is that's happening, although we get glimmers from research projects such as that of ProPublica, which recently revealed discrimination in the price of SAT prep tests such that Asian students were more than twice as likely to pay a higher price for a prep test because they were Asian or because they lived in a zip code that was associated with Asians from both high- and low-income groups. It may well be that insights gained from this kind of disclosure from service providers about what it is they are doing will make it even clearer that the best option is just to prohibit the use of young people's data for the purposes of targeted advertising, full stop.
Third, we can consider legislative provisions that are better aimed at supporting young people in protecting their reputations now and in the future than the current PIPEDA provisions relating to accuracy and completeness. These include examples such as the right of erasure, as seen in California, and the right to be forgotten, as seen in the European Union, which I can say more about if others are interested later on.
Finally, if we're simply too wed to the consent model to depart from it despite knowing its obvious limitations in the climate we're in, we could consider requiring service providers, regardless of their terms of service, to get separate, explicit consent from young people or their parents to use their personal information for targeted advertising, and to provide ongoing, easy opportunities to opt out of that decision. It's less likely to be as effective as any of the other things I've talked about, but at least it offers the possibility of interrupting the commercial cycle of presumed access to young people's data.
In conclusion, the current commercial “data for services” model of network communications renders young people vulnerable to discriminatory profiling and reputational harm that can have long-lasting impacts. It's time for us as adults to take responsibility for the economic and social policies that have resulted in their seamlessly integrated online-offline world. Carrying out that responsibility requires the direct engagement of young people from a variety of social locations in processes like these, rather than just asking for the opinions of adults like me who have had the privilege of working with some of them.
Thank you.
3:35 p.m.
Conservative
The Chair Conservative Bob Zimmer
Next, we have Mr. Owen Charters and Ms. Rachel Gouin from the Boys and Girls Clubs of Canada.
I'm not sure which of you is speaking, or both, so please go ahead. You have 10 minutes.
3:40 p.m.
Owen Charters President and Chief Executive Officer, Boys and Girls Clubs of Canada
Thank you, Mr. Chair.
I'd like to thank the committee for inviting us to be here. I'm the president and CEO of the Boys and Girls Clubs of Canada. Rachel is our director of research and public policy. We're excited to be here to present as part of the study on PIPEDA. We're pleased, actually, that the committee is spending some additional time, especially on this issue of children's privacy. We've shared our full recommendations in a letter already, but I want to go into a little more detail today.
One of the things you should know is that the Boys and Girls Clubs of Canada is Canada's largest child and youth serving organization. We serve about 200,000 children and youth across the country in more than 700 locations. We're there during the critical out of school hours for children. Our clubs offer children safe spaces. They can explore their interests, develop their strengths, and realize positive outcomes in terms of self-expression and academics. We do all sorts of programs around healthy living, recreation, mental health, and more. Our trained staff and volunteers help young people build the confidence and sense of belonging that they need to overcome barriers, form positive relationships, and mature into responsible, caring adults.
What is really important is that we offer a range of programs that are focused on education, digital literacy, and coding. Many of our clubs have tech centres that facilitate children and teens' access to the Internet. We are often enabling young people's access to online environments, especially if they don't have have access in many other places. Part of that is what brings us here today.
While we're doing our part to equip Canada's young people with digital and media literacy skills to help them navigate the online environment, we are concerned that marketers are collecting private information from minors, without meaningful consent. We're here to ask the government to explicitly include children's privacy rights in the Personal Information Protection and Electronic Documents Act.
We think that's important for two main reasons. One, from a developmental perspective, young children are not able to properly determine the risks associated with sharing private information online. Media skills training is definitely not enough in that regard. Two, we recognize that children are online at a young age, and sharing personal information for years before they reach the age of majority. We know that corporations are compiling quite a profile of Canada's children, and we don't think that's right.
While guidelines do exist, we know for instance the Canadian Marketing Association has a code of ethics, and the Privacy Commissioner has also issued guidelines. However, the collection of children's private information by corporations is not regulated or enforced.
In 2015, the Office of the Privacy Commissioner participated in a global sweep that determined that many websites and developers were failing to adequately protect children's privacy. In Canada, that amounted to 62% of those who reported. We discovered that they may disclose personal information to third parties, and that is simply unacceptable.
