Public Safety Committee on May 27th, 2024

Other data protection authorities—for instance, my Spanish colleagues—have set this out explicitly as a principle, saying that this should not be used for tracking and this should not be used for profiling. Therefore, I think being absolutely clear on that, either in the bill or in the regulations themselves, is important.

Technology can evolve. Tracking technologies can evolve. This has to be technology neutral. We need to make sure that the principle will capture whatever advances in technology and that it is used to verify age and for nothing else.

Again, it would be up to the courts and the organization that would look into that.

If you look at the definition of sexually explicit material in the Criminal Code, it describes “photographic, film, video or...visual representation” and a person “engaged in explicit sexual activity”. It could be “written material whose dominant characteristic is the description, for sexual purpose, of [explicit] sexual activity”.

It raises that question of what will be captured and bringing that clarity.

I understand that the purpose of this is to capture pornographic websites and other types of visual images and so on and protect children from that. That's one of the points I'm highlighting.

The government's position is that, yes, they would be captured because the definition of sexually explicit material that is being proposed would include things like the depiction of sex scenes or nudity where it's nudity for a sexual purpose. Those services would be required to institute age verification to access that kind of content.

I think what needs to be understood is that the definition being proposed makes sense in the context of the Criminal Code, where it's speaking to a variety of offences, including when adults may be engaging with minors using sexually explicit content. It makes sense in that context.

However, it is not limited strictly to pornography. It is broader than pornography and would capture things like sex scenes or nudity.

Thank you for the question.

The government is concerned about the implementation proposed by the bill. To be clear, the way this would play out is that there would be a minister designated, and then that minister would need to make a proposal to the Governor in Council or to cabinet about which federal department or agency would be best placed to administer this piece of legislation. If it were adopted as is, indeed, a minister would have to canvass the existing agencies or departments and make an assessment about which was best able.

I would highlight that in the context of the online harms bill, the government ultimately came to the conclusion that no entity exists, whether it be the CRTC or, with all respect to the person sitting next to me, the Privacy Commissioner, that is well equipped to play that role. The government is of the opinion that we need an entity that has the right expertise and the right framework in order to regulate the online space as it relates to online harms. That is why the government is proposing the creation of a new entity to make sure the oversight of this space is done appropriately with the right safeguards in place.

For this particular legislation, we would take on the mandate that Parliament would give us and fulfill it to the best of our abilities. I don't think the intention is that this is something my office would deal with, with the caveat that, in terms of regulation making, we are happy to provide advice and input and to be consulted on that to ensure that this is done through a privacy lens.

Thank you for the question.

The online harms act would apply to social media services. It proposes three core duties, one of which, as was alluded to earlier, is the duty to protect children. That is fashioned as quite a flexible duty, which would permit the digital safety commission to put in place a number of different kinds of measures or obligations to better protect Canadian children in the online space through the use of age-appropriate design.

The government's view is that this is a sufficiently flexible duty that could accommodate a question of whether there are certain services, for example, that should use age-assurance or age-verification mechanisms. The government's view is that the framework has the appropriate safeguards in place, and there would actually be a regulator with that mandate and the necessary expertise, through consultation with civil society and experts, to do that in an accurate way and in a privacy-respecting way, if that were to be considered.

Thank you for the question.

I'm not in a position to give an opinion on potential amendments. However, if I understood correctly, the senator's intention is to target pornography. As you mentioned, the definition of “sexually explicit material” is broader than that of “pornography”. If the senator and the members of the committee really intend to target pornography, we could think about how to limit the current broader definition.

Thank you for those questions.

In the sense that the purpose of Bill C‑63 is to promote online safety and reduce harm, the duty to protect children, which is referred to in section 64 of the proposed act, is quite flexible. According to the proposed section, “an operator has a duty, in respect of a regulated service that it operates, to protect children by complying with section 65.” Section 66 of the proposed act gives the commission the power to establish a series of duties or measures that must be incorporated into the service.

According to the government, the proposed act provides the flexibility needed to better protect children on social media. During the consultations, it is certainly legitimate to wonder whether the appropriate response is to require some services to adopt age verification. Once again, there will be a specialized regulator with the necessary expertise. In addition, there are mechanisms to consult civil society and experts to ensure that these decisions are well-thought-out.

We are following developments at the international level, absolutely. The government does not deny that there is a lot of movement in this area.

Again, our reading of the issue is that the technology has not necessarily reached maturity. Internationally, Australia and France are still looking at these issues. The French are in the process of testing some solutions, but they have not yet completed their work. In the United States, as you pointed out, infrastructure needs to be put in place. Louisiana lawmakers introduced verification measures to block access to minors. Other American states have proposed similar legislation, but we see that some services have withdrawn their access in those states because there is still no infrastructure in place.

Clearly, a number of solutions are possible. I'm thinking in particular of security tokens, where age verification is done by a third party. As you mentioned, we can also look at device verification. Another solution is facial scanning technology that tries to determine the user's age. It is important that these solutions be deployed in a context where safeguards are in place to ensure that privacy rights are respected. We don't want to create a framework that puts a duty in place without safeguards.