Debates of Oct. 19th, 1998

Mr. Speaker, on a point of order, the member is not on topic. I think the Chair should pull him to order. We are not dealing with that point.

Mr. Speaker, if the member opposite would like to participate in the debate, he is welcome. If he would not, perhaps he would allow those who want to to do so.

Mr. Speaker, in response to the question from my colleague from Frontenac—Mégantic, I do indeed think his words were very aptly chosen. This Henry VIII-style clause more or less says “We are going to give the government the opportunity to amend the legislation without having to go back to the House”. This could have a significant economic impact.

We have already seen battles between the Minister of Heritage and the Minister of Industry on matters impacting on the cultural future of Quebec and Canada and we have seen that, with this federal government, culture was not always the aspect that won out and also, particularly, that the negotiations were always held in secret.

This clause could easily put us back into the same situation in future: international agreements could be changed and bring about changes in Canadian legislation without necessarily having been re-approved by Parliament.

The less this happens the better. The government over there, which is already bureaucracy-driven, has already given us plenty of proof that it would give itself additional powers over the heads of the elected representatives. This, I believe, would be extremely harmful to democracy in Canada.

Mr. Speaker, I can see that few members are interested in addressing this issue, and I can understand that, since this is a rather complex issue.

We are dealing with electronic commerce, with EDP, with modern technology, and we tend to be in awe of this wonderful technology which, presumably, will solve all our problems.

But we know full well that such is not the case. This technology is only one of many tools that can help us achieve the best, and also the worst. I realize that Bill C-54 before us seeks to ensure that, in the area of electronic commerce, we will achieve the best, and not the worst.

Let us take a look at the title of Bill C-54, An Act to support and promote electronic commerce. The purpose of this legislation is to support and promote electronic commerce. How will this bill support and promote electronic commerce? It is stated right after, again in the title: by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending certain acts.

Bill C-54 seeks to promote electronic commerce, while protecting personal information, so that consumers can engage in electronic commerce with confidence.

For the benefit of this House and of those who are watching us on television, let me first explain in general, easy to understand terms what this legislation is all about.

When we talk about electronic commerce, what exactly are we talking about? We are talking about making purchases or transactions—bank transactions, transactions with suppliers, with manufacturers, with clients—electronically.

These types of transactions have been in existence for quite some time. Telecommunications have been with us for thirty years or so. They have been relatively well structured in terms of standards for 25 years. As for electronic data interchange, it has been governed by international standards for more than 10 years.

In fact, electronic data interchange, or EDI, is used relatively often by many businesses. For the past ten years or so, large businesses have been using it in their dealings with suppliers. That means that a supplier does not send a written bill to his client, but rather an electronic bill that is received on the client's computer, who will then authorize payment after verifying that the goods or services have actually been delivered.

What is happening today is an acceleration—and I was going to say a democratization—of this process. Electronic data interchange is not longer restricted to large corporations and government. It is now accessible to the average person through, among other means, the Internet. One just has to sit in front of a computer screen to have access to a supplier of goods or services. Then it is as easy as filling out a form shown on the screen, pressing a key or clicking on a button, and the information is sent, through the telephone line or the coaxial cable, to the supplier, who then fills the order and, of course, bills the client.

So far so good. However, if I give my credit card number when I make such a transaction, I want to be sure that this number will not be used for other purposes than those for which I wrote it on the electronic form. I want to be sure that somebody will not use my credit card number to travel around the world. Of course, I would only find out about it when receiving my statement at the end of the month. It would be terrible.

True, particularly well equipped hackers might be able to get at that information. But we have the tools to make it very difficult for them.

One should not generalize and panic. We have to recognize that in everyday life, you and I and a lot of other people are using their credit cards in a lot of establishments, restaurants, clothing stores, to subscribe to a magazine and God knows what else. Our credit card number is handled by strangers.

When I go to a restaurant and give my card to the waiter or waitress, who takes an imprint of it or puts it through the magnetic tape reader to forward my bill to my credit card supplier, for a moment that person has my credit card number at hand and could very easily take it down and misuse it later.

However 99.99% of people are honest and such misdeeds simply do not occur. Credit card frauds do happen though, and it is wise to always check one's statement to make sure that it does not contain transactions which are not ours. It is a bit the same on-line. In the vast majority of cases, there is no risk.

But if a hacker wanted to get at some credit card numbers, it is not unlikely he would succeed, unless safeguards are put in place. This is when the notion of facilitating electronic commerce comes into play.

If I feel that my purchasing something on the Internet might reveal things I do not want to be known, such as what I am buying, how much I paid for it, what my credit card number is or other confidential information I might give, if I am not convinced it will all remain confidential and will be used for the intended purpose only, I will be very reluctant to engage in any electronic transaction. I would not do it.

