Thank you, Mr. Chair.
Good afternoon. I would like to thank the committee for the invitation today to discuss the privacy implications of Bill C-76.
As you are well aware, citizens' concerns have been voiced globally around how their personal information is being gathered from online platforms and used in the political process. Allegations about the misuse of the personal information of 87 million Facebook users are a serious wake-up call that highlights a growing crisis for privacy rights. Not only is consumer trust at risk, so too is trust in our democratic processes.
As you know, no federal privacy law applies to political parties; British Columbia is the only province to cover them. This is not the case in many other jurisdictions. In most regions of the world, laws provide that political parties are governed by privacy laws. This includes jurisdictions such as the E.U., the U.K., New Zealand, Argentina, and Hong Kong. Canada is becoming the exception.
We recently reviewed the privacy policies of political parties. While these policies have some positive features—for instance, all make provisions for people to update personal information or correct details that are out of date—they all fall way short of globally accepted fair information principles.
Similarly, the standards alluded to in clause 254 of Bill C-76 also fall short. In fact, Bill C-76 does not prescribe any standards. It simply says that parties must have policies that touch on a number of issues, leaving it to parties to define the standards that they want to apply. In terms of privacy protection, Bill C-76 adds nothing of substance.
For instance, the bill does not require parties to seek consent from individuals, limit collection of personal information to what is required, limit disclosure of information to others, provide individuals with access to their personal information, or be subject to independent privacy oversight.
By contrast, in British Columbia, parties must apply all generally applicable privacy principles, and B.C. otherwise has very similar legislation to the federal legislation. In B.C., consent applies, but it is subject to other laws, such that consent is not required for the transmission of lists of electors under electoral laws.
I've heard much support, including from federal politicians, for the idea that political parties should be subject to privacy laws. The government, meanwhile, appears to think that political parties are not similarly situated to private companies as they relate to privacy.
For instance, ministers seem concerned that applying privacy laws would impede communications between parties and electors. This is an interesting proposition, but I have not yet seen any evidence to that effect. That evidence may exist, but it has not been presented for public discussion.
I would note that in Europe, however, political parties have been subject to privacy laws for over 20 years. I understand that such protections have now become part of the culture of how elections are run.
What we know at the end of the day is that democracy appears to still thrive in those jurisdictions where parties must comply with privacy laws.
The precise law where privacy rules should be found does not much matter. It could be the Elections Act, the Personal Information Protection and Electronic Documents Act, PIPEDA—in other words, an act governing privacy protection in the private sector—or another act.
What matters are that internationally recognized privacy principles, not policies defined by parties, be included in domestic law and that an independent third party, potentially my office as we have expertise, have the authority to verify compliance.
Independent oversight is necessary to ensure that privacy policies or principles are not just empty promises but actual safeguards applied in practice.
Together with Elections Canada, we have developed amendments that would achieve these goals. We provided these suggestions to the committee today. If you wish, I can explain them during the question period.
In conclusion, the integrity of our democratic processes is clearly facing significant risks. If there ever was a time for action, this is it.
I welcome your questions.
Thank you.