House of Commons Hansard #233 of the 41st Parliament, 2nd Session. (The original version is on Parliament's site.) The word of the day was s-4.

Topics

Digital Privacy ActGovernment Orders

5:20 p.m.

NDP

Murray Rankin NDP Victoria, BC

Mr. Speaker, it is a pleasure to rise and speak to Bill S-4, which would amend the Personal Information Protection and Electronic Documents Act, called PIPEDA. The bill has the rather misleading title of the digital privacy act.

I will be speaking against this bill for a number of reasons that have been articulated very well in past debates by the member for Terrebonne—Blainville, our digital issues critic. She has brought in a bill of her own. The government took parts of it and did not go as far as it needed to, to actually protect the digital privacy of Canadians.

I would like to, first, talk about why this is such an important bill. Second, I will talk about the history of getting it here. Last, I will talk about some of the critical problems with this bill and propose an amendment at the end of my remarks.

E-commerce is the backbone of the modern Canadian economy and it is only going to be more important going forward. Think of our children and their use of digital material.

My colleague, the member for Toronto—Danforth, made some comments about e-commerce and why this bill, which underscores legal protections for privacy and e-commerce, is so important. He said that the world's largest taxi company has no cars. It is the largest taxi company because it has personal information. It is called Uber.

The world's largest accommodations company, Airbnb, owns no property, but it is the richest and largest company because it owns personal information. The world's largest retailer has absolutely no inventory. He was referring to Alibaba in China.

As we move to what my colleague called the Internet of Things, by 2020, we will have 26 billion devices connected to the Internet. I hope that people appreciate that we are moving into an economy where we need to know the rules of the game and we need to know that our personal privacy in the private sector is protected. Business wants that certainty and consumers demand that what is left of their privacy be treated fairly by those private sector organizations that hold their information.

Canada is really in a unique position on the planet. We are halfway between the European Union, which has a very aggressive data protection regime, and the United States, which has sectoral legislation but not a comprehensive private sector law like PIPEDA, the bill that is before us in its amended form.

I say that we are halfway between those two regimes because, under PIPEDA, Canada has managed to create what is called a substantially similar regime to the European Union. That means that e-commerce companies in England, Ireland, France, and the 28 other countries that make up the EU can confidently share their personal information with Canadians because they know that they will have substantially similar protection. Canada achieved that. The United States does not have anything like that, so companies like Google and Facebook will often use Canada as a launching pad.

If we can make privacy protection sufficient in Canada, it will likely be sufficient for Europeans, who have had the most stringent requirements of privacy on the planet. It is important that we get this right.

It is amazing and very timely that we are having this debate at this time because on Monday of this week a clear signal was given by the Council of Ministers in the European Union that it is going to go for a regulation soon, not the directive that has been enforced for some time. After two years, all 28 countries will have to come up with an even more stringent regime.

That is why this bill is so problematic. It would not help small business, as I will describe, and it certainly would not give consumers the protection that the courts say that they are entitled to. I refer to the case of Spencer in 2014, where warrantless searches were said to be not on for Canadians, yet they seem to be just fine in this bill, which is odd. We need it get it right from a commercial point of view, as well.

I am indebted to Professor Michael Geist, who testified before the industry committee and the Senate, and who is so prolific and thoughtful in his analysis of private sector privacy legislation and other privacy regimes. He talks about how it is has taken us eight to nine years to get to this state.

I wanted to talk about this because the government's ineptitude in helping the e-commerce industry that I talked about and protecting the privacy of Canadians is on full display in the history of this bill.

The Conservatives tell us that it is urgent, that we must get on with it. Well, that is because they have dropped the ball, as I will describe in many ways. It has taken eight or nine years to get to this situation.

The Conservatives left an earlier version of a privacy bill sitting for two years in the House of Commons with no movement whatsoever and then it died at prorogation. How did that happen? In November 2006, the Standing Committee on Access to Information, Privacy and Ethics undertook its hearings on this reform. That was one year later than the five-year review process required by the act.

Just to back up, PIPEDA, the bill before us that is being amended, requires parliamentarians to review it after five years. They could not even get that deadline together.

In 2007, there was a report recommending certain things be done. Nothing seemed to happen. First reading was in 2010 for Bill C-29, the first PIPEDA reform. Second reading of the bill was in October. In September 2011 there was the first reading of Bill C-12, the second attempt to reform PIPEDA. That never got past second reading. It died when the government prorogued. Then another bill, this Bill S-4 was introduced in April 2014. This was the third try. Three strikes are lucky, I guess.

