Evidence of meeting #100 for Industry, Science and Technology in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was consent.
A recording is available from Parliament.
5:10 p.m.
Liberal
Francesco Sorbara Liberal Vaughan—Woodbridge, ON
Thank you, Chair.
Philippe, in your opening remarks, you mentioned Australia as an example or as a bar. Hopefully, that's not a cap on anything that's done in terms of legislation.
Can you elaborate on how Australia has laid out its legislation and what you liked about the Australian model, please?
5:10 p.m.
Head of Policy and Public Affairs, Flinks
Sure, absolutely.
Australia went beyond the financial sector and created a full customer data right. I mentioned that it includes telecommunication, but also energy and so on. Basically, it's a government-led model. It's led by the treasury, which is kind of like our own treasury. It's also mandated into three separate entities: the equivalent of the Privacy Commissioner, the equivalent of the competition and market authority, and another one which is in charge of the technical evolution of it, meaning everything about standards.
It's really a government-led model, in collaboration with the industry and some specific stakeholder groups. I think it's great, because it gives power and really great protection to the consumer.
5:10 p.m.
Liberal
Francesco Sorbara Liberal Vaughan—Woodbridge, ON
What's your feeling about the guardrails in their model, if I can use that term?
5:10 p.m.
Head of Policy and Public Affairs, Flinks
I think they're pretty accurate and complete. It's kind of the carrot-and-stick model. If you participate in the ecosystem, you can develop a business in a safe and secure way. However, if you do not, for example, stand up reliable APIs, if you don't confirm to privacy legislation, you first get important fines, but also you can be discredited in real time. You lose the privilege to participate in the model.
It really has consumers in mind, making sure that when they're doing business with a company, they can be sure that this business has the right validation and the right security and safety measures in place.
5:10 p.m.
Liberal
Francesco Sorbara Liberal Vaughan—Woodbridge, ON
You mentioned the ecosystem. Any time that you update laws, rules, regulations and so forth after that hasn't been done for a 15-year or 20-year period, you want to have the regulations be principle-based—I like principle-based—so that they can expand with and adapt to evolving technology. It's a two-way street.
On the Australian model, since it's already been implemented, how was the ecosystem developed?
5:10 p.m.
Head of Policy and Public Affairs, Flinks
I would say that it developed pretty well, and it's the same with the U.K. There is some form of accreditation. There are kind of tier accreditations. Basically, if you have a new model, instead of doing the full onerous process of joining and having the accreditation, you can go via an agent. It's also a safe and secure model.
The evolution is going well. Of course, technology is evolving quickly. They've made sure, as you mentioned, that it's principle-based, but they have the right committees or stakeholders who are firm about where they can exchange and move forward with the technology.
We were talking about open banking, but it's more and more about open finance and involving insurance, mortgages and wealth management as well. It's evolving in a good way, because they create this kind of environment where players who participate know that other accredited players are safe and secure and it's good doing business with them.
5:10 p.m.
Liberal
Francesco Sorbara Liberal Vaughan—Woodbridge, ON
I'm a big proponent of open banking and I always have been. I've worked both on Wall Street and Bay Street. I try to keep up with everything that's happening within financial services. In open banking, there are different paths going on around the world, in the U.K., the European Union, Australia and the United States. We really need the update to these rules in order to take the next step on open banking.
5:10 p.m.
Liberal
Francesco Sorbara Liberal Vaughan—Woodbridge, ON
My view has always been that the data belongs to the consumer.
5:10 p.m.
Liberal
Francesco Sorbara Liberal Vaughan—Woodbridge, ON
We've rented that data out, basically, to get a service back from the company or entity that we're dealing with now.
5:15 p.m.
Liberal
The Chair Liberal Joël Lightbound
Thank you, Mr. Sorbara.
I summon you to your seat, Mr. Perkins. The floor is yours.
5:15 p.m.
Conservative
Rick Perkins Conservative South Shore—St. Margarets, NS
Thank you, Mr. Chair.
I want to start by following up on a couple of questions, one by the chair and one by Mr. Gaheer, my new lawyer.
Mr. Plourde, I'll start with the interesting question on the issue of blocking the tracking, which sort of struck me as you were saying it and as the chair was asking the question.
Is it a mechanism similar to the one we implemented a number of years ago, the do-not-call list? The government legislated that if you didn't want telemarketers and all those things calling, you could register there. I think it was a five-year thing. Is that a type of thing that the legislation here could do?
I'm struggling with how you could do it, because you're still dealing with having somebody.... If it's through cookies or through the cookie thing, which is very hard, as you mentioned, with the fatigue, it's very difficult to say that somebody will actually go through and click on “Do not track me” out of many options.
5:15 p.m.
Lawyer and Analyst, Option consommateurs
I like your analogy between the do‑not‑call list and a do‑not‑track list. I'll take it a step further. If I ask that my number be added to the do‑not‑call list, all companies must comply with my wish not to be called. I won't have to call each and every telemarketer to say that I don't want them to call me. We're proposing a similar principle for the digital sphere. The analogy makes sense.
I'll provide some context. When I browse the Internet, on almost any mobile application or technology company platform, I see my personal information being collected everywhere. Technology giants reuse that data for commercial purposes for targeted advertising, analyses and so on. Consumer consent for these practices is often not very effective. Most tracking websites use pop‑up windows to ask consumers for their consent to data collection.
