Industry Committee on April 17th, 2024

Let's take a vote.

We request a recorded vote on the amendment moved by Mr. Turnbull, the reference number of which is 13026345.

(Amendment agreed to: yeas 11; nays 0)

We're moving right along this evening. That's great.

We now go to amendment CPC-4.

Mr. Vis, go ahead.

Before I begin, Mr. Chair, how much time do we have? I don't know what time we started tonight.

We started after the vote. We started the meeting at 5 p.m., and we started the second part at around 6:20.

I'm looking at you, colleagues, to know whether we go until eight o'clock. I would suggest about 8:15, if that's okay with members.

I think that's reasonable.

Okay, it's 8:15, then. Perfect.

Mr. Masse.

I'll just have to change some things around. I thought you'd originally said 8 p.m., but yes, I'll stay until 8:15.

That's fine. I'll just take some time to do a couple of things.

Okay. It will be 8:15 and no later.

Mr. Vis, you may introduce amendment CPC-4.

This is CPC-4, reference number 12753822. The original amendment that was put forward stated, “minor means an individual under 14 years of age”, in the context of Bill C-27. I would like to change that as a good-faith amendment, if it's actually allowed, to “minor means an individual under 18 years of age”. I have been debating this one for a bit, personally.

Before I go on, is that clear for everyone? In my amendment, I'm changing the age of a minor from 14 to 18.

Could you read the amendment, Mr. Vis, as it would appear?

It would read as follows: “minor means an individual under 18 years of age”.

Okay.

As it is currently drafted, Bill C-27 provides no definition for the term “minor”, despite several mentions of the term throughout the text of the bill. In my opinion, this is problematic. In the absence of a definition, the definition of what constitutes a minor will have the meaning ascribed to it by provincial or territorial age-of-majority laws. For instance, it's 18 in Quebec and 19 in my province of British Columbia.

Different definitions across Canadian jurisdictions will, as some witnesses have said, “make compliance increasingly challenging and can put organizations in a position where they will need to build and implement different privacy practices by location raising both the technical costs incurred as well as the risk of failing to comply with a myriad of obligations by jurisdiction”.

This amendment seeks to resolve these issues by defining a minor as an individual under the age of 18. The age of 18 was selected to align with the United Nation's Convention on the Rights of the Child, the U.K. children's code and the California age-appropriate design code. Choosing this definition will also bring Canada into alignment with the introduction of the children's code and age-appropriate applications in CPC-17.

I've spoken with Elizabeth Denham, my new favourite British Columbian, who designed the U.K. children's code. Her main concern with our proposed children's code was not using the age of 18, especially considering Canada's obligation under the United Nation's Convention on the Rights of the Child, as I mentioned.

I would also say that, in testimony, we heard from David Fraser. He is from McInnes Cooper. He appeared at our meeting 91 on October 24. He stated:

One thing I'm a bit concerned about is that the current bill would be difficult to operationalize for businesses that operate across Canada. Whether or not somebody is a minor currently depends upon provincial law. That varies from province to province, and implementing consistent programs across the country would be difficult. I would advocate putting in the legislation that a minor is 18 years or below.

I will point out again that California's new online privacy and safety law for children outlines the age of 18, and it's modelled on the U.K. age-appropriate design code, which became enforceable on September 2, 2020. I would also note that, when we think about Canada's trade relationship with the United States, there are lots of precedents in American jurisdictions as well.

I reference these partly because of the testimony we heard from Scott Lamb. I can't recall the exact meeting, but I did have a follow-up conversation with Mr. Lamb where he talked about interpreting the existing privacy law in Canada and working on behalf of clients who have business in both Canada and the United States. He said that, from the perspective of applicable companies, they would often defer to the definitions included or the practices from American states and jurisdictions, and apply those same standards in Canada. This, of course, goes along with the design code they have in California. He was probably doing business with companies in California.

On July 1, 2024, Florida's law will go into effect. It applies not only to social media companies but also to online platforms that are defined to include online games and online gaming platforms. It defines a minor as someone under 18—not just children under the age of 13—in all online platforms that are predominantly accessed by minors.

Arkansas has passed the Social Media Safety Act, which, again, uses the age of 18 and has certain consent provisions related to the age of 18. Utah passed a law recently that prohibits kids under 18 from using social media between certain hours. That's a little excessive, but again, it's using the age of 18 with age-verification provisions. In Louisiana, it's 18 as well. Texas bans kids under 18 from joining a wide variety of social media sites without parental consent. I'm just outlining some of the great examples from America.

In our industry committee meeting number 98, Michael Beauvais said that the term “minor” must be defined. He said:

First, several key definitions [in this bill] need to be clarified. These include a definition of a minor and a definition of capacity to determine when a minor is “capable” of exercising rights and recourse under the act.

Michelle Gordon also said, in meeting number 98, that “minor” needs to be defined:

First, the law should define the terms “minor” and “sensitive”. Without these definitions, businesses, which already have the upper hand in this law, are left to decide what is sensitive and appropriate for minors. The CPPA should follow the lead of other leading privacy laws.

She then—and this is my reason for what I stated earlier—referenced the California Consumer Privacy Act, the U.S. COPPA, the EU's GDPR and, indeed, Quebec's law 25.

