Debates of Nov. 28th, 2022

Is that agreed?

I am now prepared to rule on the point of order raised on November 22, 2022, by the member for New Westminster—Burnaby concerning the application of Standing Order 69.1 to Bill C-27, an act to enact the consumer privacy protection act, the personal information and data protection tribunal act and the artificial intelligence and data act and to make consequential and related amendments to other acts.

The member for New Westminster—Burnaby stated that there is a clear link between the first two parts of Bill C‑27, which respectively enact the consumer privacy protection act and the personal information and data protection tribunal act. He further noted that these elements were both part of the previous Bill C-11, which was introduced in the House during the 43rd Parliament.

However, the member argued that part 3, which enacts the artificial intelligence and data act, should be considered separately, because it does not directly concern privacy protection or the analysis, circulation and exchange of personal information. Accordingly, he asked the Chair to divide Bill C‑27 for the purposes of voting, as Standing Order 69.1 permits.

The official opposition House leader concurred. He added that, outside of clause 39 of the bill, which mentions the new consumer privacy protection act in the definition of the term “personal information”, part 3 of Bill C-27 does not refer to parts 1 or 2. Furthermore, the member for South Shore—St. Margarets stated that parts 1 and 2 of Bill C-27 deal with privacy protection, which has nothing to do with the subject of part 3, the regulation of the new industry of artificial intelligence.

On November 23, the parliamentary secretary to the government House Leader pointed out that privacy protection is the common theme that links every part of Bill C-27. In his view, the bill’s three parts constitute a framework for protecting the privacy of Canadians from the risks posed by artificial intelligence systems. He argued that dividing the bill would prevent members from considering all the risks and impacts that new artificial intelligence technologies may create for the security of personal information. He also noted that privacy laws do not adequately protect the public from new artificial intelligence systems and that, as a result, Bill C-27 should be considered as a whole.

Standing Order 69.1 gives the Chair the authority to divide the questions, for the purposes of voting, on the motions for second or third reading of a bill. The objective here is not to divide the bill for consideration purposes, but to enable the House to decide questions that are not closely related separately.

The Chair has carefully reviewed the provisions of Bill C‑27 and taken into account members' statements on the issue of dividing it for voting purposes. The Chair agrees that the bill's three parts are connected by a broad theme, namely, the use and protection of personal information. While parts 1 and 2 of the bill are closely related, this is not true of part 3.

The Chair is of the view that, given the lack of cross-references between part 3 and the preceding parts of the bill, with the sole exception being one reference to the new consumer privacy protection act—which serves to propose a common definition of the term “personal information”—dividing the bill for voting at second reading is justified.

In his intervention, the parliamentary secretary to the government House leader emphasized the common theme that links the three acts enacted by Bill C-27. In a decision on a similar matter, delivered on March 1, 2018, which can be found at pages 17550 to 17552 of the Debates, Speaker Regan said the following, at page 17551:

…the question the Chair must ask itself is whether the purpose of the standing order was to deal only with matters that were obviously unrelated or whether it was to provide members with the opportunity to pronounce themselves on specific initiatives when a bill contains a variety of different measures.

In the absence of a clear link between the three parts of Bill C-27, other than the theme of privacy protection, the Chair is willing to divide the question. Accordingly, two votes will take place at the second reading stage for Bill C-27. The first will be on parts 1 and 2, including the schedule to clause 2. The second will deal with part 3 of the bill. The Chair will remind members of this division before the voting begins.

If any part of this bill is negatived, the Chair will order the bill reprinted for reconsideration at committee.

I thank the hon. members for their attention.

Mr. Speaker, as many of my colleagues already indicated, this is a large and complex bill, and we believe that its individual components are too important for them to be considered as one part of an omnibus bill. I am pleased with the ruling of the Speaker.

There are three separate pieces of legislation to this bill. In part 1, the consumer privacy protection act would repeal and replace decades-old measures concerning personal information protection. In part 2, the personal information and data protection tribunal act would strike a tribunal to administer penalties for violations of the CPPA. In part 3, the artificial intelligence and data act is brand new to the bill and sets up a framework for design and use of AI in Canada, which is almost entirely unregulated.