Last February, we published an op-ed calling on the government to introduce a law that would protect children's online privacy. Such a law does exist in the U.S. The Children’s Online Privacy Protection Act, or COPPA, requires parental consent for collecting personal information from children under 13. We want to add our voice to those calling on the government to explicitly include children's privacy rights in PIPEDA.
Today we're asking for four measures to be undertaken.
First, we ask the government to prohibit the collection, use, and disclosure of all personal information from children under the age of 13. Children are accessing the Internet at younger and younger ages, and from their own personal devices. They're too young to understand the implications of data collection and use. There need to be limits on what is appropriate to be collected, and restrictions on the types of data that can be collected from websites and applications aimed at children. I, personally, have often noticed that my own children have wandered away from the website, or the application I have opened for them, and may be attempting to visit new sites. Clicking on surveys and answering questions is a game for them, and does not come with an understanding that this is trading personal information for access.
The second recommendation is that the government follow the lead of the European Union's general data protection regulation, and require parental or guardian consent for access to online services for children aged 16 and under, or as that particular guideline requires, a lower age but no lower than 13. It is important, we feel, that parents be involved, as only parents or guardians should be able to provide informed and explicit consent for the collection of information. Parents should be aware, and responsible for the activities of their children online, and mechanisms that require explicit parental consent also serve to ensure engagement and awareness of what children are visiting and exploring online.
We were particularly struck by Dr. Valerie Steeves' February 16 testimony. I know she is a colleague of Madam Bailey. She found that almost none of the 13- to 16-year-olds she surveyed could remember the point at which they consented to the collection of their information when they signed up or posted material on Snapchat or Instagram. When we also consider Dr. Steeves' finding that 95% of 10- to 17-year-olds surveyed said that marketers should not be able to see what they post on social media platforms, we can conclude that young people's consent is definitely less than informed.
Our third recommendation is that we ask the government to provide children and youth the right to be forgotten when they reach the age of majority, requiring that corporations be obligated to remove private information immediately unless the newly adult person gives his or her explicit consent to the continued collection, use, and possible future disclosure of their personal information gathered during their minority.
We know how children use the Internet, and the choices made while under the age of majority are not reflective of the identity and choices they will make once they have reached the age of majority. While we know there are also many out there who would like their online life to be erasable and forgotten, children should actually be able to benefit from this right.
Lastly, we want to make sure that these new rules are enforceable. We ask the government to give the Office of the Privacy Commissioner the power to enforce new children's privacy regulations. It is not enough to just create these laws. Companies and sites must be monitored and held accountable for their compliance with these provisions.
Some have argued that there are jurisdictional issues in overseeing consumer rights and that this might be a provincial issue. However, we would encourage two particular perspectives on this. First, the federal government needs to show leadership in this respect. The laws in the U.S. governing children's protection date from 1998. We are sorely behind in this regard, almost 20 years, which is an entire generation of children growing up on the Internet in this unregulated environment. Second, we'd argue that this is not about consumers, as children are not the purchasers in a household, but about protection and privacy of children's personal information.
Education is as critical as enforcement. Resources such as those that have been developed by the Privacy Commissioner, those that have been developed by MediaSmarts, as mentioned already, and those in the U.S. such as “Stop, Think, Connect”, from the National Cyber Security Alliance, need to be promulgated to Canadian families and educators and make sure that Canadian resources are further developed for use.
Some have commented that it is unusual for a general youth-serving organization such as ours, the Boys and Girls Clubs, to choose to advocate for the protection of children's privacy rights. However, we're proud to stand up for children and youth on a broad range of issues. We were conducting background research on Internet safety and were actually, frankly, surprised by the lack of protections for children in Canada. We are concerned about Internet access, and children are accessing the Internet more frequently, often within our clubs and our technology centres and on their own devices.
The review of PIPEDA offers an opportunity for the government to address that gap. Boys and Girls Clubs of Canada is proud to add our voice to this mix, and we're grateful for the opportunity to speak about the privacy rights of Canada's children and thank the committee for taking additional time to address concerns specific to this population.
We hope that the discussion will lead to stronger protections for children, protections that can be best asserted by explicitly including children's privacy rights in PIPEDA. We will welcome your questions.
3:45 p.m.
Conservative
The Chair Conservative Bob Zimmer
Thank you, Mr. Charters.
Next we have the National Association for Information Destruction, Canada. Mr. Backman, you have 10 minutes.
September 25th, 2017 / 3:45 p.m.
Kristjan Backman Chair, National Association for Information Destruction - Canada
Good afternoon, and thank you for the opportunity to be here today.