Here we are before Parliament with a bill that when it was in committee, the government said solemnly that it was urgent that we get on with it because it did not want to take a chance on any further delays and amendments. It is laughable the way the government treats the backbone of e-commerce, this privacy legislation. It has taken eight or nine years to get to where we are tonight. In the dying days of Parliament we are debating the legislation. It shows how important this must be to the government of the day.

In my riding, where we have a thriving e-commerce industry, with start-ups trying to develop apps and so forth, the bill is important and the government treats it with a history of neglect, which is the best way I can put the ineptitude I have described.

It is critical for small businesses, as I will describe, because they just do not have the wherewithal of large business to comply with some of the provisions of the legislation. I will come to that in a moment.

What does the bill do? Some of the things it does right is that it has finally agreed with endless Privacy Commissioner recommendations that there ought to be mandatory breach disclosure. If there has been a breach of data by a company, where it is sent to the wrong place and suddenly my personal information is found in the back of a taxi cab on a data stick, someone has to be told about it. That is pretty simple and obviously long overdue. That is a good thing to have in the bill.

Second, there are increased enforcement powers for the Privacy Commissioner, including the notion of compliance agreements that companies would enter into. This is a long-standing consumer protection approach that has now found its way into the bill.

According to experts, such as Mr. Lawford, testifying on behalf of the Public Interest Advocacy Centre, it would likely result in fewer reported breaches because it leaves the determination of whether a breach causes a real risk of significant harm entirely in the hands of the private sector companies.

Do the words “conflict of interest” seem to come up? They do and that obvious conflict of interest is fatal to the purpose of the bill. Why is a company going to want to blow the whistle on itself? It seems a bit odd and others have suggested, as has my colleague from Terrebonne—Blainville, in her Bill C-475, that it ought to be for the Privacy Commissioner, an independent officer of Parliament, to pass on that, not the industries themselves. That was the subject of much criticism in the industry committee, which studied Bill S-4.

That gives me a chance to talk about the attempt by the opposition to actually get meaningful debate in the industry committee. Since I got here, probably the most disappointing thing I have found is the government's utter indifference to any amendments unless they come from its side of the aisle.

There is an effort to have a real dialogue and to improve this and come up with a kind of unanimous support for something which is technical in nature, but the government said no to every single amendment, which, of course, in my experience is the way it does it every single time. I have been on two committees and I have not seen one amendment passed that anybody but the government proposes.

Trying to co-operate with the government to do something which is at the backbone of the new economy and it will not even talk to us. Apparently, that is how the government wants to do business. Fortunately, like so many Canadians, I hope that these are the dying days of a government with such arrogance and indifference to what Canadians want.

The efforts to try to fix this bill fell on deaf ears. My colleague, the digital critic from Terrebonne—Blainville, proposed that the Privacy Commissioner be the one who determined whether a data breach was significant enough to report, which makes sense, as opposed to the fox in the henhouse, where a company has to decided whether it is big or little.

That is not for banks to decide, whether they weigh their reputational risk that they might have versus consumers' rights. I know who could do that, an officer of Parliament. That would be the right person to do that. That is what my colleague suggested. The Conservatives propose putting the burden on companies.

Here is the problem with that, and not only the obvious conflict of interest but there are large companies, think banks, telecoms, companies of that size, that have departments that are responsible for privacy protection. More and more companies have what is called chief privacy officers to regulate this very technical area of the law.

They do a good job sometimes, but they often have this penchant that they obviously feel when they are trying to protect privacy, which is their job description, and not make a career-limiting move when information that is disclosed could cause harm, and the company would be angry with them and shoot the messenger. I have talked to CPOs in companies that tell me that the conflict is alive and well and I can understand that.

Small companies do not have these chief privacy officers, for example, to determine whether there is a significant breach or a significant risk of harm. They have no idea what to do. They want to co-operate, but they do not have the personnel or expertise to do it.

My colleague reasonably suggested that we give them a little help by letting them have access to the Privacy Commissioner's expertise and resources. Is that not a common sense provision? Is that not one that would help those small start-ups in the e-commerce industry that would really like the opportunity to do the right thing but do not have the budget to do it?

The economy in my community, the largest sector now, is not tourism or hospitality, it is high tech. The people who are producing the largest contribution to the Victoria economy are people who are just in this situation, wanting to understand the rules of the game in the new e-commerce, looking to the government to give them clarity, make it easy for them to do the right thing, so they can compete internationally, as they are doing so effectively, and to be onside with the European Union's incredibly stringent rules.

Guess what? They do not have a CPO, paid $150,000 a year or whatever, like the large banks would. The government has done nothing to assist them and they are angry about it. They do not understand why this so-called business-friendly government simply does not get it.