Long before the widespread use of the Internet, our Supreme Court was clear that privacy is at the heart of liberty in a modern state. The government should be taking every opportunity possible to enshrine privacy in our laws as essential to the exercise of our rights and freedoms in Canada. As Daniel Therrien stated in the Toronto Star earlier this month, “democracies must adopt robust solutions anchored in values, not laws that pretend to protect citizens but preserve the conditions that created the digital Wild West.”

The value of privacy should anchor the bill. Instead, the bill fails right out of the gate. The preamble states:

the protection of the privacy interests of individuals with respect to their personal information is essential to individual autonomy and dignity and to the full enjoyment of fundamental rights and freedoms in Canada

Placing this value in the preamble of the bill where it has no teeth raises distrust rather than confidence that the government truly respects Canadians' privacy rights. The CPPA would require organizations, companies or government departments affected by the bill to develop their own codes of practice for the protection of personal information. While these codes must be approved and certified by the Privacy Commissioner, one can only imagine the variation of protection that would result. This requirement would add significant red tape and would be yet another onerous task borne on the backs of small and medium-sized businesses, which employ most Canadians. It would also create more work for the Privacy Commissioner in parsing through complicated codes created by larger, wealthier, powerful corporations, companies or government departments that have legal teams whose sole purpose is to find creative ways to perhaps game the system.

Although it would take more time and investment up front, the better option, in my mind, would be to create a standard code of practice that all entities have to follow. This could certainly be taken on as one of the first responsibilities of the expanded Office of the Privacy Commissioner in defining the universal code of practices, where confidence in the process would be greatest and where the greatest level of concern for individual privacy actually exists.

This bill states that personal information can be transferred without Canadians' consent for purposes ranging from research to analysis to business purposes, but it must be de-identified before this can take place. At first glance, this is a positive measure until it is compared with anonymization as an alternative. According to the bill, de-identify means “to modify personal information so that an individual cannot be directly identified from it, though a risk of the individual being identified remains.” That leaves much to be desired when compared to the anonymization of personal information. In the bill, anonymize means “to irreversibly and permanently modify personal information, in accordance with generally accepted best practices, to ensure that no individual can be identified from the information, whether directly or indirectly, by any means.”

Any attempt to identify individuals from de-identified information is prohibited, except in approved circumstances. While many of these approved circumstances relate to the ability of an entity to test the effectiveness of its de-identification system, the potential for abuse still exists. This bill would be improved by eliminating those chances for abuse. We should examine replacing de-identification with anonymization wherever possible.

In comparing Bill C-27 to the EU regulations, we see there are several ways in which the CPPA does not live up to what is widely considered to be the international gold standard of privacy protection, which is the European Union's 2016 General Data Protection Regulation, or GDPR. There is a glaring example of Bill C-27's inferior protections: The GDPR processes personal data in such a manner that it can no longer be attributed to a specific individual without the use of additional information kept separately, subject to technical and organizational measures. This is a security and privacy-by-design measure of the GDPR.

Regarding what Bill C-27 considers to be sensitive information, there is nothing to indicate what sensitive information actually entails. It is also limited in its application. Only the personal information of minors is considered to be sensitive. All information Canadians surrender to any entity should be considered sensitive. On the other hand, the GDPR possesses a particular regime for special categories of personal data, including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data and data concerning health, sex life and sexual orientation.

We are happy to see that consent is better defined in Bill C-27. However, exceptions for activities not requiring consent would remain in place. Some of them are so broad that an entity could interpret them as never requiring consent. These are loopholes that Canadians should not have to endure when they are required to check the box that they have read and accept terms before they are able to interact with a digital site.

For example, legitimate interests in a given situation may be used by companies to disregard consent. There is a danger that these interests will outweigh potential adverse effects on the individual. Attempting to define legitimate interests allows for too much interpretation, and interpretation is not something that lends itself to privacy laws. The use of personal information could also be exempt from consent if a reasonable person would expect the use of their information for business activities. There is no definition as to what a reasonable person is.

