Information & Ethics Committee on Feb. 10th, 2022

Thank you very much, Chair.

I'm very pleased to be able to speak to you today because I was so concerned with the complete lack of transparency on the part of PHAC, the Public Health Agency of Canada.

Transparency is critical on the part of government agencies, of course. They report to individual citizens, and there was no transparency associated with PHAC accessing—I think they said it was 33 million—Canadians' cellphone data. I found it so disturbing.

I have to read one thing to you, which really resonated to me. MP René Villemure said that PHAC was using the data “without telling anybody”. That, to me, is appalling. You don't just operate by yourself as a government agency, accessing people's very sensitive mobile data.

They didn't consult with the Privacy Commissioner of Canada, Commissioner Daniel Therrien. Commissioner Therrien said, “I do not think anyone would seriously argue that most users knew how their data would be used.” Did the government inform users that their mobility data would be used for public health purposes?

The question of transparency and notice to individuals, to the public, of how information is being used on sensitive data such as mobility data is critical. On mobility data, when you track it, you know where people have been, who they've been associating with, their movements, etc.

I know you might say, “Well, but the data was de-identified—no problem.” There are always problems. It's not a 100% solution, de-identifying data, as you know—phishing, hacking, ransomware.... This is huge. There are brilliant hackers who gain access to so much personal information, and the fact that no one was aware within the government that this was happening, and the total lack of transparency and notice, that's what concerned me enormously. I would say, privacy is all about control. It's about personal control relating to the use and disclosure of your personal information, and location mobile data, this is very sensitive. Nobody knew this was happening, and that's what I find so alarming, and that's why I'm focusing on the lack of transparency.

I want to suggest to you that it is high time for us to upgrade our privacy laws. PIPEDA, the federal private sector legislation, came in during the early 2000s. Our Privacy Act for the public sector came in during the 1980s. These are old statutes. We need to upgrade them and make them reflect what's taking place today in terms of the massive gaining of access to personal data and tracking the data and all kinds of implications and conclusions that could be made on the basis of that, without any notice being provided whatsoever. The public is not aware of the fact that this is taking place.

The fact that the government did this without consulting the Privacy Commissioner of Canada.... They'll say, “Oh, well, we told them.” I know what the commissioner said. The commissioner said, “They informed us”, but there was no consultation in terms of gaining input on whether this was appropriate or not.

Having served as a privacy commissioner for many years in Ontario, I'll say that it's absolutely critical to connect with the Privacy Commissioner and his team, where they can look “under the hood”, so to speak. I always say, “Trust, but verify.” These days, I don't even say “trust”. You need to look under the hood of the data-gathering practices and you need to make the public aware of what's taking place.

This kind of openness and transparency is absolutely critical.

I'll end my remarks by emphasizing that these things can't be done quietly behind the scenes. No, the government has to be open and transparent, consult with people such as the Privacy Commissioner, and provide notice.

Thank you very much.

Thank you, Mr. Chair.

Thank you for the invitation to address this committee on this important issue.

The use of mobility data and the reaction to it highlights some of the particular challenges of our digital and data society. It confirms that people are genuinely concerned about how their data are used, and it also shows that they struggle to keep abreast of the volume of collection, the multiple actors engaged in collection and processing, and the ways in which their data are shared with and used by others. In this context, consent alone is insufficient to protect individuals.

The situation also makes clear that data are collected and curated for purposes that go well beyond maintaining consumer or customer relationships. Data are the fuel of analytics, profiling and AI. Some of these uses are desirable and socially beneficial while others are harmful or deeply exploitative. The challenge is to facilitate the positive uses and to stop the harmful and exploitative ones.

The situation also illustrates how easily data now flow from the private sector to the public sector in Canada. Our current legal framework governs public and private sector uses of personal data separately. Our laws need to be better adapted to address the flow of data across sectors. Governments have always collected data and used it to inform decision-making. Today, they have access to some of the same tools for big data analytics and AI that the private sector has, and they have access to vast quantities of data to feed those analytics. We want governments to make informed decisions based on the best available data, but we also want to prevent excessive intrusions upon privacy.

Both PIPEDA and the Privacy Act must be modernized so they can provide appropriate rules and principles to govern the use of data in a transformed and transforming digital environment. The work of this committee on the mobility data issue could inform this modernization process.

As you've already heard from other witnesses, PIPEDA and the Privacy Act currently apply only to data about identifiable individuals. This circumstance creates an uncomfortable grey zone for de-identified data. The Privacy Commissioner must have some capacity to oversee the use of de-identified data, at the very least to ensure that reidentification does not take place. For example, the Province of Ontario addressed this issue in 2019 amendments to its public sector data protection law, amendments that defined de-identified information for the purposes of use by government, required the development of data standards for de-identified data and provided specific penalties for the reidentification of de-identified personal data. The discussion paper on the modernization of the Privacy Act speaks about the need for a new framework to facilitate the use of de-identified personal information by government, but we await a bill to know what form that might take.