Some 18 amendments were proposed by the NDP and 18 amendments declined by the government of the day. We tried to work it out, but the government just wanted to jam it through. To add insult to injury, for the 97th time it used time allocation on a bill of a technical nature like this. I think the government is over 100 times now.

In the history of Parliament, has there ever been a government that has done this more often? I certainly do not know. I want to study it. I have a student looking at this because the arrogance and the anti-democratic behaviour of the government has to be exposed. The 97th time was for a bill on digital privacy. It is shocking and shameful that we are in this world today with this government.

The Supreme Court has told us that warrantless searches are wrong. They are unconstitutional. My colleague from Toronto—Danforth said we should send it to the court for a constitutional reference. We cannot have yet another loss in the Supreme Court. How many would that be? I have lost count. It is six or seven. How about having a reference to the Supreme Court of Canada?

The leader of the opposition asked for that today with respect to Bill C-51. The government, of course, would never do that. It just wants to go lose again in the Supreme Court.

The Spencer case in 2014 established that warrantless searches are a bad thing. How can the government then put these searches into Bill S-4, the bill before us, and pretend it is going to be constitutional? It is great work for lawyers. I have many friends who welcome the government's position because it is a make-work project for constitutional lawyers, but is it helping the Canadian taxpayers? Is it helping the e-commerce businesses, those little businesses from coast to coast that are struggling in this international economy? Do they have the clarity they need to go forward? Why do we have to waste our time with yet another Supreme Court loss by the government? It makes no sense.

Could the government have co-operated a little with people of good faith who wanted to make it better and solve this problem, as New Democrats tried to do in committee? One would think the government would welcome that, but it simply said no.

My next point is kind of a technical thing, but I want to raise it. We talked about breach notification, and I want to give an idea of how complicated this is for the little mom-and-pop or individual family businesses that are now arising in the economy. Clause 10, which would add section 10.1 to PIPEDA, talks about the kind of notification that is required when there is a breach. I want to give an idea of how complicated this can be and how lack of clarity means something.

Proposed subsection 10.1(5) says, “The notification shall be conspicuous and shall be given directly to the individual in the prescribed form and manner, except in prescribed circumstances, in which case it shall be given indirectly in the prescribed form and manner.”

Three times the word “prescribed” is mentioned, which means it will be prescribed by regulation to follow later. There would be regulations that would define the kinds of things that would have to be done to give notification of a breach. However, as an example, let us take a small business that is trying to do the right thing. When there is a breach, it wants to notify people immediately. What is it going to do? Until there are regulations, it is utterly meaningless.

I know the government will bring in regulations eventually. That is a good thing, and I am sure companies are looking forward to seeing them, but as they plan ahead in this incredibly dynamic sector, they do not have a clue, and neither do we. None of us can say what those prescribed requirements are, because “prescribed” means to follow later in regulations, regulations nowhere to be found. People will have to try to figure that out. People sitting in a little start-up in Victoria or St. John's or Toronto or Montreal will have to try understand how to work their way through this difficult bill.

It is a history of neglect. It is a history of failure to listen to the opposition, which wanted to work together to create this regime. It has a history of eight or nine years in coming to the dying days of Parliament, but we should not worry, because it is urgent now, according to the Minister of Industry.

New Democrats do not believe it.

Therefore, I move:

That the motion be amended by deleting all the words after the word “That” and substituting the following:

“this House decline to give third reading to Bill S-4, An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act, because it:

a) threatens the privacy protections of Canadians by allowing for the voluntary disclosure of their personal information among organizations without the knowledge or consent of the individuals affected;

b) fails to eliminate loopholes in privacy law that allow the backdoor sharing of personal information between Internet service providers and government agencies;

c) fails to put in place a supervision mechanism to ensure that voluntary disclosures are made only in extreme circumstances;

d) does not give the Privacy Commissioner of Canada adequate order-making powers to enforce compliance with privacy law; and

e) proposes a mandatory data-breach reporting mechanism that will likely result in under-reporting of breaches.”

Digital Privacy ActGovernment Orders

5:40 p.m.

NDP

The Deputy Speaker NDP Joe Comartin

The amendment is in order.

Questions and comments, the hon. member for La Pointe-de-l'Île.

Digital Privacy ActGovernment Orders

5:40 p.m.

NDP

Ève Péclet NDP La Pointe-de-l'Île, QC

Mr. Speaker, my colleague really put his finger on the problem, which is rather widespread and applies to other bills besides the one before us today.