The bottom line is that there are far too many loopholes and vague terms. For the savvy, wealthy or well-lawyered, the potential for abuse exists. The GDPR, conversely, is unequivocal on consent. It must be freely given, specific, informed, unambiguous and in an intelligible and accessible form, and is only valid for specific purposes. Canada should have followed that example. Canadians cannot help but wonder why Bill C-27 does not.

Under the proposed CPPA, there is no minimum age for minor consent, nor is “minor” defined. In the EU, the GDPR sets out a minimum age for a minor's consent at 16 years of age. Member states also have the flexibility to allow for a lower age, provided the age is not below 13 years.

If a breach of personal information does take place, Bill C-27 would make Canada slower to respond than its international counterparts. This bill mandates that a notification be made to the Privacy Commissioner of any breach that creates a real risk of significant harm as soon as it is feasible. The individual affected would also need to be informed, but, again, as soon as feasible.

The GDPR sets out that a mandatory notification must be made to the supervisory authority without undue delay, or 72 hours after having become aware of the incident in certain circumstances. Prior to the introduction of this bill, Canada was lagging behind internationally, and it still is, even after. The GDPR is already six years old. That is six years of extra time during which the Liberals have failed to develop this legislation to meet the robust international standard.

In Bill C-27, the Privacy Commissioner would be empowered to investigate any certified organization for contravening the act. The commissioner has been rightly asking for increased powers and responsibilities for some time, and this goes beyond a mere recommendation to violators to stop their actions. The commissioner would be able to recommend greater penalties of no more than $20 million or 4% gross global revenue for a summary offence, and no more than $25 million or 5% gross global revenue for an indictable offence.

These penalties should add more bite to what the Privacy Commissioner can do and impact how Canadians’ personal information will ultimately be treated. The penalties would also apply to a greater number of provisions, such as actions that contravene the establishment and implementation of a privacy management program and failure to ensure equivalent protection for personal information transferred to a service provider.

However, these new powers for the Privacy Commissioner hit a dead end when taken in context with the second part of this bill, which establishes a tribunal. The personal information and data protection tribunal would consist of no more than six members, and only half of those members must have experience in information and privacy law. The Privacy Commissioner would have order-making authority and the ability to make recommendations to this tribunal regarding penalties. However, the tribunal would have the power to apply its own decision instead, which would be final and binding. Except for judicial review under the Federal Courts Act, the tribunal's decisions would not be subject to appeal or to review by any court. These are powers equivalent to a superior court of record.

The existence of this tribunal would dull the new teeth given to the Privacy Commissioner. While the commissioner could recommend that a penalty be levied for violations of the CPPA, it is the tribunal that would have the power to set the amount owed by these organizations.

The cost associated with striking this tribunal is also a concern. Despite the fact that its work would likely be limited to a handful of times per year to determine penalties, it would apparently require a full-time and permanent staff of 20. I am deeply concerned as the government also has a bad habit of striking advisory councils, or so-called arm's-length regulatory bodies, in advance of bills being debated and passed in the House, long before the ink on the legislation is dry.

My memory is drawn to when a bill was being debated in the House, and I inquired about the details of the proposed environmental council. I was told with great zeal that it had already been established, and the members had been appointed before the bill was even debated in the House.

Can the current Prime Minister tell us if this tribunal would be struck only after Parliament has dealt fully with this bill? Will the Liberals be transparent with Canadians on how the appointment process would be undertaken? Can they assure Canadians that a full-time and permanent staff of 20 has not already been determined? After seven years of Liberal power, the level of patronage in this place run deep.

Part 2, which is the personal information and data protection tribunal act, should be removed as it is a bureaucratic middleman with power that would conflict and create redundancy with the Privacy Commissioner's new powers. The new powers would mean little if they were not coupled with quick and effective consequences for violators. It would prolong decisions on fines and harm Canada's reputation of holding violators accountable.

It would also not align with our friends in the EU, U.K., New Zealand and Australia that do not use a tribunal system for issuing fines. It goes to show Canadians that when it comes to making big government needlessly bigger, the Liberals do it well.