The former bill C-11, the bill to amend the Personal Information Protection and Electronic Documents Act, which died on the Order Paper last fall, specifically defined de-identified personal information. It also created exceptions to the requirements of knowledge and consent to enable organizations to de-identify personal information in their possession and to use or disclose it in some circumstances, also without knowledge and consent. It would have required de-identification measures proportional to the sensitivity of the information and would have prohibited the reidentification of de-identified personal information and imposed stiff penalties.

The former bill C-11 would also have allowed private sector organizations to share de-identified data, without knowledge or consent, with certain entities, particularly government actors, for socially beneficial purposes. This provision would have applied to the specific situation before this committee right now. It would have permitted this kind of data sharing and without the knowledge or consent of the individuals whose data were de-identified and shared. The same provision, or a revised version of it, will likely be in the next bill to reform PIPEDA introduced into Parliament. When that happens, some important questions need to be considered. What is the scope of this provision? How should socially beneficial purposes be defined? What degree of transparency should be required on the part of organizations that share our de-identified information? How will private sector organizations' sharing of information with the government for socially beneficial purposes dovetail with any new obligations for the public sector? Should there be any prior review or approval of plans to acquire and/or use the data, and what degree of transparency is required?

I hope the work of this committee on the mobility data issue will help to inform these important discussions.

Thank you.

I personally am a very strong believer in exercising control and allowing individuals to exercise control over the uses of their data. Traditionally, this has been linked with identifiable data. It has your name, address and other identifiers linked to it. Then, of course, you should be able to exercise total control.

There are means by which the data can be strongly de-identified, as has taken place here. Then our laws, the way they exist right now, no longer apply, because if data is considered to be de-identified, they no longer fall under privacy laws. That's one of the reasons I believe we need to upgrade our laws and reflect that in this day and age, even if you have strongly de-identified data—there are very strong ways of de-identifying data, and I'm not going to suggest otherwise—the risk of reidentification still exists.

I would like us also to explore other means of de-identification. For example, there are now new forms of de-identification that tend to have an extremely low risk of reidentification. This is called “synthetic” data, and this is now growing and being used.

What I'm urging is that people need to be able to retain control of their data, and especially with mobility data, which is so sensitive. I think if anyone had been asked...which PHAC did not do. If anyone had asked or given notice to the 33 million Canadians whose information and mobility data they gained access to whether they would have consented to that—no way, in my view. I think it would have been highly unlikely.

So I think we need to upgrade.

I want to be clear that they did go to great lengths to strongly de-identify the data and then use it in aggregate form. That does minimize the risk of reidentification. I don't want to suggest otherwise. I'm just saying that with mobility data—your cellphone, which lives with you and basically goes everywhere with you—there is such sensitivity associated with that and all the locations you go and who you may associate with, if the data were able to be reidentified and connections made on the part of the government, I think that would be extremely troubling.

So at the very least, the government should have provided notice to the public saying, “This is what we're doing. Here's why we're doing it. We want to track your movements in this COVID pandemic world.” Is that a sufficient reason? Would people have felt the return was sufficient? We have to have some debate about these issues. PHAC can't just decide to do that, as the MP said, without telling anybody. That's what I objected to the most—the total lack of transparency.

What you just told me I find very concerning, quite frankly. I understand the general data would appear very general and you couldn't get anything, but you just referred to data that was much more specific. That concerns me enormously.

That's why I want federal Privacy Commissioner Daniel Therrien to be looking under the hood at all of this. Why was he not consulted as opposed to just being informed? That's completely unacceptable. The minute you get into anything that is more potentially identifiable or detailed, as you were just describing, sir, that's when all the concerns arise. We can't have that.

I don't have any direct knowledge of particular data standards that were used with respect to de-identifying the mobility data in question.

If legislation is going to extend to de-identified data, which it should, it should certainly extend to addressing or identifying what standards should apply, what de-identification standards should apply—

I think it's part of the overall data ecosystem, as some people refer to it, in which we find ourselves. It's that movement that I spoke about between private and public sectors, the flows of data from private sector to public sector.

There's a tremendous amount of mobility data being collected by all kinds of actors in the private sector. At the beginning of the pandemic and throughout the pandemic, companies like Google and Fitbit were publishing their analytics based on people's mobility data, analytics for Canadian cities and Canadian areas. This mobility data about us is collected by many different private sector actors and there are commercial applications for these data. As we can see in this example, government can be applying for that data.

I think that's why it's important that we need to think about modernizing both our private sector and our public sector data protection laws. We need to think about the way in which data flows from the private sector to the public sector and is then used by the public sector.

I think, in particular, that flow between public and private has been one that hasn't really been well considered in legislation in the past. Certainly the collection in the private sector context of these enormous quantities of data, and not just location data, but very fine-grained data about all of our activities, is a real issue.