David Fraser, in meeting number 91, said that “minor” does need to be defined. He stated:

One thing I'm a bit concerned about is that the current bill would be difficult to operationalize for businesses that operate across Canada. Whether or not somebody is a minor currently depends upon provincial law. That varies from province to province, and implementing consistent programs across the country would be difficult.

In meeting number 92, Michael Geist, who, as I think we all know, is Canada research chair in Internet and e-commerce law, stated:

I'll note that one of the real concerns arises in differing definitions of minors from province to province and the like. Therefore, one thing I think we need to include within the legislation—I know other witnesses have highlighted it—is the need for some sort of consistent definition here so that we know there is that consistency of protection.

The Interactive Advertising Bureau of Canada submitted a brief on November 13, which stated:

Under the CPPA “minors” are not explicitly defined leaving the interpretation to be defined by the provincial/territorial age of majority laws. This lack of federal clarity makes compliance increasingly challenging and can put organizations in a position where they will need to build and implement different privacy practices by location raising both the technical costs incurred as well as the risk of failing to comply with a myriad of obligations by jurisdiction.

Our recommendation would be to amend the Bill to include a single age threshold nation-wide. The Bill should specifically define the term “minor” and perhaps align with Quebec's Law 25—

I will note, for my Quebec colleagues, that he did say that as a suggestion.

—as it is already in effect, and which establishes a minor as someone under the age of 14 years old. This will be a less complicated approach will keep minors safe and set companies up for success—not failure.

I'm going to go back to this point in just a minute, because I think it's really important.

The Canadian Chamber of Commerce also stated:

As the term “minor” is not defined in the CPPA, the term will have the meaning ascribed to it by provincial/territorial “age of majority” laws, which provide that, in the absence of a definition or an indication of a contrary intention, a “minor” is a natural person under the age of 18 in AB, MB, ON, PEI, QC, and SK and a natural person under the age of 19 in BC, NB, NL, NT, NS, NU, YT. Differing definitions of “minor” across Canadian jurisdictions will require businesses operating in multiple jurisdictions to develop and implement different: (1) consent management policies, practices, and procedures; (2) user/customer experiences; (3) retention and breach reporting policies; and (4) security safeguards for different sets of jurisdictions. It may also require such businesses to engage in age profiling in jurisdictions where a “minor” includes a person who is 18 years old. This will impose an undue burden on such businesses and may lead to customer confusion. It is recommended to harmonize the definition with Quebec Law 25

I am reading this testimony for you specifically, Mr. Garon, because I did have internal debate about whether it should be 14 or 18. The reason I mentioned amendment CPC-17 is that, while I do note that a minor is defined as someone under the age of 14, as I've read two times already into the record tonight, the challenge I have approaching this as a parent and as an uncle is that I don't believe the decision-making capacities of children at 15, 16 and 17 are necessarily always developed to the extent that they need to be for them to make rational decisions about their well-being.

It kind of reminds me of a policy in the school district where my kids go. As a parent, I see that children in the school district have access to every social media platform imaginable. They can go and buy things on Amazon accounts without their parents knowing. They can look at whatever they want to on the Internet, but if you want to go skating with your class, my gosh, you need your parents' permission.

I'll end there. I look forward to a discussion on this. The testimony is very clear that we do need to have a discussion on defining what a minor is, largely for businesses' purposes. I would contend as well that it's for future amendments that will be put into this law, and my hope is that it will safeguard children from online harms.

Thank you, Mr. Chair.

Thank you, Mr. Vis.

I think you made a very eloquent case that it should be 18, in my humble and unbiased opinion as chair.

Mr. Perkins, you're next.

I could have kept going, too.

Should we seek unanimous consent to go until midnight?

I won't give the rest of this speech, because I do want to get to hockey.

I think there are compelling reasons, obviously, for setting an age.

When I was first briefed by the department on the legislation, this was one of my first questions, because, at second reading, a big part of the minister's speech was about the focus of this bill to protect children and improve privacy for children, which I believe is and was his genuine intent, but it concerned me that there wasn't a definition. The response, I think, of the department at the time was that if we left it as it is, it would be up to various definitions in provincial law. As a marketer—and I can never leave my hat as a marketer—that would worry me because that means I would have to have 10 plus different systems about when the data I have on an individual moves from being totally sensitive, which is what happens currently under this proposal, to having elements of it that can be used for purposes when they leap over that age, whether it's 13, 14, 16 or 18.

Mr. Vis suggested the age of 18. Personally I think that it should probably be 18, but I'm open to a discussion on that. If we pick an age that is going to be across the country, what's the department's view? Age 18, to me, is when you can vote, when you can start to do some things and when you graduate from high school. You can do some other things, but you can't drink and you can't smoke marijuana. You can drive at 16, yes, but you can't drive fully on your own at 16 anymore, like I used to. In Quebec, you can. That's because in Quebec they just have driving guidelines, not laws.

The issue, I think, is whether 18 is the right age. I believe it is. How does the government feel about that? One, should it be defined? Do you agree now that we should define it? Two, is age 18 appropriate?

Thank you.

Thank you.

Mr. Garon, go ahead.

Mr. Vis was very convincing, but I'm persuaded he would have been even more so in French. I know what he's capable of.