Debates of March 7th, 2023

Madam Speaker, I think a lot of it, too, falls on the vague language that we see throughout the bill. I alluded to that multiple times throughout my speech. Canadians want to see strong safeguards because right now the fact is that there are not as many protections currently in the law, but as this bill is currently written, it would not necessarily strengthen it either. It is good to see that the government has put legislation forward, but at this point it just feels like it is a virtue signal that the government is going to take this issue seriously, but it is not actually doing anything substantive to it.

Conservatives want the bill to have stronger language to make sure there would be real rules in place to protect people's data and make sure they would not be victimized either by big government or big business.

Madam Speaker, I am wondering about something. People have been talking about anonymizing data and the importance of protecting individuals' personal information by keeping it anonymous.

That said, we will be working on the online hate issue shortly. I think that, in some cases, we do need that ability to trace Internet users so we can pass legislation and take action if people make statements that cross the line and are found to be illegal or even criminal.

Does my colleague think it is possible to protect personal information and anonymize data online while also keeping Quebeckers and Canadians safe by making sure users who commit online crimes can be traced?

Madam Speaker, I think anonymizing and aggregating data is extremely important. One example we saw where that was not necessarily taking place was with Tim Hortons. A couple of years ago, if someone had the app and was going to the store to buy a product, or if they just had it on their phone and went through there, Tim Hortons would track where people were going for a period of time after they had been at the store. It was very clear where that data was going and what it was going to be used for, because it was not anonymized or aggregated.

I do think there is something to be said for having a proper regime in place to make anonymization and aggregation take place. It does happen in some cases, but I think it needs to be utilized a lot more in cases where people's data is there. People need to know for sure, have absolute confidence, that it will be done and that the data cannot be unscrambled. We have heard many times in other committees that the unscrambling of data can happen and that it can happen quite quickly too, so we need to make sure people are protected, even if their data is being anonymized and aggregated.

Madam Speaker, I think one of the things we have really benefited from in Canada is the Privacy Commissioner and the office. There is no doubt that the United States not having this position has created an issue for that country. For ourselves, the commission having appropriate resources and reformation to enforce the decisions, as well as having independence from Parliament in many respects, is crucial for the NDP.

I am just wondering where the Conservatives stand on this, with regard to the Privacy Commission, because there would potentially be a tribunal created with Bill C-27, and then there would be far more regulation and oversight necessary from the Privacy Commissioner in the age of artificial intelligence.

Madam Speaker, having the Privacy Commissioner is fantastic, and it is interesting to see provinces that have their own privacy commissioners as well. For a number of meetings, I substituted in on the ethics committee, and we heard from some of the provincial privacy commissioners who did fantastic and important work. I think, generally speaking, Canadians would like to see them continue to be able to do their work. They play an important role. I am only going to talk about what is happening here in Canada, but I would like to see their offices continue to function, and I appreciate the valuable work they do.

Madam Speaker, we are talking about Bill C-27, an act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other acts. The length of the bill's title is commensurate with the work that will be required of legislators.

Obviously, the Bloc Québécois will be voting in favour of the bill, since we have wanted it for quite some time. Quebec is actually already ahead of the curve on this issue. We absolutely must send Bill C-27 to committee so we can hear from experts who will point out the flaws in the bill, shed light on how to improve it and put some flesh on the bones, so to speak.

There are too many details in terms of the areas of action and application, and we cannot look at them all too quickly. We need some clarification, and that is to be expected. The committee needs to hear from a wide range of witnesses. The bill must not pass too quickly. What matters is taking our time in committee. That is what taking responsibility looks like, if we want Internet users to do the same.

On November 28, 2022, the Speaker of the House made the following decision regarding Bill C‑27:

...two votes will take place at the second reading stage.... The first will be on parts 1 and 2, including the schedule to clause 2. The second will deal with part 3 of the bill.

Thus, if the House votes against the AI portion, work on Bill C‑27 will continue without that portion. If the House votes in favour of the bill in its entirety, it will go to committee. Even if we vote in favour of the AI portion at second reading, there is still an opportunity to vote against it at third reading. That sort of latitude is important.