Of course, if the legislation were to require businesses to take the appropriate steps to ensure that all electronic transactions are secure, confidential and protected, then the average citizen would feel much more at ease and e-commerce would blossom.

What are the two problems that can arise in terms of protection of personal information? First, there is the illegal access to the information by someone who is not entitled to see the data. Of course, none of us would like information about us to fall into the hands of people who should not have access to it. That is the first problem.

Then, there is also the misuse or illegal use of the information. Someone who should not even have had access to your information is using it to harm you or for some other illegal purposes. So, it is important to ensure that the information can only be accessed by the people who are entitled to see it, by the final recipient, and used for the purposes for which the information was made available.

In this area, Quebec has been fully protected for four years now through its Act respecting the protection of personal information in the private sector. The bill before us today, Bill C-54, only deals with businesses. It does not extend to any other activity and has some serious deficiencies. I have already mentioned one, the fact that if an individual does not clearly prohibit it, then the information can be used for other purposes than the ones stated originally. Silence gives consent. We make a stupid and foolish decision, because we are not aware of the consequences, and everything is done behind our backs.

This is extremely important because, whether we like it or not, electronic commerce is bound to expand. It is here to stay. I am somewhat surprised and disappointed that such a crucial issue for a nation like Canada is not receiving all the attention it should, and indeed did in Quebec—mind you the Liberals were in power in Quebec at the time, with Minister Lawrence Cannon sponsoring the legislation; so this is not peculiar to the sovereignists, just a good habit Quebeckers have of looking after matters that concern them and doing it well. This issue was widely debated in Quebec. I know, I was there. I was one of the players, as a computer specialist by profession.

Sounds like the hon. member opposite would like to speak, Mr. Speaker. I hope you will take note of his wish and give him the floor next. In the meantime, I would appreciate it if he could be quiet and give me chance to carry on.

The debate held in Quebec was a thorough, major, serious debate. It was a societal debate that resulted in one of the best pieces of legislation in the world.

I am amazed that my colleagues from the other parties, from the rest of Canada, do not seem a bit concerned. They bow down in front of the computer god. They say “If it is electronic, it must be good and if commercial data must be protected, we will do that, no problem. Are there other things that need protection?”

Commercial data are only the tip of the iceberg. There are also medical, legal or judiciary, tax, school, family data, plus many other types of information. In fact, all the information that an individual sends directly on the Internet to an organization or an other individual should be confidential. But Bill C-54 is completely silent on all the other types of personal data when, in Quebec, they are already covered.

As I said a minute ago when I read the long title of the bill we are debating today, one must understand that it does not aim at the protection of personal data but rather at the promotion and facilitation of electronic commerce.

That is where the problem lies. In Quebec, the legislation on privacy protection in the private sector does not specify if the information is to be processed electronically, manually, verbally or otherwise. The information is protected, no matter what vehicle is used to transmit it. Since electronic commerce and all the rest are included, that legislation is a very powerful tool in Quebec, while Ottawa is making very timid efforts by talking only about electronic commerce. The federal government is kow-towing in front of electronic commerce. It says “Commerce is important. If it is electronic, it must be even more important and we will ensure that personal information is protected if the person demands so”.

That is what it says. If the person does not check off the box—and I read it earlier, it is written explicitly in the bill—the legislation does not operate. The legislation lets companies and organizations, those that have their commercial information in hand, do whatever they please.

Legislation such as this does not deserve to be passed. Legislation such as this, in order to be passed, should have all the necessary working parts, and be complete. It should be as good as the one that Quebec has had for four years. It should build on it. It should also build on improvements that could be made to it. No. We are presented with legislation that is, for all intents and purposes, only half-baked.

It will be very important for this House to ensure the real debate takes place.

Mr. Speaker, how much time do I have left and will there be other speakers after me?

Will there be other people speaking after me? I feel like continuing. If there are no other speakers, I feel like asking the unanimous consent of the House to continue. Anyway, we have until 6.30 p.m. You will understand that my throat will be tired well before that, but I feel like continuing the analysis of this bill in more detail, if the House gives its unanimous consent.

Mr. Speaker, I am asking for unanimous consent for an extension of time in debate to no longer than 6.30 p.m.

Mr. Speaker, the issue here is whether this bill meets the needs of Canadians and Quebeckers.

Let me say, on behalf of Canadians, that this legislation is certainly better than nothing at all. However, the bill is far from what, in my opinion, Canadians deserve. They deserve something at least as good as what Quebeckers have. Canadians are not well served by this legislation.

Worse still, because of this bill Quebeckers could lose since the federal cabinet could make the political decision to allow Quebec to implement its own legislation instead of the bill that is before us and that is inferior to the Quebec act.