For instance, following public pressure, the government unfortunately had to withdraw Bill C-30 from the order paper. However, there was also Bill C-51 and Bill C-13 on cybercrime. Now we are talking about Bill S-4, which completely destroys Canada's privacy protection regime. It waters down the criteria for obtaining warrants and, in some cases, even allows authorities to access the personal information of Canadians without a warrant.

I wonder whether the member could tell us just how troubled he is that this government says here in the House and elsewhere that it wants to protect Canadians, and yet it introduces a number of bills, like Bill C-51, Bill C-13 and Bill S-4, that put Canadians' privacy at risk.

Digital Privacy ActGovernment Orders

5:45 p.m.

NDP

Murray Rankin NDP Victoria, BC

Mr. Speaker, I thank the member for La Pointe-de-l'Île for her observation and her very pointed question. It helps put in context what we are talking about today.

The member referenced Bill C-30. That was the infamous bill where the former minister of public safety and emergency preparedness told us that we either stood with the government or we stood with child pornographers. Members will remember that. I know that I will never forget it. I was standing up for the privacy rights of Canadians. To be told we were in that box may have been the low point of this House, but there may have been others. It was shocking.

Bill C-51 is another example. There have been articles written as recently as today. I saw one entitled “Stumbling toward Total Information Awareness: The Security of Canada Information Sharing Act”. It is an article about the bill that is part of Bill C-51. Total information awareness: anyone who has studied the United States legislation in this regard will know what the reference is to.

The shameful protection of our civil liberties, of which privacy is just one, is emblematic of the current Conservative government. We can hardly wait for Canadians to be given the choice on October 19 to change all of that.

Digital Privacy ActGovernment Orders

5:45 p.m.

Liberal

Ted Hsu Liberal Kingston and the Islands, ON

Mr. Speaker, I want to congratulate my colleague from British Columbia for his excellent speech. I would like to give him a chance to expound a bit on his point, which I think is correct, that given the history behind the bill, there is no urgent need to pass it today.

We would gain much by passing the best possible bill, given all the amendments raised in committee by opposition members of Parliament, based on expert testimony. We do not need to pass the bill today. We could pass a better bill later this year or early next year.

Digital Privacy ActGovernment Orders

5:45 p.m.

NDP

Murray Rankin NDP Victoria, BC

Mr. Speaker, I would like to thank the member for Kingston and the Islands and recognize his efforts in this regard. I wish him well as he leaves this place. His contribution has been very important, and on this particular point, I could not agree with him more.

There were 28 amendments offered. We worked on the rules of the committee in order to get them in under the McGrath procedure, but all of them were rejected by the government in what can only be described, frankly, as a mean-spirited way.

I would rather have no bill than the bill before us. I think that is the burden of the hon. member's remarks, and I think that is absolutely right. After all, it is nine years out of date anyway. It has so many problems it will be found unconstitutional anyway. Why do we not do it right? I think that is what the member is saying.

Bill C-475, from the hon. member for Terrebonne—Blainville, would have gone some distance. It would not have allowed warrantless searches, for one thing. It would not have allowed companies to decide what a significant risk of harm is if there is a breach. It would have done so many things that would have been so much more consistent with how Canadians used to do business and how we used to protect our rights and freedoms.

Digital Privacy ActGovernment Orders

5:45 p.m.

Green

Elizabeth May Green Saanich—Gulf Islands, BC

Mr. Speaker, I want to thank my friend and neighbour from Victoria for an excellent speech.

I also want to pay particular tribute to another member of his caucus, the hon. member for Terrebonne—Blainville, who had put forward, as he mentioned in his speech, an excellent private member's bill, which would have gone much further in dealing with the current issues that this bill fails to grapple with effectively. We missed opportunities here, and I agree that after so many years of inaction it is a shame to pass a bill that could be so efficaciously improved.

I also had amendments before committee in clause-by-clause study that were similar to those put forward by the member for Terrebonne—Blainville, and they were all rejected, so I lament that.

Perhaps my research has not been as exhaustive as the research the hon. member's student is now doing, but I did examine the records of this place for time allocations when they first began to be used routinely. I found seven examples of time allocation between 1920 and 1954. As we all know, in the last four years we have experienced 100 time allocations. I am 99% certain that the Conservative administration in this Parliament has broken all records for shutting down debate by an order of magnitude.

Digital Privacy ActGovernment Orders

5:50 p.m.

NDP

Murray Rankin NDP Victoria, BC

Mr. Speaker, I thank my friend and neighbour from Saanich—Gulf Islands for her thoughtful intervention. I would appreciate sharing research with her on the issue of parliamentary decline, which her comment addressed.