The third and final part of this bill is the only entirely new component. The artificial intelligence and data act seeks to regulate an entity, artificial intelligence, that has not been regulated before in this country.

It would set standards for the creation and use of AI systems in Canada by both domestic and international entities. More specifically, international and interprovincial trade and commerce in artificial intelligence systems would be regulated through common requirements for the design and use of those systems.

It would prohibit certain conduct pertaining to AI systems that could lead to harmful results for individuals and their personal data. There is that mention of personal data. This is a massive undertaking, attempting to regulate something that, up to this point, has been almost entirely unregulated.

I also understand that consultations on this were only initiated in June. Logic would dictate that such a bill requires careful scrutiny and time to get it right.

Requiring record keeping and human oversight are positive developments. What we find difficulty with is getting a clear picture of what the final framework would look like, as the minister alone would be empowered to establish these regulations. The minister would be able to act independently of Parliament in making rulings and imposing fines. In an age of uncertainty and new horizons for our relationship with AI, this is unacceptable. Parliament, at the very least, and independent experts and watchdogs should be central to the creation and enforcement of these rules.

It appears that once again the government has chosen to simply tack on a crucial area of concern to Canadians to an already complicated bill, and it wishes to again entrust sweeping powers to a minister to act independently of parliamentary oversight.

My final thoughts today on Bill C-27 are as follows. The Conservatives are considering this bill through a reasoned approach, and appreciate that stakeholders who have been calling for this legislation for years are watching today's debate closely.

It is absolutely clear that modern-day protection for the personal information of Canadians is required. They must have the ability to access and control its collection, use, monitoring and disclosure, and the right to delete it or the right to vanish.

How can we ensure that data is protected through watertight regulations and strict fines for abuse while also realizing that not every business affected by this bill would have the resources of Walmart or Amazon? Small and medium-sized businesses should be shielded from onerous regulation that stifles their growth. This is not to say that business interests should weigh equally with personal privacy, but there is a balance to be had, and I believe the Liberals do not have it right here.

Furthermore, in a cynical attempt to move their legislative agenda forward, the Liberals have bundled changes to privacy laws with a first-of-its-kind framework for artificial intelligence that once again intends to govern through top-down regulation and not through legislation.

The Liberals should commit today to splitting this bill up to allow Canadians a clear view of its intended impact. With that commitment, the Conservatives will be looking to do the hard work at committee to improve the long-awaited but flawed elements of this legislation. Even in an age of convenience, the world in which we live grows even more complicated by the day. Canadians deserve privacy protection worthy of 2022 realities and beyond.

Madam Speaker, this is very progressive legislation that deals with an area of concern that Canadians have, and it is something the government is concerned about. That is why we have the legislation. It is for safety and privacy, which are of critical importance.

We are moving into a significant digital economy with databases. The issue is there, and I am interested in knowing where the Conservatives are going to fall on this legislation. When I listened to the member, she seemed to express concerns about this area, but there was no indication of whether the Conservative Party would be supporting the legislation. We just heard from the Speaker in terms of voting on the three parts.

Does the member have any suggested amendments that she is thinking about? I believe that Canadians need this legislation. Would it not be nice to have legislation of this nature pass second reading before the end of the year?

Madam Speaker, I do not know if, throughout my speech, members heard my concerns around the fact that this falls short of what our international colleagues have created. It is so much stronger in the European Union's 2016 general data protection regulation, or GDPR.

Obviously, we have indicated on this side of the House that we have a lot of concerns, especially with the lack of definition of so many terms that are included in this legislation. They need to be clarified. Otherwise, it is going to create all kinds of additional problems. What we need more than anything is clarity so that Canadians can have confidence that their privacy is being protected.

Madam Speaker, I was fascinated by the part of the bill dealing with artificial intelligence. Personally, I thought that it proposed a general framework and the beginnings of a legal structure that were very interesting. The objective is to regulate pan-Canadian, interprovincial and other trade, as well as to prohibit certain practices.