Obviously, should the federal cabinet feel that the Quebec legislation is not adequate, it could—without leaving any recourse to the province, since this is a political and not a judicial process—make Quebeckers lose important rights regarding the protection of personal information.

One can reasonably assume that some businesses regulated by a federal charter might be tempted to avoid—for very questionable reasons—being subjected to the Quebec legislation and prefer to be governed by the more lenient federal act that is being proposed.

Toothless.

Indeed, toothless. I see that the Liberal member knows exactly what I mean.

In any case, the Bloc Quebecois can absolutely not support this bill, because it does not deserve to go any further. In fact, the government should go back to the drawing board, review its objectives, which should be to allow or ensure the protection of personal information so as to promote, among other things, electronic commerce, instead of promoting electronic commerce by, among other measures, protecting personal information more or less adequately.

The Bloc's position is clear: take the bill back to the drawing board, let the minister do his homework and then come up with a bill that will meet the expectations of Canadians and that will serve them as well as Quebeckers have been served for the past four years.

Mr. Speaker, I have a few comments to make. I presume that after the member opposite took considerable time that the Bloc Quebecois and the member opposite will perhaps enjoy my comments.

I support Bill C-54 in principle. It should go to committee for further study and hopefully we will get good legislation in the end, although I send up a flag indicating I have found some problems with the bill in my initial examination.

One of the first problems was a translation problem and the definition for work being done by federal agencies. In the French version we see the word radiodiffusion which was translated into English as radio broadcasting. This is one of the areas of federal influence that the bill is to apply to initially. I believe the intention is for the CBC to come under the act, but because of a misunderstanding of the French word radiodiffusion which in the Larousse translates only as radio broadcasting—and I understand that in Quebec it means broadcasting in general—it would appear that the English side of the equation is in error.

In any event the bill is easily understood as comprising a front section that deals in general with how the law will apply. The key in looking at the legislation is schedule 1 in the back of the bill. It pertains to the principles set out in the national standard of Canada entitled the “Model Code for the Protection of Personal Information”.

This was a code of conduct in the handling of personal information that was obtained by elaborate consensus. All kinds of stakeholders contributed to it. The government was very proactive in seeking this input. It became a general code of standards for protecting personal information and it is the corner piece of the bill.

Unfortunately when legislation is created by consensus there sometimes are difficulties. My concern about the legislation is that I do not feel, much as I support it in principle, that it adequately addresses the problem of charity lists or special lists that are comprised from the consumer, put in databanks and held by either private for profit corporations or by non-profit corporations.

The standard in schedule I waffles on the issue elaborately. In the first place it says the organizations that have these lists may indeed have reasons not to ask for the consent of individuals whose names are appearing on the lists. These could be lists of charities or donations. They could be lists of such things as buying a computer at Radio Shack. They could be any kind of list like that. If an organization possesses these lists, the proposed legislation indicates that it does not have to be responsible for the personal information contained in it.

It goes on in schedule I to observes that while consent is required, the whole principle of being able to get consent—

My friends on the opposite side should be enjoying this.

We are, we are.

I knew you would.

In another section it says that organizations are obligated to get consent for personal information if it is deemed to be sensitive. Then the code sets out to try to explore what sensitive means.

We do know that sensitive presumably means the religion one happens to have or medical records or financial information. It leaves it to the organization to decide what is to be considered sensitive. It makes an example. It says, for example, that if a subscription to a magazine is taken out and one's name goes on a list elsewhere it would not necessarily be considered sensitive information. However the legislation says that the names and addresses of subscribers to some special interest magazines might be considered sensitive.

If that is the case I would suspect that they are thinking about prurient magazines, sex magazines. They are willing to protect sex magazines but they are not willing to protect subscribers to Scientific American , Homemakers Magazine or religious magazines. That makes us wonder.

If the opposition will ask me a really interesting question I will continue with my comments.

Mr. Speaker, I appreciate the comments of my Liberal colleague very much.

He is right. The problem with this bill is Schedule 1, which says certain things but does not say others. This schedule is based on the so-called CSA code, which is ultimately set up by private business and based on goodwill.

In other terms, we are put in the awkward position of having a group of businesses deciding what is good or bad for consumers. We are putting the cart before the horse. It is a bit like having the fox in charge of the chicken coop. Chickens do not get a whole lot of protection that way. But consumers should not be compared to chickens. Consumers have rights, they are human beings and citizens, and they deserve a better approach than the one in Schedule 1.

There is another problem with Schedule 1, and it will be the subject of my question to my colleague who kindly asked me to put a question to him.

Section 5.2 says that the word “should”, when used in Schedule 1, indicates a recommendation and does not impose an obligation. That word is all over the place in schedule 1.

As if it were not bad enough to have the fox in charge of the chicken coop, the fox does not even have to abide by the building code. It could do it, but only if it feels like it.

Would my colleague care to comment?