There may be a some Commonwealth country in Africa that has done this more often. There may be some parliamentary democracy that I am unaware of that has done this, and that is the research I want to do. I believe that it may be a parliamentary record in the entire Commonwealth from Westminster to Zimbabwe, but I do not know, because I have not looked at Zimbabwe's record. However, it would not surprise me if we have achieved a record in this place in moving time allocation 100 times to curtail democratic debate.

Canadians should be aghast, they should be ashamed, and they should try to figure out how we can create a new government that would no longer put up with this if we are to be a democracy any longer.

Digital Privacy ActGovernment Orders

5:50 p.m.

NDP

Denis Blanchette NDP Louis-Hébert, QC

Mr. Speaker, I thank my colleague for his speech.

What I found really interesting about his speech was the way he put the bill into context. All of a sudden, at the last minute, the government decided that the Senate bill is urgent.

I would like to remind everyone that in 2010 the President of the Treasury Board, who was then the minister of industry, started a discussion about a digital economy strategy, a public consultation that never saw the light of day and that never produced any results. I think that when a bill like this comes from the Senate, that is pretty simplistic.

Given the growing importance of the digital economy and our digital lives, broadly speaking, does my colleague not think that we should simply drop this bill and rethink government regulations relating to the digital world?

Digital Privacy ActGovernment Orders

5:50 p.m.

NDP

Murray Rankin NDP Victoria, BC

Mr. Speaker, I thank my colleague for that very thoughtful question. I think it might make better sense to simply drop this bill and come up with a better bill along the lines of the one put forward by my colleague from Terrebonne—Blainville, but even that is getting out of date. This economy is moving very quickly, and given the kinds of protections that are needed, we obviously should be thinking five years down the road, not nine years behind us.

It is true that the bill does come from the Senate. Then it went to the Standing Committee on Industry, Science and Technology in February of 2015. At that point the Minister of Industry said he was open to changes, but the government warned that any amendments would mean the bill would go back to the Senate for approval and likely die with the fall election. The minister emphasized that “there is some urgency” with this bill.

Why create law that we know to be bad? Why create law that is going to be found unconstitutional once again? Why do that when the industry wants more certainty, not less certainty? In my remarks, I gave an example of one clause that deals with the prescribed form and manner of notification, and in it there are three references to regulations that are not out there.

We have no idea what this is all going to mean. It is a complete joke.

Industry deserves better. Canadians protecting their privacy deserve better. Small business deserves better. We can do better.

Digital Privacy ActGovernment Orders

5:50 p.m.

Liberal

Ted Hsu Liberal Kingston and the Islands, ON

Mr. Speaker, it is an honour to speak to Bill S-4, legislation which amends the Personal Information Protection and Electronic Documents Act.

As our lives are more and more immersed in a digital world, our understanding of digital privacy changes and our means of protecting digital privacy also needs to be updated. We use the Internet in so many ways. Our digital identity is now more a part of our identity when it comes to banking and commerce, our tax returns, government services, and our interactions with other people in society. Those are examples of how our identity is becoming more digital. In a world where crimes involving data theft, identity fraud and online stalking are on the rise, and we are becoming more worried about those, it is crucial to protect data to protect our identity.

Data is not simply information. In fact, as my colleague from Victoria very elegantly gave some examples, it is power. It is a doorway into the private lives of many. It is commercial power. The Liberal Party is deeply concerned that the government's commitment to safeguarding the personal information and privacy of Canadians is less than absolute.

Let me give another example which is not quite related to Bill S-4 but I think is important to mention just for the record. Members might know that since the elimination of the long form census, the government has been looking at linking different so-called administrative data sources in different parts of the government in order to reduce the burden of filling out the census. Indeed, some European countries do not have a census. They have deep links between different pieces of administrative data, and people have to report where they live every time they move. The Privacy Commissioner, whose testimony on Bill S-4 at committee was also quite important, has warned Canadians that we should be very wary of simply moving over to this European system, that there are serious privacy considerations which Canadians should look at and agree with before the government proceeds in that direction.

More and more, all of this information is becoming digital. As an example, although I think this is perhaps not the point at which we should be too concerned, in the 2016 census, the government is planning to automatically use income and benefit information from the Canada Revenue Agency. It can do this because everything is digitized. That information would be automatically tacked onto census information and any voluntary replies that Canadians provide to the national household survey, unless of course the election result in October is such that we do not have to go through that. I just wanted to bring that up for the record.

What I would like to talk about most is the process that happened at committee. We are at third reading now. We are trying to decide whether this is the best possible bill that this Parliament could pass.

