Thank you, Mr. Chair.
Thank you for the invitation to appear today to share my views on the privacy impacts of division 23 of part 5 of Bill C‑15, budget 2025 implementation act, no. 1.
Privacy is an important, topical issue in Canada. As more and more personal data is collected, used and shared, protecting it becomes increasingly important to Canadians and Canadian organizations.
In the past two years, we've seen many examples of how Canadian privacy law can address major issues that cause serious and long-lasting harms to individuals—for example, protecting against the non-consensual sharing of intimate images in my investigation into Aylo, which operates Pornhub and other pornographic websites, and addressing the 23andMe breach, which impacted the highly sensitive personal information of seven million customers, including more than 300,000 Canadians.
My recent investigation with my provincial counterparts into TikTok, meanwhile, highlighted the importance of protecting children's privacy in today's online world. The impact of our investigation into this widely used platform went far beyond a report. It also enabled the company to implement improvements to its privacy practices in the best interests of its users, especially children.
I recently announced an expanded investigation into the social media platform X and its Grok chatbot. This investigation will examine the emerging phenomenon of AI being used to create deepfakes, which can present significant risks to Canadians.
These are just a few of the many examples that show the importance of privacy for current and future generations. The examples also illustrate how prioritizing privacy is a strategic and competitive asset for organizations.
That's why it's so important to modernize the legislation so that we can have modern laws to help businesses make sure they have adequate protections.
For organizations, embedding data protection into programs and services can enable responsible innovation, facilitate global operations, improve data security and mitigate risks, including of major breaches. Modernizing privacy laws aligns with Canada's ambition to support growth, to seek opportunities with partners around the world and to continue to be a voice of modern progress, setting the stage for a safe and secure digital future for Canadians and Canadian industry.
Bill C‑15 includes clauses that would amend the Personal Information Protection and Electronic Documents Act to include a right to data mobility to facilitate information sharing among all economic sectors. I support efforts to introduce the right to data mobility in Canada.
A right to data mobility would give Canadians greater control over their personal information and let them decide who their information can be shared with. It would also make it easier for them to switch service providers and choose the organizations they want to deal with. These are important considerations in building trust in today's digital economy.
Enhancing data mobility provisions can also support economic growth in Canada. For example, it would help promote competition and innovation by allowing individuals to take advantage of new business models, like consumer-driven banking, and by encouraging new players in the market, therefore helping to support small and medium-sized organizations. Specifically, Bill C-15 would add a new division 1.2 to PIPEDA that would require an organization, upon an individual's request, to “disclose the personal information that it has collected” from them to a designated organization. This right would be subject to regulations and would only apply “if both organizations are subject to a data mobility framework.”
Bill C-15 would amend PIPEDA to provide the Governor in Council with the authority to make regulations regarding data mobility frameworks. These regulations would cover key aspects of a mobility framework, including safeguards and technical parameters for ensuring interoperability. They would also specify which organizations are subject to a framework and would provide for exceptions to the requirement to disclose information.
Given the scope of the issues that will be regulated, the office of the commissioner absolutely must be consulted by the government as the regulations are developed. I look forward to working with the government on these important issues.
With that, we look forward to your questions. Thank you.