With due respect, I don't call that transparency. I know Commissioner Therrien very well. He did not say his office was consulted on this, not at all. Being informed of something is very different from being consulted on something. You go to people to consult them, because they have expertise in an area.

As he said, he would have looked under the hood. It's essential to examine how information is being de-identified, aggregated and used for a variety of different purposes. Things can go wrong in a million different places. He may have also said, “I think we need to notify the public. I wasn't aware of any of this, as a member of the public, until I read the stories about it that broke out, all relating to the complaints associated with this, and the fact that John Brassard and others were saying nobody knows anything about this. It hasn't gone to the ethics committee. It was, in my view, not transparent.”

If you know what website to go to, and look underneath, you can find something. That's not transparency. In my view, you have to push it out, tell people, and tell the public what you're doing with their information and their mobility data. I'm not going to suggest there was transparency here.

That question gets at something that is really at the heart of the digital and data society. There is such a huge volume of data being collected that it becomes impossible to rely on individual consent for all uses. Mechanisms have to be in place to supplement consent in some circumstances.

We don't have the time, the energy, nor the ability to manage consent for all of the data that is collected about us, and with everything that we do. Consent remains important, but it's not enough. Other measures need to be in place. There can be many socially beneficial—

I don't think we can make any assumptions that there was a presumption of consent, not at all. I know consent is difficult. I agree that doing this on a large scale can be extremely difficult. I understand all of that. However, at the very least, provide notice, meaning you publicize. You are the government. You're PHAC. You publicize that you're doing this.

At the very least, you go to the Privacy Commissioner, you alert him, and ask for his input and assistance in making sure the public is aware of what's taking place. You alert him that it's being strongly de-identified and aggregated, and therefore the commissioner feels it's appropriate, something like that. You don't do it quietly, in my view. I think that's big mistake.

I totally agree with you. This grows distrust. There's already such fleeting trust anyway. Trust of government is diminishing on a daily basis, and this just leads to the further erosion of trust. I'm very concerned about that. Certainly, one would say you should be able to trust your government. I don't believe we're in a position to do that right now.

It's a very good question, sir. It baffles my mind. I honestly have no idea. When I served as commissioner in Ontario, I was always consulted. If I hadn't been consulted, especially on something like this, I would have been extremely concerned, because that's my business—to get under the hood and look at what's taking place.

I cannot imagine why the government—PHAC—did not consult properly with the Privacy Commissioner of Canada, Daniel Therrien, who is an excellent commissioner in this role. It makes no sense to me.

I hesitate to put a number on it, sir, only because I would probably give it the lowest number and I don't want to be unfair. I haven't examined everything.

This contributes to the erosion of trust enormously. There is already so much distrust out there. Let's leave it at that.

I must admit that this was staggering to me. I had not seen anything on this scale with such a large number of individuals' mobility data being accessed without any notice to the individuals. Forget about consent, but just notice.... It's about public awareness, so that someone would know what was taking place.

When you take this to the Privacy Commissioner.... Had they consulted, the commissioner would also examine the benefit of engaging in this kind of access to the data versus what the results would be. They track people's movements. What is the benefit of that? I don't know. I say that as a question. None of this is open.

They have such strong privacy laws. The GDPR—the general data protection regulation—came into place in 2018. It is one of the strongest laws that exist. I was delighted that it includes my “privacy by design”, which strengthens it even more, builds privacy and embeds it into the code of your operations. I don't think they could have done this.

That's an interesting question. I'm going to give a different example of the Clearview AI situation. You had a private sector company that created a facial recognition database based on scraped data that was then used by the RCMP. The Privacy Commissioner has already said that you can't have a legitimate use by a government actor of data that was collected illegitimately. That relationship is always interesting and it's an important one.

One of the challenges is that, on the one hand, you want to facilitate the use of data for socially beneficial purposes. The private sector is collecting vast quantities of data. There are legitimate questions in some cases about the quality of the consent, the quality of the collection practices and the kinds of data that are collected. In this case, we're looking at mobility data, which are very sensitive, but there are lots of other very sensitive data as well.

It becomes really important to think about that massive amount of data that's being collected under all sorts of privacy policies, which we don't have the time or even the skills to read and understand completely, that may become a product that is then sold to government, as well as to other actors, for their analytics. Right there, if there are flaws in that collection and it is sold, you carry over those flaws and those issues into the subsequent uses of those data.

That relationship is tremendously important.

I see your question and it's an interesting one. If the government is engaging in that kind of surveillance and there are certain rules that the government has to follow, specifically with respect to their collection of that data, and here it's being sourced from the private sector, it does fall under a different set of rules now. It's de-identified and so on, and it doesn't have the same weight or impact that surveillance data would, or the same implementations necessarily as surveillance data would have, depending on how it's used in the context. However, it's also data that the government doesn't really have the capacity to collect in that fine-grain and detailed way.

Again, the privacy issues are very important, but the ability of governments to use the best available data to make important public policy decisions is also important. The trick is finding that appropriate balance between the two.