Unfortunately, there are definitely concerns about whether the approach in Bill S-4 is too broad and whether there are unintended consequences. I will not go too deeply into them. In fact, my friend, the member for Victoria, has done a much better job than I ever could. Suffice it to say that Bill S-4 identifies situations where personal information can be disclosed without the knowledge or consent of an individual. It permits federal works, undertakings and businesses to collect, use and disclose personal information, without the knowledge or consent of an individual, to establish, manage or terminate their employment relationships with the individual. It permits organizations, for certain purposes, to use and disclose, without the knowledge or consent of an individual, personal information related to prospective or completed business transactions. Therefore, there is a danger, we believe, that Bill S-4 is too broad.

The problem is that at committee stage, there really was not sufficient examination of these details. There were 42 amendments proposed by the opposition parties. There was not substantive debate at committee. There were no explanations for why the government members opposed amendments that were based on the testimony of expert witnesses, such as the Canadian Bar Association, the Privacy Commissioner and the Insurance Bureau of Canada. There were 42 opposition amendments, all of them defeated rather quickly without a defence of that vote by the government side.

It has been brought up in debate by previous speakers about how committees have worked in this Parliament and how they could be changed in the next Parliament. I really do believe that a couple of simple steps would be a good start to reforming the committee system.

The first one would be to allow committee chairs to be chosen by a secret ballot in this House, just as the Speaker is chosen. My first encounter with this idea was in fact a motion from a Conservative backbencher, the member for Saskatoon—Humboldt. That would be a good measure to ensure that committee chairs are as independent as possible not only from the government, but from their own party leadership. That would be a step toward what we need to make committees really fulfill their role in Parliament, which is ultimately the role that all of us have, which is to hold the government to account.

The second thing which I think would be very useful in committee, and this reverts to past practice in this House, would be to forbid parliamentary secretaries and ministers from sitting as voting members of committees. That would be a good way to protect the independence of committees for the purpose of committees being able to do a better job of holding the government to account.

I believe that if committees had been working better, we would have at least had on the record somewhere the reasons for rejecting the 42 opposition amendments to Bill S-4. In fact, I also believe that if we really had independent committees, some of these amendments would have been adopted, and even in this majority Conservative Parliament, with those amendments we would have passed a better bill than it looks like we might be passing, given the majority on the Conservative side.

By way of conclusion, I just want to say that without a genuine, collaborative, detailed committee study, I believe that the committee has not held the government to account with regard to Bill S-4. Expert testimony has not been properly either taken into account or discounted with some evidence or some cogent argument. We have in Bill S-4 a bill in which there are potentially overly broad provisions and good reason in fact to believe there are overly broad provisions and unintended questions. That is why I will be voting against the bill at third reading.

Digital Privacy ActGovernment Orders

6 p.m.

Green

Elizabeth May Green Saanich—Gulf Islands, BC

Mr. Speaker, I want to say to my hon. colleague for Kingston and the Islands that spontaneous rounds of applause when a colleague stands to give a speech in this place are not common, but I had a feeling that since he is choosing not to run again, perhaps this is my last chance to give him a round of applause. Having a scientist in this place, someone with a Ph.D. in physics, is very helpful. I have always been somewhat in awe of my colleague from Kingston and the Islands.

I want to second his concern about the course of review of legislation in parliamentary committees. I had the great good fortune, although I have only had the honour of serving here since 2011, to serve in the administration of former prime minister Brian Mulroney. I was not a member of his party, but I was fortunate to be working with the minister of the environment and steered many bills through committees. There was non-partisan co-operation. That was the usual approach. Members of all parties within committees listened to witnesses. They never browbeat them. They listened respectfully. They asked questions about things that they thought would serve the committee in finding better public policy. It is new to have parliamentary secretaries sitting in committee holding the Conservative members at committee to whipped votes and often to scripted speeches and questions.

I just want to reinforce what my friend from Kingston and the Islands has said and ask him to expand on how we can ensure that Parliament returns to its true function of non-partisan, thoughtful, evidence-based review of legislation.

Digital Privacy ActGovernment Orders

6:05 p.m.

Liberal

Ted Hsu Liberal Kingston and the Islands, ON

Mr. Speaker, let me say that one consequence of this change of returning committees to their function of keeping the government to account is that committees would become headaches for governments, but that is what they are supposed to be if they do their job of keeping governments to account.

How can we effect this? If I could be slightly partisan, the Liberal Party has promised to make these changes to committees. My guess is that some of the other parties would agree with those changes, and hopefully, if we roll the dice on October 19 and it turns out well, we will have the votes that we need to change the rules in the House and to allow members of Parliament and the committees of the House to hold the government to account to do its job for the benefit of all Canadians.