Does my colleague agree with me on that, at least? It is an important step forward in a sector like artificial intelligence, which is so murky and so amazing at the same time.

Madam Speaker, I agree that this is an area in which Canada is way behind. It is absolutely crucial that we get started on creating that framework. However, what disturbs me is the fact that it was tossed into this bill that also deals with other issues, which are significant on their own. Consultation on this did not even begin until June. It is very rash of us to consider it in this legislation. I am thankful that it is going to be voted on separately.

Madam Speaker, this follows on the question that was just asked by my colleague. We recently saw that 19,000 Canadians were affected by the recent Equifax breach, for example. The Office of the Privacy Commissioner concluded that Equifax did not fulfill its obligations to Canadians. It entered into a compliance agreement with no fines, no penalties and no compensation for Canadian victims. We are seeing very different fines and penalties for Canadians and Americans, and Canadians are getting the short end of the deal.

Does the member feel it is important that we have parity and equivalency for citizens on both sides of the border?

Madam Speaker, there are many areas where Canada is on the short end of the stick. I think of our ability to have Wi-Fi and cellphones at a reasonable price compared with other countries. In this case, it is really important that we do the due diligence needed. Canadians need to have the same level of ability to have their privacy protected that any other nation has. I would encourage members to look at the EU version of this and do a far better job of incorporating in this what is needed to function internationally with our allies.

Madam Speaker, I too share concerns with Bill C-27, particularly around the artificial intelligence and data act. Specifically, I agree with her. Having one minister solely delegated the responsibility for a wide variety of different regulations that might affect private as well as public data is too much. As Parliament, we should be looking into this and setting out the parameters.

The government has basically told the private sector that it can hold it accountable for serious harm, something it does not even define in the law, in Bill C-27, while at the same time giving itself the ultimate loophole. It says it can exempt itself. Not only that, but some of the organizations are trustworthy, as it says in the bill. The minister can say that any provincial or federal commission or body he or she wants can be exempted, allowed to use artificial intelligence and held to a different standard than the private sector is.

Does the member agree that this particular section, more than anything, needs to be looked at? I believe it is too much government overreach. It has essentially given itself the ultimate loophole.

Madam Speaker, that is my deepest concern as well. We have seen the government, in other pieces of legislation, give itself the authority to create a situation that is out of the hands of Parliament and into the hands of a minister as to how things will be developed or implemented.

I certainly agree with the member. We need to do a lot more work and make sure that Canadians are truly protected, and not by just one individual at a certain point in time who has a great deal of power. In some cases in that situation, I would say too much power. We need to ensure that it is done properly with Canadians in mind.

Madam Speaker, I fully understand the stress the Canadian financial sector is feeling.

Unless we tighten the rules, Canada will not meet the European Union's expectations, which means Canada's financial sector could lose all or part of very important European markets. There is less pressure in Quebec because, thanks to its own legislation, it is already compliant.

Despite the pressure, the bill must be properly drafted. Is my colleague concerned that pressure from the financial sector could lead to a situation in committee where words and time are more limited?

Madam Speaker, this is an example of circumstances where Canadians are having trouble trusting the government to do the right thing and to truly have their backs in this area. We have already seen circumstances in the past year or two where the banks have had an unbelievable impact on Canadians' lives by having the powers entrusted to them to do things that are out of line and out of step with truly protecting the privacy of Canadians.

Madam Speaker, my colleague talked about the tribunal aspect. It is very important that, in this bill, when it comes to privacy protection, besides the Privacy Commissioner, we would have another element of a tribunal. Most importantly, out of that process, there would still be the Federal Court. When it comes to citizens having their data breached, and the whole premise of this bill is to protect that of citizens, children and adults alike, there is still going be a tribunal added.

Is there any other jurisdiction that is using a tribunal? If not, why does the member think it is included in this bill?

Madam Speaker, it is deeply disturbing to me when I see that, among the European Union, U.K., New Zealand and Australia, none of our allies has chosen to use a tribunal. The power is there for their commissioners to make sure that the various entities are being held accountable with regard to an individual's privacy.