Mr. Chair, the gold standard that is usually the reference point would be the GDPR in Europe and the rules that have been put in place there, with the proviso that there's no way to copy what's in the GDPR and transplant it to the Canadian context. Every country has its own particular context. It's not a question of saying, “Well, that's the one that we need to have”, but the GDPR sets an excellent standard.

I think public trust is essential, in terms of building it, because it is fleeting right now. That concerns me so much. In the past, when I used to go and speak to public groups, I would have to explain why privacy was important and why I thought they should care about it. I don't have to do that anymore. When I go out and speak to the public, they are so concerned about it.

The public opinion polls in the last two years—from Pew Internet research and others—have come in at the 90 percentile in terms of concern for privacy. Ninety per cent are concerned about their privacy. Ninety-two per cent are very concerned about loss of their information. This is huge. I have been in the business for well over 20 years. I've never seen such enormous concern—consistently in the 90 percentile—associated with loss of privacy. The trust...or the lack thereof that exists right now with government is staggering. As I said, I've been in this business for many years. I've never seen it escalate as it has now.

The growth of surveillance that follows that is massive. A lot of times people say to me, “Oh, you just have to give up on privacy; it's just not possible anymore.” No, we don't give up on privacy. Privacy forms the foundation of our freedom. If you want to live in a free and open society, we have to have privacy, so I fight for this, even though trust is waning. Let's build it up. Let's get our governments to be honest with what they're doing with our information and at least notify us. Having it under the hood, not letting people know about it, just grows distrust, unfortunately.

I was commissioner during 9/11, and obviously it was enormously troublesome, but when 9/11 ended.... You see, during a crisis—a pandemic, an emergency—there are emergency measures that can be introduced to put the privacy laws on hold. The problem is that after the pandemic or emergency ends, often those emergency measures continue. Transparency goes out the door. Surveillance grows and continues to grow. That's what I'm concerned about with the pandemic now.

The pandemic, God willing, will be coming to an end. Measures are already being lifted in terms of our restrictions. We have to ensure that the measures taking place during these emergencies are suspended when the emergency is over, because we need to restore trust and we need to restore privacy. We can't have people believing that we just have to give up on privacy. No: You never ever give up on privacy. Privacy and freedom go hand in hand. They're both essential.

We have to get serious about getting the messaging out about privacy and the measures that need to be invoked at the time when the technology is introduced. A lot of people want to protect their home, so they have all kinds of measures to do that, but it often intrudes upon their neighbour's privacy, because the cameras capture information not just from that household but also from those around it.

Starting with what should be the appropriate restrictions on technology that is intended to be surveillance, what do you do about that and how do you minimize that in terms of its impact on others who don't want to be involved in it and who haven't introduced it into their lives and homes? These are the measures. We need to have measures that reduce the collection of data, of surveillance, and maximize the privacy choices that people can make.

To be perfectly honest, I have no problem with my mobility data being used for legitimate public health purposes in the middle of a pandemic. I have more of a problem with it being used to push ads for cheaper coffee or whatever promotions as I travel around. For me that's more of a privacy concern than the use of my de-identified mobility data for socially beneficial purposes. I think this goes to the balance that we need to find.

I guess what I would say here is I think that part of the problem in this whole situation is the fact that we have companies and we have governments trying to do their best to address how to use data appropriately in this environment for socially beneficial purposes, but we don't have the updated legal frameworks that would apply to them. We don't have clear provisions that say, “This is what you need to do. This is the role of the Privacy Commissioner with respect to de-identified data. This is how transparency is achieved when data is shared for socially beneficial purposes and this is how we define those purposes.” All of this is taking place in this context where we don't have the modernized frameworks for this type of activity in place.

May I add very quickly that Telus for good is excellent. I have no problem with that at all.

That always makes me laugh. That could have been the motto of the Stasi police and the Third Reich, because they would tell people, “If you have nothing to hide, what's wrong with the state knowing everything about you?” It is absurd. It's the exact opposite of freedom. Please, let us preserve our freedom. Privacy forms the foundation of our freedom. It's nonsense that you have to reveal everything to the world and to the government.

That's what I would object to. As I mentioned, after 9/11 it was the same kind of thing.

The measures that were introduced during 9/11 were intended to end after the emergency was over. They didn't. It's always a concern with measures that are introduced during something like a pandemic or an emergency situation, ensuring that they will no longer continue afterwards. I would be very concerned about that.

I would want to be able to work with.... For example, the Telus for good program is excellent at de-identifying and protecting data. They have privacy by design certification. I'd want to work with them and with the government to see how we can make some uses of beneficial information while completely preserving our privacy or perhaps introducing synthetic data. Let's explore different options. This is what I would like to introduce in legislation.

I was concerned by the wording in Bill C-11 in the exception for use of data for socially beneficial purposes that referred to the sharing of this data without knowledge or consent. I think that this transparency issue that Dr. Cavoukian has spoken about and that has been debated and discussed is fundamentally important here.