Digital Privacy ActGovernment Orders

6:05 p.m.

NDP

Ève Péclet NDP La Pointe-de-l'Île, QC

Mr. Speaker, one of our biggest concerns here is that a provision in this bill would allow organizations to share personal information more freely and without a warrant for business purposes.

For example, a telecommunications company or some other type of business could share an individual's personal information with another business for the purpose of a prospective business transaction between another company and a Canadian citizen.

This bill would allow different companies to share personal information that belongs to Canadians without clear, precise and robust oversight by Canada's Parliament, which is to say, by Canadians.

Would my colleague comment on that provision in the bill?

Digital Privacy ActGovernment Orders

6:05 p.m.

Liberal

Ted Hsu Liberal Kingston and the Islands, ON

Mr. Speaker, it is true that this bill contains elements that may be too broad and would result in violations of Canadians' privacy.

One example that comes to mind is the do not call list. In the past it was possible to share information, telephone numbers and so on, and I think Canadians rightly did not want information like telephone numbers to be shared.

Going forward, individuals in Canada will have more and more digital identities that they may want to be protected and not to be passed around, not to be shared without at least their knowledge or consent. That is the sort of thing that needs to be constantly updated. The member for Victoria talked about the bill already being out of date and as time passes, this sort of digital privacy legislation needs to be updated constantly. We cannot sit still in legislation as technology evolves.

That is probably a general principle and why it would be good to have members of Parliament constantly consulting experts in technology, especially experts at the forefront of technology so that we can constantly update our laws regarding the protection of Canadians and protection of privacy.

Digital Privacy ActGovernment Orders

6:10 p.m.

Liberal

Kevin Lamoureux Liberal Winnipeg North, MB

Mr. Speaker, it is worthy to note that we are of the digital age and more and more Canadians are becoming aware and concerned that with one touch on a keyboard, one could have all sorts of information being transferred. It is an important issue for all Canadians.

The leader of the Green Party and the member made reference to the need for change. There were numerous amendments suggested. My colleague and I were just talking about how parliamentary secretaries should not be on standing committees in a voting capacity or otherwise.

A wonderful plan was released just yesterday by the leader of the Liberal Party. At www.realchange.ca one can see the 30-plus ideas and thoughts in terms of how we can effect real change.

I wonder if the member could highlight why he believes that the need for changing the system is so critically important. I suspect there would be a lot more support in the House if the government had accepted the amendments that were being proposed. That is the type of change that we need to see.

As many say, Ottawa is broken because of the actions of the government over the last 10 years.

Digital Privacy ActGovernment Orders

6:10 p.m.

Liberal

Ted Hsu Liberal Kingston and the Islands, ON

Mr. Speaker, I have already spoken about the independence of committee chairs, how we could ensure that independence by how we choose the committee chairs and take that out of the hands of the government and party leaders. I have also already spoken about the idea of removing the possibility of parliamentary secretaries sitting as voting members of committees.

However, what I think is also important is that committees need to be given the resources to really acquire the independent expert analysis that they need for any proposed legislation.

I would supplement what I said earlier with respect to resources. More generally, there are a lot of cases where we can change rules, but unless we put resources behind those rule changes, we do not actually accomplish what we want to accomplish.

I would ask that in the next Parliament the House ensure that committees have the resources they need to hold the government to account.

Digital Privacy ActGovernment Orders

6:10 p.m.

Liberal

Kevin Lamoureux Liberal Winnipeg North, MB

Mr. Speaker, I will take the opportunity to ask the member if there is some aspect of the legislation that he personally would have liked to have seen changed or that he is concerned about.

Digital Privacy ActGovernment Orders

6:10 p.m.

Liberal

Ted Hsu Liberal Kingston and the Islands, ON

Mr. Speaker, there was an amendment by my colleague, the Liberal member for York West, regarding the threshold at which a company or an institution was required to report an unlawful breach of personal information, not only to some authority, but to the individual related to the information of concern. The language was “represents a significant threat of harm to the individual”.

That amendment was important so Canadians could feel confident that if their information was released and if it would have any effect on them, they would be notified as well as authorities that could deal with the breach more generally.

Digital Privacy ActGovernment Orders

6:10 p.m.

NDP

The Deputy Speaker NDP Joe Comartin

Resuming debate. The hon. Parliamentary Secretary to the Minister of the Environment. I must advise the member that he will only have about eight and a half minutes in his speech before we conclude this debate.

Digital Privacy ActGovernment Orders

6:10 p.m.