We're proposing that a parameter be built into the browser, for example, or into the telephone, that forces companies to comply with a person's decision to not have their personal information constantly collected. The industry has all kinds of mechanisms to help with this to some extent. For example, some mechanisms let us opt out of targeted advertising. However, they don't let us opt out of the ongoing collection of our personal information.
If I'm a consumer and I really want to stop my personal information from being collected online, one of the only options is digital self‑defense. This means blocking cookies and downloading applications that block these systems. However, companies aren't legally obligated to comply with my decision to not have my information collected. We've been proposing to incorporate this obligation into the legislation for a number of years. This would solve the problem by making consumer consent effective and simple. It would be very accessible for consumers.
5:15 p.m.
Conservative
Rick Perkins Conservative South Shore—St. Margarets, NS
Thank you.
The next question I have I'll come back to. That's what I was seeking my legal advice on from Mr. Gaheer; it was on issues around the tribunal, so if I still have time, I'll come back to it.
Mr. Letarte, I think you mentioned issues around proposed subsection 29(1).
5:15 p.m.
Conservative
Rick Perkins Conservative South Shore—St. Margarets, NS
When I look at proposed subsection 29(1)—and thank you for bringing it up—it's under a heading of “Public Interest”, but it is pretty broad, and nowhere in the bill can I find a definition of “public interest”. I read it to mean that if you can't get consent in a timely way, you can still do whatever you need to do if it's in the public interest. That's the way I'm reading it.
I wonder if you could expand a little more on your thoughts on proposed subsection 29(1).
5:20 p.m.
Head of Policy and Public Affairs, Flinks
Yes, of course.
Again, I find it a bit too broad. As an operator of a business, I think we should want some clarity on and criteria for what is in the public interest. We don't want to have a backlash from that, trying to create our own product where we find it doesn't fit the public interest, so I would welcome criteria and exceptions on clear public interest.
Again, there was the example I gave to Mr. Williams earlier. If I can benefit from a new program that will save me money automatically, but I have to commit by this deadline, is it in my clear interest? It probably is, because I'm going to save money, but is it also a commercial interest? Yes.
This is the kind of clarification that we want to have because, as I mentioned, the premise of open banking is about trust and being empowered with regard to your data so that you always know where your data is and you always know where there is consent. If suddenly someone is on board some program that he did not consent to or he is being sent direct marketing stuff that he did not consent to, this is not what the premise of open banking is, and this is, therefore, how you lose trust.
This is why we want clarification on what the public interest is, as well as exceptions and cases to show how we can navigate through that. Thank you for the question.
5:20 p.m.
Conservative
Rick Perkins Conservative South Shore—St. Margarets, NS
As a marketer, I'm always looking for those holes that I can drive a truck through to use data in any way I need to for the company I work for.
5:20 p.m.
Voices
Oh, oh!
5:20 p.m.
Conservative
Rick Perkins Conservative South Shore—St. Margarets, NS
If I have time, Mr. Chair, I'll go to Mr. Plourde for my last question, based on my discussion.
I think we're all struggling here with the testimony we've had about the tribunal. Some people think it's a good thing. Some legal guys think it's a bad thing, for different reasons: Some think that there's too much power sometimes in a single person, a Privacy Commissioner, and not all Privacy Commissioners are created equal; others are saying that it will slow down the process, with others saying that it actually will speed it up because you don't have to go through the intricacies of the court directly from the Privacy Commissioner. Also, if you want to go to court after you don't like the tribunal, that's a more difficult thing, but it may actually speed it up or slow it down. The competition tribunal, for example, hasn't quite worked out to be as fast as people thought it would be.
You've made some comments, but I think we need a little more guidance on that one.
5:20 p.m.
Lawyer and Analyst, Option consommateurs
I think that you want to understand how the personal information and data protection tribunal affects consumer rights.
As I said earlier, we have mixed feelings about the personal information and data protection tribunal. We would rather the Office of the Privacy Commissioner of Canada have the power to impose administrative monetary penalties.
However, in our view, the personal information and data protection tribunal isn't the biggest issue. Our main concern isn't the tribunal. It's all the other common law courts where a consumer could bring proceedings against a company on the basis of the new federal privacy legislation. There's a major problem. The current bill contains a significant restriction that could undermine consumers when they want to use this legislation before the courts.
The issue isn't the personal information and data protection tribunal. The issue lies outside the criminal process, including the Office of the Privacy Commissioner of Canada and the new data protection tribunal. In our view, Bill C‑27 seriously impedes, or at least threatens to impede, the civil process.
I'll talk about Quebec. It's the only area that we know well, obviously. Quebec has its own privacy legislation, which has more teeth than the legislation on the table today. Quebec also provides for civil remedies. If a company fails to meet its obligations under federal legislation, I can turn to the civil courts in Quebec to assert my rights.
We think that the current bill carries risks. We can't predict what the courts will say about the scope of section 107. We're worried that it could lead to long legal debates. We would like MPs to ensure that this bill doesn't interfere with civil remedies. We're very concerned about this issue. We urge you to take action to protect consumer rights in Quebec, in order to ensure that consumers can pursue remedies under this legislation, should the need arise.
5:20 p.m.
Liberal
The Chair Liberal Joël Lightbound
Thank you.
Mr. Van Bynen, you now have the floor for five minutes.