My name is Kristjan Backman. I chair the National Association for Information Destruction in Canada. This is a voluntary position. In my day job I run a small company called Phoenix Recycling. We're a Winnipeg-based company that does information destruction services.
NAID-Canada is a non-profit association representing companies that specialize in the secure destruction of information, with members in every province across Canada. Our mission is to raise awareness and understanding of the importance of secure information destruction, and in doing so we want to ensure that private, personal, and business information is not used for purposes other than for which it was originally intended.
NAID-Canada also plays an active role in the development and implementation of industry standards and certification. We provide a range of member services, which include advocacy, communication, education, and professional development. It's worth noting that NAID certification is often mandated contractually by clients who use information destruction services to ensure that service providers meet regulatory and security requirements.
The issue I'm here to address today is often overlooked, yet is a critical aspect of privacy protection, namely the secure destruction and disposal of records that are no longer needed. Our mantra in NAID is that information is only as secure as the weakest link in its life cycle, and far too often little attention is paid to the end of a document's life cycle. We see evidence of this on almost a daily basis in the media, with reports of information being left intact and publicly accessible in dumpsters, recycling bins, and discarded electronic devices sent for reuse and recycling.
It's difficult to measure how pervasive this problem is, but NAID-Canada and our sister associations around the world have conducted investigations into unsafe destruction practices. Our first such investigation was in Toronto, in the GTA, in 2010, when NAID hired a private investigator to go dumpster diving and look for personal information. In that survey, 14% of the commercial dumpsters that we examined had personal information intact and easily accessible to the public. That exercise has since been repeated in Australia and Spain and has sparked national conversations in those countries around the failure to securely destroy information that's no longer needed.
As the world becomes increasingly paperless, the threat of unsafe destruction of information has become more complex. All the electronic devices that we store information on, and wiping those devices of that information when disposed of, has become a major privacy issue. As evidence of that, in April our U.S. association released the results of the largest-ever study looking for the presence of personally identifiable information on electronic devices sold in the second-hand market. It found an astonishing 40% of the devices sold through publicly available channels contained personally identifiable information. These are tablets, cellphones, PDAs, and hard drives.
I know the committee is interested in youth privacy protection, and there is perhaps no demographic more impacted by a failure to securely destroy information stored on electronic devices. The implications for anyone having their entire private life exposed if personal electronic records are breached is severe, but for youth more so. We recently received a letter from the Privacy Commissioner about a recycled devices study, and we agree with his assessment in this area, where much more education is needed, particularly with youth.
With destruction more generally, we've had many cases in Canada of sensitive personal files, including those related to youth, being breached through a failure to destroy personal information. This has included medical records and client files from the Children's Aid Society. Again such breaches are potentially devastating for all ages, but more so for youth.
This is just a snapshot of the problem. Let me turn to some solutions, which are detailed in our written submission that we made to the committee.
NAID-Canada believes that PIPEDA should include specific requirements that information must be destroyed when it's no longer needed, and that destruction should be defined in the legislation. Currently destruction is only a recommendation in PIPEDA, not an obligation. We believe that making it an obligation would force organizations to treat destruction more seriously. As for a definition, NAID-Canada defines “destruction” as “the physical obliteration of records in order to render them useless or ineffective and to ensure reconstruction of the information, or parts thereof, is not practical”. This definition applies both to paper and to electronic records as we believe the specificity of the definition is required in the legislation to ensure “destruction” is not left to interpretation.
Recycling, for example, is not destruction as records may remain intact and vulnerable to a privacy breach for extended periods of time.
Putting a destruction obligation into PIPEDA and defining the term are our two primary recommendations, and I should note that they were endorsed by this committee the last time it reviewed PIPEDA. The government, instead, felt the issue could be addressed with guidelines, and those guidelines have been developed. However, we still believe destruction should have legal weight behind it.
Building on that point, I would note that other jurisdictions impose significant fines for failing to properly destroy information. For example, a Missouri medical company was fined $1.5 million for leaving medical records in a public dumpster. In Canada, we have an epidemic of cases involving medical records in dumpsters. Perhaps we wouldn't if we had proper fines like those in the United States.
NAID Canada supports fining and order-making powers for the Privacy Commissioner. Likewise, we support breach notification laws and look forward to their implementation here.