The Personal Information Protection and Electronic Documents Act has needed reform for years. A digital charter is urgently needed. Canada's privacy law is pre-digital, if not prehistoric. Today's context is completely different from that of the 2000s.

Bill C‑27 is also a response to the strict and ambitious European privacy legislation, the General Data Protection Regulation. We already know that without an adequate legislative response, it will become impossible for European organizations to exchange information with countries or international organizations that have not adopted legislation as strict as theirs.

If Bill C‑27 is not well structured and up to date, Canada will not meet the European Union's expectations. I consider that to be important and very serious.

In Canada, the financial sector is beginning to worry, and it is putting pressure on the government because it fears losing a portion of its European market. That makes sense.

There is less pressure in Quebec because our laws are already compliant, or almost. What is governed by Quebec is already relatively protected. The problem is when two levels of government overlap and one is inadequate. For example, Mouvement Desjardins is already prepared, but the same cannot be said for Fiducie Desjardins, which is the Ontario counterpart. It is the former Trust Royal, an Ontario trust company.

It is troubling, for example, that Ontario does not have updated privacy and artificial intelligence legislation when we do and that even the same institutions with the same names do not have the same laws.

However, even though this is an urgent issue, we cannot take a scattershot approach and let the most important things get lost in the shuffle.

Let us talk about protecting individuals. In many ways, Bill C‑27 seeks to protect individuals' anonymity. It puts the individual and the idea of consent back at the centre of reflections on digital exchanges. To date, in Canada, organizations have been given a free pass and they have taken advantage of the digital wild west to share personal information without any legislation to stem their greed. Bill C‑27 will not only limit and restrict their excessive freedom, but it will also give them responsibilities.

Bill C‑27 creates a tribunal. It sets out three types of sanctions for those who contravene the act. The first is administrative monetary penalties, or fines, which work for road violations, at least. The other two are criminal and penal offences.

Bill C‑27 is clearly binding and it has real power.

Privacy protection is a shared jurisdiction. Even if Bill C‑27 gives the impression that it will be consistent with Quebec's new Bill 25 on privacy protection, as currently drafted it offers no such guarantee. The government must ensure that Bill 25 is substantially similar to Bill C‑27 and stipulate it by decree. We understand that Bill C‑27 is not intended to infringe on Quebec's legislation. This needs to be confirmed in committee.

Let us now talk about artificial intelligence, more specifically about individual identification. There are currently three ways to identify an individual, either with a password or social insurance number, biometric data and voice recognition and our possessions, such as text messages, phone calls and so forth.

Currently, European law requires companies to rely on two of those ways, and maybe three, eventually. Bill C‑27 needs to legislate on this as well.

There is also the variable of sensitive personal information. Inspired by European law, Quebec's Bill 25 on privacy protection defines information as sensitive if “due to its nature or the context of its use or communication, it entails a high level of reasonable expectation of privacy.”

On that point, although Bill C-27 does not define what sensitive data is, its meaning will guide the development of cybersecurity measures. In other words, the AI legislation enacted in Bill C-27 will serve as the foundation upon which more ambitious legislation will have to be built so that we can more adequately regulate the AI environment. It is a good start, albeit a late one.

In closing, I would point to the many feats of artificial intelligence. This is a process of imitating human intelligence that relies on creating and applying algorithms in a dynamic computing environment. We have all seen the Prime Minister responding in a fake interview where he can be heard making false statements. The sound and image were really similar. It was uncanny.

It has also been shown that artificial intelligence can create works of art whose similarities are so close to the original creation that they could compromise its original value. I am a songwriter, and, thanks to the ChatGPT concept, one could take the various characteristics of each of my 80 original songs and make an 81st that would have essentially the same melodic flourishes and the same kinds of metaphors. I confess that this troubles me immensely.

