Mr. Speaker, I am honoured to speak to Bill C-11 and data privacy.
Many in Parliament know of the previous work that has been done by the access to information, privacy and ethics committee. We dealt with this in 2018 around Facebook and Cambridge Analytica. We came together in London for the first meeting of the International Grand Committee, which represented nine nations and close to half a billion people. We have all seen how data manipulation can be misused by big tech, and our efforts in the International Grand Committee were really to set the stage for what we can do together to push back on some of big tech's practices and hopefully reform those practices. As chair of that committee, I was especially pleased with the efforts of all the parties in the room. In their speeches, the member for Beaches—East York, the member for Timmins—James Bay, my own colleague from Thornhill and many others took this on, as we care about all Canadians' data and privacy.
It is laudable that Bill C-11 attempts to combat some of the concerns that we have and crack down on some of those practices that have been concerning for many years. It deals with things like algorithm accountability, which has been mentioned by some colleagues today, personal access to data, de-identification of information, and certification programs for big tech so that there is a certain set of standards to be followed. Some of these moves have already been taken up by some in big tech who are doing this on their own to some extent. Stiffer penalties are recognized in Bill C-11, as well as private right of action.
However, there are many other things I am concerned about that are simply not in the bill, or there are huge exemptions that a freight train could run through, which would neutralize the bill in many respects.
First, privacy as a human right is the number one thing that I do not see in the bill. Many have said, from our efforts, that privacy as a human right needs to be foundational to any legislation. Conservatives recently passed a policy that deals with this exact principle:
The CPC believes digital data privacy is a fundamental right that urgently requires strengthened legislation, protections, and enforcement. Canadians must have the right to access and control collection, use, monitoring, retention, and disclosure of their personal data. International violations should receive enforcement assistance from the Canadian Government.
Clearly, this is a concern of many. We have heard from countless witnesses and experts. Jim Balsillie, who has been mentioned already this morning, warned us of what can happen if we do not take this seriously.
I will talk about the exemptions in the bill that concern me, and my copy of the bill is very well highlighted for some of the errors that are in it.
There is “Exceptions to Requirement for Consent.” A meaningful consent is another principle that we really need to address in the bill, and it has been mentioned already. If children have an app they like to play games on, all that has to be done to basically hand over their data is just a little check box in order to play the game, and we call that “meaningful consent”. Bill C-11 says that it attempts to fix that, but I will go over the exemptions.
“Exceptions to Requirement for Consent” states:
An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for a business activity described in subsection (2)
This is the list of activities in subsection (2) that are exempt from meaningful consent:
(a) an activity that is necessary to provide or deliver a product or service that the individual has requested from the organization;
(b) an activity that is carried out in the exercise of due diligence to prevent or reduce the organization’s commercial risk;
(c) an activity that is necessary for the organization’s information, system or network security;
(d) an activity that is necessary for the safety of a product or service that the organization provides or delivers;
(e) an activity in the course of which obtaining the individual’s consent would be impracticable because the organization does not have a direct relationship with the individual; and
This is the big one:
(f) any other prescribed activity.
I appreciate the Liberal members stating that this bill is an effort to get us to a better place around data privacy in Canada, but exemptions like that in the legislation need to be addressed. That is why our party talked about getting Bill C-11 to the industry committee to have a fulsome discussion of its good parts and of what needs to be fixed and strengthened. Sadly, the current government has decided to send it to the ethics committee instead of where it should go. Some of the audience today might understand why. Because of the government's many ethical lapses and failures, it would like to use up all of the time it possibly can with other legislation, such as Bill C-11. Only ethics violations should really be discussed at the ethics committee. It is unfortunate that this is going to be pushed to the ethics committee. My hope for legitimate changes to the legislation may be muted by a rush to get through it, and it may not be given due diligence, as many Canadians are expecting it should.
I want to thank the Canadians who have come to me over the years to talk about their concerns around the way our data is collected. Many years ago I coined the phrase that our online data is essentially our digital DNA. It is who we are online, and we need to do all we can to protect the information and data of Canadians. In this new era of social media being in the public square, we need to do our due diligence as legislators to make sure that it is protected as much as possible. Unfortunately, although the effort is laudable, this legislation simply falls short. That is why, from our perspective, we want to see it go to committee and hopefully changes can be made there.
There is an old saying: “Don't let the perfect be the enemy of the good.” I do not think we can call this legislation good quite yet.
I wanted to thank some of the guests we had before us. There has been some discussion that not enough has been heard regarding privacy and digital issues online, but we had countless experts from Canada and heard from experts around the world. We heard from Shoshana Zuboff and many witnesses at our International Grand Committee who really set the blueprint for what can be done with digital and data privacy. We have a way to make it better.
Our Privacy Commissioner made many suggestions. We see some of those in this legislation regarding increased fines and stiffer penalties for big tech if they misuse people's data or have lapses with that. However, the legislation still falls short. My hope is that it gets to committee so the committee can get a really good eye on it and have the chance to propose some fixes to those exemptions and other holes in the legislation.
I look forward to any questions.