Finally, please let me close with a general comment about Canada's global standing in privacy protection. As our organization has branches around the world, we have considerable insight into that, albeit from our fairly limited perspective of information destruction. That said, Canada is falling behind. Other countries have been far more decisive in mandating safe information destruction, and the fines in the U.S. are punitive. The long delays in getting breach notification law into effect in Canada put us well behind many of our peers, though we are pleased to have seen the draft legislation to implement this law finally published earlier this month.
Also, we have noted the considerable attention paid during these hearings to the more aggressive general data protection regulation in the EU that will go into effect this year. European policy-makers have learned what all regulators eventually do—that clear, unambiguous direction and strong enforcement provisions are the only way to ensure the protection of personal information.
As we remind the committee, we service providers are subject to the same stronger penalties. Even so, we are willing to confront this increased liability because we realize it's better for everyone, and it's really the only solution.
In closing, let me state that we are sensitive to those who are concerned about compliance costs, and our members are businesses, so we get that. However, any smart business should already be securely destroying the information that's no longer needed since the financial and reputational risks of a breach are far greater than the costs of securely destroying the information.
That said, incidents related to a failure to safely destroy information keep happening, and it has been almost a decade since the last PIPEDA review. We think it's time to amend this legislation to include a secure destruction obligation and a definition of what that entails.
Thank you for your time, and I look forward to your questions.
3:55 p.m.
Conservative
The Chair Conservative Bob Zimmer
Thank you, Mr. Backman.
Just to note, we're going to be done our meeting today at five o'clock because we have committee business. We have approximately an hour.
We'll start with MP Long for seven minutes.
3:55 p.m.
Liberal
Wayne Long Liberal Saint John—Rothesay, NB
Thank you, Chair.
Thank you so much to our presenters this afternoon. They were very interesting.
I'm going to start with a very quick, broad question to each of you, starting with you, Mr. Backman. Should we just forget about the right to be forgotten? Is it even realistic?
3:55 p.m.
Chair, National Association for Information Destruction - Canada
No, I don't think you should forget about the right to be forgotten. I think that with information being collected and aggregated in ways that we don't understand, I think the ability to say to the people who are collecting that information that they need to get rid of it is important.
3:55 p.m.
Prof. Jane Bailey
Yes, I agree. I think the right to be forgotten is going to become more and more relevant the more complex data collection and profiling systems become.
3:55 p.m.
President and Chief Executive Officer, Boys and Girls Clubs of Canada
I actually think there's an interesting piece in that question, which asks whether it is actually technically feasible, because we know there are things like the Internet archives that collect and archive pieces.
But I don't think that should prohibit us from attempting to do what I think is important, especially when we're talking from the perspectives of children and youth. Unless you understand the consequences of the information you're posting, I think you need to be making the more-than-valiant effort. I think we need to be doing the right things, ultimately, in order to make sure that there is some semblance of a right to be forgotten enshrined in law.
Then the next piece is how you actually make that take effect, and I think we're seeing that all over, from trying to regulate those who are uber to others, let alone trying to understand how you erase an identity. But I think it's a piece that needs to be enshrined, and then we figure out the “how”.
3:55 p.m.
Liberal
Wayne Long Liberal Saint John—Rothesay, NB
Thank you.
Ms. Bailey, with respect to PIPEDA and meaningful consent, we all see these stats. I think they probably change weekly. Give or take, roughly 75% of youths 13 to 17 years old have cellphones now, 71% use more than Facebook, and 92% are on social media daily.
With respect to meaningful consent, here's what scares me. My kids aren't really kids anymore—they're young adults—but we certainly have friends with younger children. As recently as two weekends ago, we were home and had some of our friends over. Their kids were there and of course were on their cellphones. I took a little more notice of what they were doing. They were going through sites and apps and clicking on agreeing to this and that.
With respect to meaningful consent, especially in Canada with PIPEDA, I'd like you to elaborate a bit on the GDPR and on COPPA in the United States, but what can we do in Canada with respect to tightening up meaningful consent? Is it consent by 17-year-olds and up, as I think one of you mentioned, and you're good to go? For 13 to 17, do you maybe need parental consent?
Can you elaborate on meaningful consent and how you would like to see that tightened up in Canada? Can you compare it with the GDPR and COPPA?
4 p.m.
Prof. Jane Bailey
I don't think meaningful consent is real. I don't think you can have informed consent in the environment we're living in, and we won't have it in the future, because meaningful consent is informed consent, and you can't be informed of things you can't understand. The best-intentioned industry players cannot explain things like how the Facebook algorithm decided to allow people to place ads for “Jew haters” as a group. They can't explain that.