We all understand the potential scale of this kind of thing and how it can have all kinds of repercussions. However, we have also been told that, for science, this tool can be revolutionary as long as we have a legislative framework that is adapted to the current state of AI and future-proofed for developments to come. What worries us is the minister's stated intention to pass the bill quickly. Bloc members believe the committee should take all the time it needs to hear from a broad range of witnesses so we can identify and fix the bill's grey areas and blind spots.

The government indicated openness to slowing the work down. Will it do as we ask? We hope so. If that is how it works out, that would be good.

AI is more about the data analysis process and the ability to do that thoroughly than about a particular format or function. That is why we have to deal with the issue carefully and understand its impact so we can make the necessary legal framework as good as possible. Doing that means taking the time for an in-depth study of Bill C‑27.

Here again, Quebec is the leader of the pack, and others would do well to follow suit.

Madam Speaker, I appreciate the work that my colleague does with me on the Standing Committee on Fisheries and Oceans.

As my colleague knows, I have three young children, aged seven, eight and 10. Sometimes, when I see them using their devices, I think about how much things have changed from when I was their age. I would like to ask my colleague whether she thinks it is important that this bill makes it possible to protect children and set up parental controls to keep our children safe from everything that is on the Internet and social media, so that they are protected from data theft and identity theft.

Madam Speaker, I thank my colleague. I admire him and appreciate his friendship because we work very well together in committee. We have a great connection and I appreciate that.

I also appreciate the fact that his wife is a music creator like me. She knows what I mean when I talk about the threat of our artistic productions being copied.

With regard to cybersecurity for children, I completely agree with my colleague. I think that the committee will be very interested in examining that unique aspect of the bill. We talked about cyberviolence yesterday, and I think that will be an extremely important aspect. We also need to think about educating families and parents so they get the tools they need to better protect our young children, who certainly need protecting in today's tumultuous cyber-environment.

Madam Speaker, my colleague is probably hearing from constituents, as I am. The bill seems to be silent on the selling of personal data. It is silent on facial recognition. She mentioned the artificial intelligence part of it. It seems that the new artificial intelligence part of it was just jammed alongside, and there is not a lot of thought in there.

She did not comment on the concept of implied consent. I thank my Liberal colleague for bringing up the protection issues. The bill does mention the term “implied consent”. That would allow businesses to take a user's consent to use their data and information for new purposes without actually obtaining it. I wonder if she could comment on that and why it is so important to get that right.

Madam Speaker, I thank my colleague for his very relevant question. When it comes to consent, I believe that very clear guidelines need to be set in order to avoid ambiguity.

Why does the bill before us need so much study and deliberation in committee?

I think we will find that consent is a very particular aspect of this domain and that, as I said, we will have to set very clear and precise guidelines that cannot fail in practice. I believe the experts will enlighten us on this subject. I hope we will have the ability and the opportunity to hear from them during the committee study.

Madam Speaker, it is an important piece to talk about. Megacorporations, in particular those corporations that utilize AI and other digital tools, have been doing something nefarious, which is putting in these long, giant legal descriptions. Many people just scroll to the bottom of these and accept them. However, many people do not know how complicated those arrangements are that they are coming into.

I wonder if the member would talk about how dangerous it is to have such complicated agreements that regular folks are signing on to, while not knowing the explicit dangers and damages that come along with agreeing to those terms and conditions, like the ones we are talking about today and like the ones that are harvesting data. Would the member expand on that, please?

Madam Speaker, I will give a brief answer.

Cigarette packs have a warning label on them to indicate that smoking causes cancer. I think it will be important to include similar warnings about the security of our personal data on the Internet.

Madam Speaker, privacy is important, and I think nearly all Canadians agree on this. I presume that all members of the House agree on that as well. A generation ago, the Supreme Court also agreed; it said that privacy was something upon which our most basic and ancient expectations of liberty depend. The security of the person depends on privacy, and without a basic expectation of privacy, it is difficult to imagine how any freedoms and security can exist.

What about privacy in the digital age? There is a growing awareness of how both businesses and governments threaten people's privacy and their expectation of privacy. Over the last few years, Canadians have seen high-profile examples of gross violations of this basic expectation of privacy, from both the private sector and government.

