I'll be brief.
My view—and we've thought about this quite carefully—is that there is no public policy rationale for the political parties' processing of personal information not to be subject to a privacy legislative regime. The only question that I think is open is what the appropriate instrument would be and whether that would that go into the CPPA. I think there's some validity to the proposition that it might be a separate instrument. My personal view is that it was something that was missing in Bill C-27. It could have been in there.
Right now, if you compare the privacy protections that are set out in Bill C-27 under the CPPA to the current protections afforded to individuals in respect to the processing of personal information by political parties, you see that they're not even in the same universe. You would just have to post a privacy statement. There's no security breach notification requirement. There are no access rights and no consent rules. It goes on and on. There are no rights of express redress. There's no independent ombudsman who would oversee and take complaints, investigate, etc.
I think this is something that is incredibly important and I'm very thankful to you, Mr. Masse, for bringing that up.