Their rules are far more specific than ours are in this bill thus far, and it just shows that we are weaker in truly protecting Canadians' privacy rights compared to our allies. It is a sign that we are doing things with an ulterior motive. That disturbs me, because it would again give power to a different organization within the system, which the government is creating to basically give different organizations, perhaps government departments, an out—

Resuming debate, the hon. member for Richmond Hill.

Madam Speaker, I will be splitting my time with my colleague, the member for Vaughan—Woodbridge.

I am pleased to rise today in support of Bill C-27, the digital charter implementation act.

Privacy is a long-standing, fundamental right for Canadians, and we have never been more reliant on the digital economy. Even though we are living in this complex technological era, the current privacy law was last updated over 20 years ago, before smart phones or any social media platforms even existed. This brings us to the cardinal step our government is taking today.

We know Canadians need to have confidence not only that their is data safe and their privacy fully respected, but also that their government is striving to enhance the protection of their privacy through the implementation of timely safeguards in an era when the digital economy is driving transformative change. These objectives are exactly what the privacy protection framework of Bill C-27 would aim to accomplish.

We are introducing new legislation to ensure our country has critical protection in place to safeguard the security of Canadians. This legislation proposes not only to increase the confidence of Canadians in emerging technologies but also to strengthen privacy protection for consumers while supporting economic development that results from the responsible use of data and artificial intelligence. It would also pave the path for governing trade and commerce in the private sector, as it relates to regulating how private organizations handle personal information and develop AI systems.

Upon enactment into law, Bill C-27 would be one of the most substantial improvements to Canadian privacy laws in decades, but it would go further by establishing a legal framework to regulate high-impact AI systems to better protect consumers. In essence, this legislation proposes the following key enactments: the consumer privacy protection act; the personal information and data protection tribunal act; and finally, the artificial intelligence and data act, or AIDA. I will expand on each one of these major enactments in detail.

The enactment of the consumer privacy protection act proposes to achieve the following: first, to enhance Canadians' control over personal information by empowering them to request its deletion, and adding new transparency requirements for organizations when obtaining consent from individuals for their information; second, to create new data mobility rights that promote consumer choice and innovation; and third, to bolster our privacy enforcement and oversight by granting the Privacy Commissioner of Canada order-making powers to compel organizations to stop the use of personal information, through administrative monitoring penalties for serious breaches of law.

This aspect of the bill is of the utmost importance to nearly 200 of my constituents in the riding of Richmond Hill who have voiced their pertinent concerns regarding privacy protection and have spoken to me personally in relation to this legislation and what it seeks to achieve for Canadians. Through the mentioned key facets, my constituents, and in fact all Canadians, can rest assured that their government's sole intention is to ensure Canadians' first-class privacy and data protection.

By enacting the personal information and data protection tribunal act, our government seeks to strengthen protection for minors' personal information, introduce greater flexibility for the Privacy Commissioner and explicitly foster more privacy expertise among key decision-makers. This would be achieved through the establishment of a new administrative tribunal to hear appeals of certain decisions made by the Privacy Commissioner.

The third and most crucial aspect of this legislation, in my point of view, would establish a new law on artificial intelligence.

According to a recent study by Nanos Research on behalf of Innovation, Science and Economic Development Canada, key industry stakeholders have expressed a range of concerns regarding artificial intelligence. As technologies have matured, risks associated with AI systems have also come to light, including with respect to health, safety and bias. These concerns speak to the need to ensure the responsible development of AI. Moreover, as companies invest in increasingly complex AI systems, Canadians need to have confidence in AI systems they use every day.

It is therefore essential that the use and collection of data follow best practices to protect the rights and freedoms of Canadians. This brings me to the very reason why I personally identify this enactment as the most crucial aspect of this legislation.

It is in response to these legitimate concerns that our government proposes to introduce a new law to promote a unique approach to AI. It is an approach that would protect Canadians from discrimination, loss of autonomy and serious harm to their health, safety and economic well-being. The newly proposed AI law contains central provisions that would protect commercially sensitive information while ensuring that AI systems do not cause adverse effects on Canadians. Consequently, this approach would establish rules aimed at promoting good data-governance practices and respect for Canadian standards and values.

