Thank you.
Having had many discussions with other governments, the duty to act responsibly is generally the same as the duty of care in the U.K. or the due diligence and risk management obligations in Europe broadly. It's all about this due diligence approach of companies at a systemic level.
The duty to act responsibly came out of the Commission on Democratic Expression, and it's really practical. Their recommendation was we shouldn't use the language “duty of care”. That's the language from tort law. It might be confusing if this goes to court. We want this to be a stand-alone statutory duty where the duty is just set out in the legislation, and “duty to act responsibly” captured that better.
When it comes to the harms that are included, I think that is a point for debate. In discussions with colleagues, one that could be added to the list is the crime of identity fraud. That is a major issue, and I think it would be appropriate to include that.
It's notable what's not on the list. A point I have had multiple discussions about is the inclusion of mis- and disinformation, which generally fall into the category of “lawful but awful”. That is included in the EU legislation. The decision was not to include it in Canada because of what I would take as the problematic risks to freedom of expression. That is, we would be biting off more than should be taken on by a regulator.
One last point is we have to think in terms of what a regulator can take on practically. We know this will cost money, so some of this is a discussion on what we should include practically that are high-risk issues that a regulator can investigate and make a difference on now.
I'll leave it there.
Thank you.