Users of the Tim Hortons app were rightly appalled when they learned that a private business was tracking their movements without their knowledge or consent, well after they had ordered and purchased their products. We also heard about Home Depot and the sharing of emails without the knowledge or consent of its customers.

We have seen where Telus Mobility gave the Public Health Agency the mobility data of not only its own customers but any customers whose signals passed through its infrastructure. It did this without following Canada's existing privacy laws, which required the Public Health Agency to consult the Privacy Commissioner before obtaining or using that data.

There is a private corporation, Clearview AI, which is a business that scrapes billions of images of people's faces from across the Internet. It identifies these images however it can from whatever sources, public or whatnot, that it has and then sells these identified images to law enforcement agencies without the consent of the people whose faces and identities it sells.

These are examples of how both public and private institutions flout existing laws.

On the public side, we have seen how the Privacy Commissioner has been ignored by both PHAC and the RCMP. When knowledge of what they had done became available, it was clear that they had not followed the existing laws or consulted with the Privacy Commissioner. The RCMP even disputed the finding of the Privacy Commissioner that it had violated the act, treating it like some kind of matter of opinion with which it could disagree. It repeated that refusal to accept the Privacy Commissioner's finding at a parliamentary committee. The RCMP also used sophisticated spyware to hack cellphones. Again, it did so without consulting the Privacy Commissioner about the use of new technology and new investigative tools, which is required under existing law.

Therefore, we have a real problem with both businesses and the government, which does not take its obligations to Canadians' privacy seriously enough. The government has a problem with respecting Canadians' privacy, and it has a credibility problem around privacy-related issues.

In addition to these well-known breaches by law enforcement and law enforcement's casual attitude towards compliance with privacy law, there are enormous commercial incentives for businesses to use new technologies like facial recognition with artificial intelligence. We have studied these concerns at parliamentary committees, and we have heard experts testify about the dangers to Canadians from the potential misuse of artificial intelligence, both by businesses and law enforcement.

What happens when artificial intelligence goes wrong? Facial recognition technology has built-in biases. We have heard expert testimony about how the efficacy of facial recognition under existing software is best with middle-aged, white male faces. When an individual is a child, a senior, a woman or a person with a darker skin tone, these applications are far less likely to correctly match people. This may have life-changing consequences when we are talking about law enforcement, never mind all the potential commercial applications of AI for retail and other potential users.

In facial recognition, the images are often scraped from the Internet without the consent of the consumer. Consent and the system of consent are completely broken with privacy. This needs to be updated. I know that this bill tries to address this.

We all have these devices that are connected to the Internet. I think everybody in this chamber and most Canadians have had the experience of trying to obtain access to a new application or use a new device. One is confronted with an incomprehensible set of policies and disclosures with an “agree” button at the bottom. Even people who would actually undertake the painstaking process of reading through one of these enormous statements would generally get to the bottom and conclude they do not really understand what they are getting into. However, they need to proceed with whatever task is at hand, and they click “agree”. That is a very small number of people.

Most people just get to the bottom and hit the “agree” button. Nobody has any idea what they have agreed to. I think that a lot of Canadians are sadly resigned to the belief that clicking “agree” means giving up a part of their privacy. They know they are giving something up, but they do not really know what. They just shrug their shoulders and think there is just no way around it; there is no other alternative other than to hit the button.

There is no doubt that the consent model is thoroughly broken or that Canada's privacy laws need to be modernized. Does this bill cut it? I would say no. This bill is too vague. It has too few details and leaves too many unanswered questions to warrant support, even so far as a committee study. This bill is a missed opportunity to get something right that has long been wrong. The failures of the existing privacy laws have been known for a very long time. The government has had a long time to get it right, and it has not done so.

What we are debating is a bill that is consistently vague and leaves too many questions about what it does and what it fails to do. Furthermore, the concern is that if this bill passes, a number of these questions will simply be settled by the minister and departmental bureaucrats rather than through parliamentary oversight.

