Madam Speaker, I am pleased to participate in the second reading of Bill C-11, the digital charter implementation act, 2020. I will be splitting my time today with the member for Davenport.
When Canada's privacy law was introduced in 2000, Parliament intended that it would achieve two objectives, which were privacy protection for individuals and the growth of electronic commerce. Over 20 years later, our government is introducing this legislation to provide an updated strategy for protecting privacy in our new digital world.
I have heard loud and clear from the constituents in my riding of Mississauga—Erin Mills, and they want to see strong privacy laws. These privacy laws not only protect consumers and help build trust in the digital marketplace, but with the consumer privacy protection act, a principled and agile privacy enforcement regime would create a vital safeguard as companies engage in the digital economy.
Today, I would like to provide further insight into a key aspect of the bill that will not only provide guidance for businesses for protecting individuals' personal information, but will also support responsible innovation. I am speaking today about provisions in the new consumer privacy protection act to formally recognize codes of practice and certification systems as a means of demonstrating compliance with the law.
A key strength of our current private sector privacy law, commonly known as PIPEDA, will be maintained in the new consumer privacy and protection act. That strength is a principled approach to rule setting. Our private sector privacy law applies to all organizations in all industry sectors of all sizes and levels of sophistication. This level of general application is crucial in order to establish a baseline of privacy protection that applies across the marketplace.
While comprehensive, this law must also be flexible, non-prescripted and technology-neutral so that it can be applied in all circumstances. These characteristics have long been recognized as a key strength of the existing law and there is widespread support for maintaining this approach. However, it is sometimes a challenge for organizations, especially smaller businesses without dedicated legal resources, to understand how to implement these high level obligations within their specific context.
For example, consider a situation where an organization is using a cutting edge technology which has not yet been the subject of a finding by the Privacy Commissioner or where an organization must handle complicated data flows with complex accountability, such as in connected and automated vehicles. These challenges are becoming more commonplace in a data-driven economy.
To help address these problems and to provide assurance to businesses and consumers alike, the consumer privacy protection act would allow any entity to apply to the office of the Privacy Commissioner for approval of a code of practice that provides a specific set of rules for how organizations can operate in compliance with the law. This approval would be particularly useful for organizations using a new technology or operating with a new business model.
This type of regulatory certainty is very much needed in today's rapidly developing economy. It gives organizations and their business partners a level of comfort that they are operating on the side of the law. It also supports a level playing field in areas where there is no jurisprudence or specific guidance for organizations. It also makes it more transparent to Canadians how their personal information is being used in these circumstances. To take it—