Mr. Speaker, it is my pleasure to speak to Bill S-4, and I would like to do so by addressing three themes. The first will be how Bill S-4 reflects rather badly on our democratic process. The second theme will be that Bill S-4 is already hopelessly out of date. It is behind the technological times. The third theme is that there are worrisome features in Bill S-4 to the extent that it would inadequately protect privacy, even within the limits of what it is trying to do.
On that first theme of democracy, we should recall that a lot of what has subsequently come through the House in a series of different bills started with Bill C-30, which I always called the Internet surveillance bill. It got so panned by experts and civil society that the government tried to take it off of the table in the House by sending it to committee for study before second reading. It then disappeared, because the government knew that too much in there had attracted too much early attention from Canadians.
I mention that, because parts of it have begun to reappear in bits and pieces since Bill C-30 disappeared.
Bill S-4 uses one of the same techniques as Bill C-30 to try to take it away from public scrutiny. It is ironic that the method it would use is one that was recommended by the McGrath committee in 1982 or 1984, which is to make better use of committees by having them look at bills before the principle of the bill has been fixed, by having the government send the bill to committee before second reading. That is between first and second reading. It would allow committees to effectively look at the bill as a strong draft from the government, but for MPs, presumably from all parties, to try to improve and perfect the bill without being hamstrung in the way we are now in our committee study of bills by the principle having been fixed, as it gets fixed when we go to second reading for a bill in principle.
Bill S-4 did get sent to committee and, surprise, surprise, with the way that the government has operated since I have been here and since it got a majority in 2011, there were no amendments. The government rejected every amendment and presented no amendments itself. It was as if it had not heard anything that had convinced it of anything, despite all of the witnesses who had appeared and who, in very measured tones and with a very focused analysis, had indicated that there were ways, even within the limited confines of what the government was trying to do in the bill, that the bill could be improved. However, the government, through its MPs on that committee, decided that the bill was fine as-is.
Look at House of Commons Procedure and Practice, second edition, on page 742. It tells us what this procedure was intended to be when the McGrath report came down in 1982 or 1984. It was intended to be an empowering mechanism for the House in relation to government legislation. It was meant to create more of a partnership between MPs and the government. It says:
This empowers Members to examine the principle of a bill before second reading, and enables them to propose amendments to alter its scope.
In the end, this was a subterfuge. Who here is going to doubt that the reason it was sent to committee between first and second reading was to get it off of the agenda in the House, which can tend to lead to a bill receiving more public attention and producing the kind of civil society push back that we have seen meet the government's bills on and on for the last little while? It was a mechanism to reduce its visibility and to have it reappear just about now, with two weeks to go, when there is no steam, no energy, nothing left for civil society to get its mind around in terms of general resistance.
My colleagues have mentioned a problem with this bill, as with other bills that start in the Senate, which is a structural problem that will hopefully be dealt with after the next election by having the Senate put in its proper place. There is also something here, which is that there has been no acknowledgement by the government that this bill probably does conflict with the Spencer decision of 2014 in the Supreme Court of Canada.
This decision recognized the nature of the privacy interests in Internet users' data, including all the metadata that identifies various features of their existence on the Internet, and indicated that in a police context, warrants are needed in order to get access to that information.
PIPEDA, as amended by Bill S-4, would now allow private sector organizations, using the guise of fraud investigations, contractual breach investigations, et cetera, to request of any other private actor all that same information, and nothing is put in here by way of safeguards. It is as if the Spencer decision never came down.
We have had no opinion tabled anywhere from the Department of Justice, through the Minister of Justice, to say that under section 4.1 of the Department of Justice Act, the minister has assessed that Bill S-4 complies with the charter, even after the Spencer judgment. That is because the government never tables opinions and never takes charter arguments seriously.
The record is clear. Last year alone, something like a dozen judgments came from the courts, and 10 out of the 12 found that the government's legislation breached the charter or other principles of law.
The bottom line is that this bill is not a good story for democracy, but that again, I am sorry to say, is not a new story.
The second theme is that the bill has missed the boat.
This all started in 2007. That was when the PIPEDA review was mandatory under the statute, and very quickly a couple of different bills began to appear in the House. They just never got through the minority Parliament at all. Nothing really changed along the way. The government is still stuck back in whatever its thinking was around 2007.
Let me quote from the Library of Parliament's background paper on Canada's federal privacy laws. It says:
As advances in technology increase the ease with which information about individuals can be gathered, stored and searched, the need to protect the privacy of such information presents a rapidly evolving challenge for legislators.
That challenge has not been met. It is as if the government does not know how much of an information economy we have rapidly, almost exponentially, year by year, evolved into being.
How about these basic facts?
The world's largest taxi company right now has no cars. It is the largest taxi company because it has information. That is Uber.
The world's largest accommodations company, Airbnb, owns no property, but it is the richest and largest company by virtue of how it owns information.
The world's largest retailer has absolutely no inventory. That is Alibaba, in China.
This is the world we live in now, and there is nothing in the PIPEDA amendments, in Bill S-4, to indicate the government is at all aware of what it means to be living in this economy.
We should think about the so-called Internet of Things. According to recent research, by 2020, 26 billion devices will be connected to the Internet. That is roughly an average of something like three or four per person on earth. There is no evidence that this bill even comes close to understanding the privacy issues that arise from the fact that we are increasingly living in a connected world in which our phones will be reporting on our heart rates, our fridges will report on our eating habits and even order our groceries, self-driving cars will be out there on the roads, and thermostats and smart meters will monitor our every movement. There is nothing in the bill in that regard. All I would say is that amendments that are 10 years out of date are not exactly something to write home about.
The third theme is the inadequacies and the problems in the bill.
Let me just list them. They have been mentioned before.
First, the way in which the bill deals with giving consent on the web is inadequate after the Spencer case.
Second, the loophole that allows for private organizations to pass on information without any kind of safeguard system analogous to a warrant system, on the simple basis that they are investigating breaches of agreement or fraud or financial abuse, is a recipe for incursions into privacy.
Third, I would end by saying that the reportability standard whereby, if there is a breach of data, a company or holder of the data must tell the person whose data has been lost on the basis of a real risk of significant harm is a subjective standard that is assessed by the company. There is no real system to ensure that it does not become a mechanism for breaches to be hidden from public view and hidden, therefore, from accountability.