There need to be some transparency mechanisms so that people can understand how their data is being used. There may also need to be some sort of governance framework in place that sets parameters, puts limits on the use and sets an ethical framework for the use, if that's necessary.

Having specific limits placed on use is absolutely critical. If you don't identify what the primary purpose or main use of the data collection is, secondary uses always arise. We can use it for this purpose or that purpose. A whole series of beneficial uses could be contemplated—

Of course. How do we know what restrictions have been placed on the use of the data by PHAC or others in government? We know nothing. That's why looking under the hood by the federal Privacy Commissioner and auditing all of this is absolutely essential.

The way in which these kinds of data are put together—as you mentioned, millions of people versus small communities—obviously if you have a very small community, it leads to the identifiability of those in that community. That's always a concern. That's why, again, you should always involve the federal Privacy Commissioner, who can examine all of that and make sure that the proper protections have been put into place.

I would have to look at it hands-on. Telus data for good does amazing work. I have looked at Telus' work in other areas in terms of their de-identification of data and aggregation. They do an excellent job, so I agree with Dr. El Emam, who is the expert in this area, that they are doing it properly.

My concerns are not with the de-identification process followed by them.

It's about the transparency or lack thereof.

I'm sure it was. They are excellent in this field.

I want to repeat, my concerns were not with their methodology, it was with the government's lack of transparency in letting the public know what they were doing.

Yes, I will confirm that.

Thank you, Mr. Chair and members of the committee, for the invitation to speak with you today.

I've been studying public health surveillance from a sociological perspective since 2003, when I started my doctoral studies. Over the years, since completing my doctoral work, I've continued to write about surveillance in public health and medical care contexts.

As a sociologist, I tend to prioritize different questions from the ones public health professionals might when considering public health surveillance systems. I share public health professionals' evaluative concerns that touch on questions of efficacy, efficiency, utility, timeliness and so on, but as important or even more important to me are social questions about how surveillance or its effects might be experienced by people in their everyday lives.

I'm interested, for example, in whether people might be advantaged or disadvantaged by surveillance. In my research, I tend to ask critical questions about public health surveillance systems. Perhaps it goes without saying, but I should also stress that while I ask critical questions, I am not against surveillance. In fact, I participate nearly every week in the FluWatchers surveillance initiative, which is operated by the Public Health Agency of Canada. This is one of the surveillance systems that provides data for the COVIDTrends website mentioned by Minister Duclos in his remarks before this committee.

I believe that public health surveillance can be valuable and I wouldn't want to see the Public Health Agency's innovations thrown out with the bathwater, but I'd like to use my time here today to put one critical question about equity on the table for the committee's consideration.

Members of this committee have been asking vital questions about privacy and consent in relation to the Public Health Agency's mobility tracking work. In addition to my fellow witnesses here today and witnesses from whom I believe the committee is going to be hearing in the days to come—Dr. Christopher Parsons, Dr. David Murakami Wood, Dr. David Lyon and others—these issues are going to be well covered. I want to say that I share the concerns of these witnesses.

I want to add an emphasis to what they're saying and a focus on equity questions, particularly this question: Who may experience intensified risks or harms as a result of mobility tracking?

In her remarks before this committee on February 3, Dr. Tam mentioned that mobility tracking could be used to understand the efficacy of public health measures. She stated:

Mobility data at this kind of aggregated level can be used when provinces and territories or local jurisdictions enact public health measures to reduce contact rates or to ask people to stay at home, for example, to see whether those measures are actually working.

What would happen if these data were to show that people, for example, in a Montreal neighbourhood where I live, are not, in fact, staying home? Is it possible that these data would correlate to an intensification of policing or enforcement in that neighbourhood? I would like to know if the Public Health Agency of Canada is thinking about mobility tracking in relation to social scientific work on policing the pandemic, for example, led by Dr. Alexander McClelland, Alex Luscombe and the Canadian Civil Liberties Association.

Because of such equity questions, I would like to encourage the Public Health Agency and the Government of Canada to be more forthcoming in their discussion of emergent surveillance and contact tracing technologies. I think I'm nearly out of time, but I can give you an example of what I'm talking about with reference to the COVID Alert contact tracing application, if members want to pose questions about this.

Let me conclude by saying that I'm speaking today informed by the previous research that I've done and not from empirical data that I've been gathering about this particular mobility tracking initiative. I'll ask the committee members to please keep this limitation in mind while considering my preceding remarks.

I'll stop there. Thank you.

Thank you.

I'm going to take 10 seconds of my time to correct the presentation that was made of me. I've been at McGill University for 10 years. I'm in the faculty of law and in the department of philosophy at McGill University.

I'm not an expert on privacy. My work has focused on a number of areas, but two that are significant or relevant to our present discussions are, on the one hand, the justification and the limits on the justification of rights limitations in a liberal democracy. What processes and arguments can be put forward in order to justify limiting standard liberal democratic rights and freedoms? I have done that across a wide range of rights, including religious rights. How do we justify the limitation of religious freedoms?