Informed consent, then, becomes a very problematic concept. That is why I said all of those other things, and why I said that if you're so wed to informed consent, then I think you have to start thinking about measures that.... The thing about it is that if you say, okay, if they're 13 to 17, we'll have their parents' consent, but their parents won't understand it. I don't understand it. It really isn't isolated to young people. Nobody understands exactly what's happening with their data.
To me, what we have to be thinking about is what we're going to do about regulating the collection, retention, and use of data instead of trying to pretend that we're going to have this individual consent model in a situation where people cannot understand what they're consenting to.
4 p.m.
Liberal
Wayne Long Liberal Saint John—Rothesay, NB
I'm going to come back to you, if you don't mind.
Mr. Charters, can you elaborate on what you think with respect to meaningful consent with regard to the Boys and Girls Clubs? What rules do you have in your clubs with respect to social media and youth on cellphones? Can you elaborate on how you think we can tighten up what meaningful consent should be and how we can enforce that?
4 p.m.
President and Chief Executive Officer, Boys and Girls Clubs of Canada
Sure, but I can tell you that we haven't spent the time on getting as in-depth or nuanced a view as my colleague's, which I find quite interesting, because things such as the Equifax hacks concern me. I don't think people knew their data was being used in those ways.
It's exactly that, and we at least are saying that there needs to be consent from someone who at least has the responsibility and the knowledge to try to know better in terms of what those risks might be, hence the parental consent.
4 p.m.
President and Chief Executive Officer, Boys and Girls Clubs of Canada
We've seen it on sites, especially for Internet providers that are in compliance. If parental consent is required, there is an email verification, an age check, and a check-in by creating an adult account alongside a youth account, with teacher and educator accounts alongside youth accounts. They're managed through someone who has been verified to some degree. There is obviously no “perfect” in these processes. That's what we've seen in those who are in compliance with COPPA. Some best practices along those lines would be the route to go ultimately.
4 p.m.
Liberal
Wayne Long Liberal Saint John—Rothesay, NB
I'm curious. With respect to the Boys and Girls Clubs, what rules do you have in the clubs with respect to children on phones and using social media?
4 p.m.
President and Chief Executive Officer, Boys and Girls Clubs of Canada
Part of that is very club-to-club specific. It can vary, but generally speaking, in most of the clubs, personal devices, especially for young kids, are to be put away while they're in the club.
The use of any other access to the Internet is done under supervision. There are tech centres built into many of our clubs. They're managed under supervision. They're used mostly for the purpose of academics, such as finishing homework or doing a project. They're done with academic mentors in the room who are able to observe what's happening, both on screen but also from a central location. As they get older and into the age brackets where as teenagers they're using personal devices to check in with parents and so on, the rules become a little looser, and there's less that the club will often to do to manage that.
However, again, there are rules where those devices need to be put away. There are times when they're device-free and we're focusing on the activities at hand, which I think is very similar to what you'd see at a school.
4 p.m.
Conservative
Peter Kent Conservative Thornhill, ON
Thank you, Chair.
Thank you all for sharing your insight and expertise. I'll start with the matter of education. Anecdotally, in Toronto and the GTA, some teachers in some elementary schools have made it part of their grade 1, grade 2, or grade 3 courses before they become formalized, to talk about the responsible use of and participation in online services, games, and so forth.
You mentioned the complications of jurisdictional direction and authority in terms of setting up new regulations, but I wonder whether you would recommend that, in fact, online behaviour and best practices be as much part of the curriculum from the elementary level upwards as reading, writing, and arithmetic.
4:05 p.m.
President and Chief Executive Officer, Boys and Girls Clubs of Canada
That's interesting. We haven't taken a specific position on that, but I would say, absolutely. We try to provide education to kids of all ages throughout the process, as they become more adept online, and ensure that, just like learning to cross the street safely, this is another environment where that safety needs to be taught from an early age and imbedded in that conversation from the beginning. That's an ongoing conversation.
I would see no reason not to do so. It would make a lot of sense.
4:05 p.m.
Dr. Rachel Gouin Director, Research and Public Policy, Boys and Girls Clubs of Canada
I think what Ms. Bailey was raising is that the education and the strategies that young people develop are not enough. The architecture is very complicated, and you can have the best strategies, but unless there are some protective factors....
There needs to be a balance of both.