This new law would support responsible innovation by giving companies a clear framework for developing AI systems; compel organizations responsible for AI systems to mitigate potential harm to Canadians, including bias; establish an AI and data commissioner to support the Minister of Innovation, Science and Industry in the administration of the act to encourage innovation in the marketplace; and, finally, impose serious penalties for all use of illegally obtained personal information.

It is also notable to mention that it would serve as a build-up on our government's previous investments and commitment to expanding the pan-Canadian AI strategy first launched in 2017 to enhance growth in Canada's digital economy.

Each of these acts would work to provide Canadians with more autonomy over their privacy and increase accountability of personal information handled by organizations, while also giving Canadians the freedom to move their information from one organization to another in a secure manner.

In quick summary, by introducing this groundbreaking piece of legislation, our government is working to strengthen and modernize our privacy laws and to protect Canadian consumers by limiting private companies' abilities to access private information in the digital sector. Most importantly, we would be creating new rules for the responsible development of Al alongside the continuation of the advancement of its implementation across Canada.

The digital charter implementation act would ensure Canadians have strong privacy protections and clear rules of the road for businesses, as well as guardrails to govern the responsible use of artificial intelligence. As I stand here today in support of this important piece of legislation, I am confident that, given our country's highly skilled workforce, with this vital step, Canada would be well positioned not only to play an important global role in the field of AI, but also to create an environment where Canadian companies could be world leaders in responsible innovations.

Most importantly, through this cardinal legislation, Canadians would be reassured that we would never compromise on trust and safety for their privacy, and that their government is wholeheartedly committed to advancing Canadian privacy protection laws while unlocking innovation that promotes a strong economy that works for everyone.

I would like to close this intervention by encouraging all my colleagues in the House to support this valuable piece of legislation. We can work together to move beyond traditional privacy protection to ensure data control for all Canadians and modernize our laws to adapt to the realities of a complex digital economy. This is the only way to advance Canadian digital technology and Canadian values across the world.

Madam Speaker, I just wanted to pick up on something my hon. colleague talked about around the tribunal. Given the fact that the EU and the United States do not have tribunals and given the fact that the Federal Court has the ability, presently, to appeal the Privacy Commissioner, I have a simple question for my colleague from the Liberal Party.

Does he feels that having that tribunal included is a necessity and, if so, why would he feel that way?

Madam Speaker, it is not a matter of whether it is a necessity. I think it is complementary and it strengthens the existing laws that we have. It also further ensures the protection of the data and provides a venue for the minister, as well as Canadians, to ensure that, if it comes to a point of contention, there are many venues to get the support they need.

Madam Speaker, I thank my hon. colleague for his speech.

I would like to come back to the topic of adopting this motion and particularly the importance of sending Bill C-27 to committee, to make sure all the details are in place. It is important that the committee do its work properly. This is very technical.

Quebec has Bill 25. How can we ensure that there is no interference between Bill 25 and Bill C-27? How can we combine the work of both levels of government? This is a shared jurisdiction. Could my colleague comment on that?

Madam Speaker, first of all, I would like to acknowledge the leadership that the Quebec province has shown in developing legislation around privacy. I want to ensure the member that this legislation is very much a complement and a partner with that legislation. There are two other provinces that are faced with the same situation, B.C. and Alberta, as well as Quebec. The key thing is that we are taking a lot of best practices from the Province of Quebec in this, and we look forward to hearing more about that when the bill is unanimously approved at second reading and is sent to committee for further review.

Madam Speaker, I have enjoyed working with my hon. colleague on committee for several years. I would like to ask him about the delicate balance that we have here between the interests of businesses and that of the individual with regard to privacy, ownership of data and algorithms. I fall more to the individual and the person being protected, as to the strength of where we should go. I just wonder if he has determined where he is at right now.

The bill seems to be a little too slanted toward business organizations at the moment and their use of data. I wonder how he feels about that.