The other aspect of my work that is relevant to our discussions today has to do with the conditions of trust in government. What are the conditions? How does government make itself trustworthy, which is probably the most important question, and what are the mechanisms through which it can, in a legitimate manner, elicit the trust of the population?

There are relevant things to say in both those domains, and I'll say them quite briefly.

I live in Quebec, and my perspective is probably coloured by that fact. In general, there has been a kind of process in Quebec of what I would call armchair proportionality testing that has occurred in a fairly regular way, where the government has imposed upon itself to present to the population justifications of the fairly substantial restrictions that it has imposed on people's freedoms and rights, mobility rights, and rights of association. It has often experienced push-back, when it's been felt that either it hasn't shown there was enough evidence to prove that the restriction was one that was necessary to achieve the goal, or that perhaps it was overly restrictive, given the achievements of the goal.

There is a kind of parallel between the sort of formal demonstration of proportionality one finds, for example, in the Oakes test, and the kind of garden-variety proportionality testing that makes it the case that the population looks at restrictions that have been put in place, and says, “Okay, we may not agree totally, but at least there is an attempt at being transparent and public about these restrictions.”

Here's where I think data tracking is a problem: we are not dealing with restrictions. We are not dealing with measures that restrict the ability of Canadians to move around or to associate. Surveillance is relatively invisible, in that the objective is not to restrict our activity, but rather to measure it. The pressure on the government to justify surveillance is not as high as for a restriction. Obviously, when someone is told that they can no longer take part in a particular activity, they will demand a justification.

I think that the government may be tempted to not provide a justification, but it should resist that temptation. If it isn't open and transparent about the surveillance objectives and limits, whether they are limits in time or limits on the type of data being collected, the information risks coming out in a newspaper article and triggering distrust in Canadians. However, this distrust may be without cause. If the government had simply provided the same type of justification that it provides when it imposes restrictions, it is highly likely that the issue of trust and distrust would not have arisen.

In my opinion, that's the difficulty in this current context. There needs to be reflection not only about the measures that federal and provincial governments must take to justify their restrictions, but also about the measures that they must take to ensure that they don't trigger distrust among Canadians.

I will make a comment to the government that was made by a committee member when talking about the general public. If the government has nothing to hide about how it wants to use the data, why isn't it open and transparent? Why doesn't it get ahead of the issue by telling the media and Canadians its intentions and the specific and circumscribed methods that it will use to collect the data?

I'll stop there because I'm probably out of time.

I look forward to your questions.

I can try.

On the FluWatchers, for example, I participate, as I mentioned, in that. I received an invitation to participate, I consented to participate, and I know that when I'm responding to emails the Public Health Agency of Canada is going to take that data, the information I'm giving them, and hopefully use it to inform their epidemiological work.

With mobility tracking, a number of members on this committee and witnesses have been raising consent issues, and I think that these are really challenging issues. In a lot of ways it's not clear to me, and maybe members of the committee could please correct me if I'm wrong about the specific details of this. Every member of the Telus network, for example, knew that if they didn't want to have their data included they should opt out.

I don't want to just impugn this particular initiative. I think this is a general cultural practice that we have of clicking “I agree”. I think Monsieur Villemure said this before in comments before this committee. It's just our culture today. We don't tend to read the terms of service and privacy policies, so we're not often aware. How could we be? They're often not written very clearly. They're not written to be read easily or understood.

This is, I think, a big problem. Many organizations say they're using personal health information, mobility data and other kinds of information. Even after they aggregate it, for example, de-identify it, there's still this kind of issue of consent maybe looming in the background more generally.

Yes, you've said it yourself. I think one thing that will increase trust in the process is if there are very clear, self-imposed limits by the government. This, of course, won't guarantee that there won't be leakage from one department to another, but it will give Canadians and watchdogs, like the privacy watchdog, a clear threshold, a clear benchmark on the basis of which they can say that what you've done here outrepasse—to use a French word—the limits you have imposed upon yourself in order to justify before Canadians the use of this data.

I think it's very important that there just be these very clear limits on the basis of which accountability can be very concretely based.

Just echoing that, I think that we know that early on in the pandemic first responders in Ontario, including police, were accessing COVID testing databases before the practice was stopped. We need to ensure that stronger firewalls are put in place around data that's collected for health and public health purposes.

If I understand the question correctly, I think we're in a very different time now than we were two years ago, which the government has to take into account. All I'm saying is, premised on the assumption that everything that's being done in this domain is perfectly justifiable. I think we are at a time where trust in government requires that that justification be done in a much more overt manner than might have been the case at the very beginning of the pandemic when the general population was, perhaps, willing to give a longer leash, as it were, to the government to act in the public interest.

I will say two things very quickly.

