Thank you, Mr. Chair.
Thank you, officials.
Before I ask a couple questions on this, which I don't believe I've talked to yet, I note that this is the third meeting we've had on CPC-7, most of which has been driven by the government's desire to amend and change it. I note this only because the government suggested that clause-by-clause would take four meetings and the government is the one pushing to make it longer.
Mr. Schaan, I'm a little concerned by your testimony earlier about the Privacy Commissioner. Bill C-11, which was the predecessor to this bill, attempted to make Privacy Act changes in the last Parliament, and I would like to read from the Privacy Commissioner's submission on it to committee, if I could:
While the OPC and the courts have provided some interpretations of sensitive information, it would be preferable to have a legislative definition that sets out a general principle and is context-specific, followed by an explicitly non-exhaustive list of examples (such as those included in article 9 of the GDPR). This would provide greater certainty for organizations and consumers as to the interpretation of the term. For instance, such a definition might read:
Sensitive information means personal information for which an individual has a heightened expectation of privacy, or for which collection, use or disclosure creates a heightened risk of harm to the individual. This may include, but is not limited to—
Does that sound familiar? It's in MP Garon's subamendment.
—information revealing racial or ethnic origin, gender identity, sexual orientation, political opinions, or religious or philosophical beliefs; genetic information; biometric information for the purpose of uniquely identifying an individual; financial information; information concerning health; or information revealing an individual’s geolocation.
That was for the last bill, so it comes as a surprise to me, Mr. Schaan, that you said the Privacy Commissioner has not asked for that. It's right in his brief.