Oshawa Ontario

Conservative

Colin Carrie ConservativeParliamentary Secretary to the Minister of the Environment

Mr. Speaker, I will be sharing my time with the member for Kelowna—Lake Country. I appreciate the timeline on this.

I am pleased to rise in my place today to speak to Bill S-4, the digital privacy act, which would make a number of important changes to strengthen Canada's private sector privacy law, the Personal Information Protection and Electronics Documents Act, or what is more commonly known as PIPEDA.

Data breaches are very concerning to Canadians. In fact, a recent survey conducted by the Office of the Privacy Commissioner in 2014 found that news of data breaches among several large retailers had made 80% of Canadians more reluctant to share their personal information with businesses. This is simply unacceptable. Canadians needs to know that when they choose to share their personal information with a business, it will be protected and kept confidential.

The proposals in Bill S-4 will amend PIPEDA to significantly strengthen the current law and ensure that the privacy of Canadians will be protected when it comes to the rules that companies must abide by when they collect, use or disclose personal information in the course of commercial activities. In the current legislation, there is no legal obligation for businesses and organizations to tell customers and clients when their personal information has been lost or stolen.

The digital privacy act would correct this by making important changes to PIPEDA and implement new data breach requirements for businesses. These changes would ensure that organizations would be taking appropriate steps to notify Canadians. The requirement for mandatory notification is welcome by many stakeholders, in particular the Privacy Commissioner of Canada. In his recent annual report to Parliament on PIPEDA, he stated:

—we welcome the proposed amendment to PIPEDA in Bill S-4, the Digital Privacy Act, which seeks to implement mandatory breach notification.

He went on to say:

Mandatory notification will also provide a clearer picture of the frequency and type of data breaches experienced by organizations.

Mandatory notification would better inform Canadians of situations in which their personal information has been compromised. It would also enable Canada to keep pace with other jurisdictions where similar measures have been enacted or are being considered.

As we have discussed many times, strong rules are meaningless if they are not backed up with strong compliance tools. Bill S-4 would give the Privacy Commissioner of Canada the necessary tools to hold companies accountable when it comes to the protection of the personal information of Canadians.

In addition to the notification provisions, Bill S-4 would also require organizations to keep a record of the event, regardless of whether a breach posed a risk of harm. These records would not only allow organizations to demonstrate due diligence in the risk assessment, but would also require companies to keep track of when their data security safeguards fail so they could determine whether they have a systemic problem that would need to be corrected. What is more, organizations will be required to provide these records to the commissioner upon request at any time.

This record-keeping requirement will give the Privacy Commissioner the appropriate tools to hold organizations accountable for their obligation to report serious data breaches. Once again, I would like to quote the Privacy Commissioner's 2014 annual report, where he stated:

—requiring organizations to keep and maintain a record of breaches, and provide us with such information upon request would be an important accountability mechanism. Our Office would be able to evaluate compliance with the notification provisions and assess how organizations are deciding whether—

Digital Privacy ActGovernment Orders

6:15 p.m.

NDP

The Deputy Speaker NDP Joe Comartin

Order, please. The hon. parliamentary secretary on a point of order.

Business of the HouseGovernment Orders

6:15 p.m.

Kamloops—Thompson—Cariboo B.C.

Conservative

Cathy McLeod ConservativeParliamentary Secretary to the Minister of Health and for Western Economic Diversification

Mr. Speaker, I seek the unanimous consent of the House for the following motion. I move:

That, notwithstanding any Standing or Special Order or usual practice of the House,

(a) when no member rises to speak at the third reading stage of Bill S-4, An Act to amend the Personal Information Protection and Electronics Documents Act and to make a consequential amendment to another Act, or at 6:30 p.m. this day, whichever comes first, every question necessary to dispose of the said stage of the said bill shall be deemed put, and a recorded division deemed demanded and deferred until the expiry of the time provided for oral questions on Thursday, June 18, 2015; and

(b) when no member rises to speak at the third reading stage of Bill S-2, An Act to amend the Statutory Instruments Act and to make consequential amendments to the Statutory Instruments Regulations, or at 1:59 p.m. on Thursday, June 18, 2015, whichever comes first, every question necessary to dispose of the said stage of the said bill shall be deemed put, and a recorded division deemed demanded and deferred until the expiry of the time provided for oral questions on Thursday, June 18, 2015.

Business of the HouseGovernment Orders

6:20 p.m.

NDP

The Deputy Speaker NDP Joe Comartin

Does the hon member have unanimous consent of the House to move the motion?

Business of the HouseGovernment Orders

6:20 p.m.

Some hon. members

Agreed.