I am not a data expert. When I was invited to appear before the committee, I did some due diligence. I asked some expert colleagues here, at the faculty of law, whether it's true that data can be completely anonymized. In both cases, they gave me skeptical smiles.

There's no such thing as completely “unpersonalizable”.

If there is a risk that what was initially used in a perfectly aggregated and anonymized fashion could then have personalized information reintroduced into it, then a precautionary approach must be used and measures must be taken to address the risk. The worst‑case scenario needs to be used rather than the best‑case scenario, if I can put it that way.

Once again, I am not at all hypothesizing that the current use of data by the government is wrong and reprehensible. I am simply wondering about the conditions that can inspire trust among the general public.

It's one thing to find out information from a National Post article that leads to Dr. Tam being called before the committee. It's quite another if the Prime Minister or Dr. Tam addresses Canadians ahead of time in an effort to be frank and open, expressing their view that significant public health objectives can be achieved by collecting these data, while ensuring that provisions limiting duration and use are put in place.

You know, with two professors, it's difficult to—

In my opinion, it's important that an elected official be the one to do so. I may have misspoken when I said that it would have been the same thing whether the Prime Minister or the chief public health officer of Canada had done it. At the end of the day, decisions on issues as crucial and sensitive as data use should be entrusted to elected politicians. They are the ones who need to do this.

Across the country, there was a kind of confusion about what responsibility falls under public health and what falls under elected officials, particularly senior elected officials. I believe that it is the responsibility of political leaders, rather than of public health, to communicate with the general public.

I don't think we can reach perfection, but I think we should go further. From the research I've been doing, we do not—

I will try to give a brief answer because I know that time is short.

Polarization is a multiplayer game. Responsibility for the current polarization is shared among a number of players. For example, the media are partly responsible.

A prudent politician, in the classic sense of the term, must be able to read the temperature of the room, in terms of polarization, in order to gauge how to communicate with the general public.

We are living in a time when the media are always on the hunt for missteps to increase polarization or draw attention. It may be a regrettable situation, but it is what it is.

I don't want to say that such and such a person is fully responsible for polarization, but it seems to me that elected officials should take action to reduce polarization. I'm not pointing fingers, but I feel that throwing oil on the fire simply creates scandals where none exist.

I agree with you that, in this particular case, it is highly likely that the data use is perfectly harmless. However, hiding things and overlooking the Privacy Commissioner makes it look as though something is something off, which has a tendency to fuel polarization rather than reduce it. That's unfortunate, in the current context.

I will be very honest. Two years of pandemic is a long time, and I think things that were said two years ago are worth repeating regularly. We have lived through so much, and there have been so many twists and turns in the limitations and reductions in terms of rights and freedoms that I don't think this matter can simply be removed from public debate once and for all, at the beginning of the pandemic, to never come back to it.

I would like to see the Public Health Agency of Canada and the governments in Canada be more forthcoming. I feel they are doing a good job, but they could go further.

I mentioned the COVID Alert app, which is something I've studied. If we look at the privacy policy, which is on the website, objectively speaking, in terms of a landscape of privacy policies out there, it's pretty good. It's much more legible than many privacy policies.

Nevertheless, there are still...If you're an android OS user, you have to click through that policy to actually see the way the API works through Google Play to allow Google to access your location data.

I do think we need to go further.

That's difficult. That question could be considered leading.

Once again, these are partisan actions or reflexes that probably have no place in situations like this one. I believe that, at some point, Dr. Tam said that it wouldn't be the end of the world to wait a few weeks for the committee to submit its report. I think that the government is perhaps miscalculating the benefits and drawbacks of the partisan measures that it is taking. That means that Canadians may get the impression that there is something fishy going on, when that may not be the case. It's the height of irony to be in a situation where everyone is criticizing you for something that is baseless because—

Could I just ask for a clarification? Is it what exception in law should there be?

Thank you for that clarification.

I agree. I think that there's, let's say, a history in public health of crisis response. Understandably, public health has articulated surveillance systems to respond to crises, and sometimes these operate at a bit of a lower sort of oversight threshold because of the emergency nature of the response. I think that working with that culture, working to push that culture...let's say “enable the culture”.... I think public health professionals have had a tremendously challenging time in this pandemic and being under-resourced, for example. Could we resource our public health professionals better to attend to things like these kinds of implications that I've been flagging, the privacy implications of the crisis decisions that they're having to make?

This is a broad question. I'm not sure I can give a short answer to it, but I think there are historical examples of epidemiological data collected for good reason but being then subsequently used in stigmatizing ways.

I could point you to the 1982 publication of an article in the CDC's MMWR, the epidemiological weekly report, that identified Kaposi's sarcoma in Haitian communities, and we know that subsequently.... I could point you also to my colleague Dr. Viviane Namaste's work and 2019 book, Savoirs créoles, which talked about the experience of the Montreal Haitian community with this stigmatization that emerges post-1982. I'm thinking sociologically about these kinds of longer effects of specific programs, if I could put it like that in response to your question. I think we need to do better going forward.

