Thanks, Mr. Chairman.
I appreciate this opportunity to be here today to discuss Bill C-28, the proposed Fighting Internet and Wireless Spam Act, or FISA.
The bill before you today closely resembles the former Bill C-27, the Electronic Commerce Protection Act, or ECPA, which this committee studied during the last parliamentary session. Bill C-28 builds upon the recommendations of this committee and stakeholders in response to Bill C-27.
FISA, like ECPA, provides a comprehensive regulatory regime that uses economic disincentives instead of criminal sanctions to protect electronic commerce. The measures introduced in Bill C-28 are based on international best practices.
This regime creates new violations to address the threats posed by spam, malware, deceptive online marketing practices, phishing and spyware.
It also allows for private right of action and introduces administrative monetary penalties in order to hold those who violate the Fighting Internet and Wireless Spam Act—FISA—accountable for their actions.
It also promotes international cooperation by providing authority for the three enforcement agencies, the Canadian Radio-television and Telecommunications Commission—the CRTC—, the Competition Bureau and the Office of the Privacy Commissioner of Canada, to share information with their counterparts around the globe.
We have provided the committee with a redline version of the bill to make it easier for you to compare FISA with its predecessor, ECPA. The redline version can be found at tab three in the blue binders that you have in front of you this morning.
I can take you through that document, if you like, but I would briefly like to summarize two substantive changes that have been made to the bill.
The first change concerns a new clause in clause 3, which can be found on page 4. The Personal Information Protection and Electronic Documents Act, or PIPEDA, contains a primacy clause in subsection 4(3) that, among other things, ensures that the consent provisions in PIPEDA take precedence over other acts. However, since the scope of the consent regime in FISA is more precise than in PIPEDA, it is necessary to include this coordinating amendment, which clarifies that FISA takes precedence over PIPEDA should there be any conflict.
The second change that I would point to can be found on page 59 of the bill, in clause 83. It concerns an amendment to PIPEDA designed to address the collection of personal information when a person accesses a computer system without consent. In Bill C-27, this provision applied when access to the computer system was without authorization. Stakeholders expressed concern that the term “without authorization” was too broad, and to address these concerns the provision now applies when access to a computer system to collect personal information is “in contravention of an act of Parliament”. For example, there was concern that hackers might be able to claim that information obtained about their practices from a website could be considered to be collected without authorization simply through the use of the terms and conditions on the site.
Mr. Chairman, it is our hope that the adoption of this bill will provide an opportunity, through a concerted and cooperative approach involving the public sector and the private sector, to reduce spam and related online threats. At the same time, the bill will permit us to work more effectively with our domestic and international partners to address threats to online commerce.
I would be pleased to take the committee through a more detailed examination of the changes highlighted in the redline version of the bill that has been provided to you, or, if you prefer, we can simply be prepared to respond to questions.
Thank you.