It would probably be better if tried to provide you something in writing. I don't know how to say anything in 10 seconds.

I don't think I have anything to add to this beyond what we heard from Dr. Cavoukian and Dr. Scassa today. I think it is the case that, the smaller the population, the greater the risk of identification in any kind of dataset, probably, but I'm not an expert on de-identification and reidentification.

Sure, I'll try. It was in a bigger email response that the statement was highlighted in. I was talking about what I think I've mentioned in my comments today, this possibility of other organizations using mobility data to guide their activities. It's not something that we know a lot about, but these data leakages, let's say, do happen from time to time.

I was simply trying to point to the fact that sometimes this mobility data can be used by organizations, like Dr. Tam said, to make recommendations or identify problems like people not obeying lockdown regulations or curfew.

My question is: What happens after that recommendation is made? Do we see an intensification of enforcement? If we do see intensification, does that potentially fall on communities that are dealing with other issues? Maybe they're doing shift work or what have you.

I'm not sure if I'm being clear in my answer, but—

I think that there are important uses that could be made of data that, in other circumstances than that of a pandemic, we would expect to be private. Publicity on the ends to which this data is being placed, the limits on the use of the data, like temporal limits—when we are going to stop doing it, what the indicator is with respect to the pandemic that is going to make us say we're no longer in an emergency situation that justifies this extraordinary use of data—would go a long way in reducing some of that uncertainty.

Thank you for the question. I guess a brief answer would be a twofold answer.

There is a lot of work to do to educate people about data flows that are related to their use of mobile telephony. That is one thing. I would tend to like to see an opt-in approach rather than an opt-out approach, but I know that also has costs in terms of uptake, in terms of implementation. I think that's a debate but I would like to see an opt-in orientation.

I'm not sure how to answer that question. It is a great and a big question, but I'm not sure how to answer it.

I suppose we could hold the FluWatchers program, for example, which is an opt-in initiative side by side with mobility tracking, which is opt-out. I know that Dr. Tam said they give very different data.

I recognize that the Public Health Agency of Canada needs and sees a value in mobility data. I'm coming at this not as a public health professional but as a sociologist, so I also recognize that I have limitations in my kind of position. I want to make that clear.

I think that these are two different approaches to consent and from a privacy perspective, I would tend to favour an opt-in approach like FluWatchers.

I believe that the first balancing act is still very important.

To pick up on the discussion between Mr. Bains and Mr. French, I think one of the things that makes the current situation really difficult is that the end goal of ensuring public health, which is assisted by data collection, can only be met if the vast majority of the population is enrolled in some way. That makes individual consent and the opt‑in approach difficult. The balance is even more fragile when something like the opt‑in approach serves the public good.

Concerning partisanship, we live in a political system where elections are held every four years. I think it would be nearly impossible to prevent politicians from looking at the election calendar and measuring their actions in part on that basis.

I would say that they sometimes miscalculate. In prolonged emergency situations—and I consider two years to be prolonged—people expect politicians to rise above partisan politics. Sometimes, actions that can be perceived as savvy political moves have a tendency to alienate the public's trust. I don't know whether what I said was clear.

This a debate that is happening in public health and beyond public health. In 2020, colleagues and I wrote a paper about contact tracing, talking about what we described as “corporate contact tracing” and raising questions for debates by public health authorities and scholars about an increasing reliance upon private sector organizations to execute their duties and responsibilities to the public at large. It raises a lot of difficult questions. In my mind, there's no clear way to draw the line.

The fragility of the public health system matched with the incredible data collection capacity of a number of private sector organizations makes it seem quite reasonable that we would turn to Facebook, etc., for data. Maybe that's a good idea, but there are also ways in which these public policy turns might drive more business toward these platforms.

That's a very good example. We have these mechanisms in place, which are the sorts of things that people can't look at under the hood of these very complex questions, but here's someone who has been nominated precisely because we think that's their job. When they're sidelined, it tends to raise suspicion that there is something to hide, whereas—and I insist on this point—there might not be anything to hide.

It becomes increasingly paradoxical that the government chooses to sideline a trust-building institution when, in fact, it could very well have been that had he looked under the hood at this data collection process, he would have found that everything was entirely ethically appropriate, from a privacy point of view.

Sure.

None of what I've said so far should be interpreted as me saying that I don't think we should be doing this. It's what tests we impose upon ourselves. I think that in Canada we have kind of proportionality thinking. Are we limiting people's freedoms too much? Are we showing that the limitation actually serves the end we're claiming it's serving? That's a good framework to do it in.

We also have agencies like the Privacy Commissioner that are tasked with doing that sort of thinking for us.

I think we might very well have ended up in a situation where he would have said that the use that's been made of this data is entirely proportionate to the very valid end that is being served. We just haven't had that demonstration from the kind of public body—

I'm sorry.

We academics aren't very good at being concise.