This bill still does not definitively answer questions about when and how consent for the use of personal information is collected. It talks about the need for plain language, which of course I agree with, but it offers significant exceptions and no details. The bill does not clearly define a series of new terms, including “sensitive information” as being distinct from other types of information.

Will this bill be compatible with the European Union's GDPR? Some call the GDPR the gold standard. I do not know if it is really golden, but there is a consensus that it is the best balance between commercial expediency and consumer privacy. We do not know if this bill is even going to meet up with it.

I wanted to get into a number of shortcomings that this bill has, but I am going to have to get to them in questions. However, I am not going to support it. It is not strong enough to warrant approval even as far as a committee study, although I understand the need for a bill that will address privacy.

With that I will let the questions follow.

Madam Speaker, 20 years after the need to see changes was shown, Bill C-27 is here.

The last time we saw changes, Facebook and iPhones did not exist. This is important legislation. Within it, to use a couple of examples, there are frameworks that allow for substantial fines and protection of Canadian privacy.

What we are hearing from the Conservative Party is that Conservatives do not want any of it. They are going to vote against the bill. The Conservatives are ultimately arguing that the bill is not amendable.

Does the member not see any value in the substance that is actually there to protect Canadians and empower things such as substantial fines?

Madam Speaker, while it is true that this bill contains the provision for substantial fines, who is going to be fined? Who would it apply to?

Will the tech giants, with their armies of lobbyists and lawyers, figure out the loopholes within all the ambiguity in this law? For a small business owner, who is not in the business of harvesting data but nevertheless must collect information to complete a transaction, will this just give more red tape and more potential liability while letting off the tech giants?

I do not know the answer to that question, and it should be clearer in this bill.

There appears to be a problem with the interpretation.

We will take a moment to fix the problem.

Things seem to have been fixed.

The hon. member for Trois-Rivières.

Madam Speaker, I just want to put a question to my hon. colleague from Calgary Rocky Ridge, with whom I worked on the ethics committee and who is knowledgeable about situations concerning access to information. It is a question that the people of Trois‑Rivières asked me when I was out in the community.

With the arrival of ChatGPT, is it not true that a large part of this bill will have to be rewritten because it has become obsolete due to this important change in the reality of access to information?

Madam Speaker, that is an interesting question, and the member may well be right. The bill certainly has a lot to catch up with. It has been, as has been pointed out, a long time since the existing law was updated. It seems to me that so many questions remain unanswered about problems that have been well identified by all sides in this chamber, yet they are not clearly and definitively solved by the bill. The emergence of new technologies, while we are not even coping with some that have existed for years, is a problem. We are in the third decade of the Internet age. A lot of this stuff is not new, and we are still catching up with decades of issues around privacy.

Madam Speaker, I am a little concerned with the Conservative position of not sending the bill to the industry committee as a co-operative approach to trying to fix problems in bills, which we are currently doing. I would like to know from the Conservatives exactly what it would take to at least move it to committee.

I have a lot of concerns about the bill. There are many issues that we have raised and spoken to. It is a fairly unfortunate position that we are going to leave it to Google and the Internet giants to basically rule over Canada, unobstructed, for the next couple of years, if we do not at least try to fix some of the problems that have been well identified.

Madam Speaker, if I was convinced the bill would do no harm, at a minimum, perhaps I would be inclined to send it to committee. I am not sure of that. If we send a bill that has this many holes in it and this many items that need to be fixed, I am not sure that can be done at committee. I am disappointed the government did not table a better bill.

Madam Speaker, I rise today to address the House with respect to Bill C-27, the digital charter implementation act, 2022. It is just a year or so behind.

Thirty-four years ago, the Supreme Court of Canada recognized that privacy was at the heart of liberty. Much has changed since 1989 and little more drastically than the continuous transfer of the private information of Canadians to other organizations. The questions we need to ask are these: What are the costs of and what are the benefits of the availability of Canadians' private information for the use of others?

Many organizations see themselves as supplying useful value to Canadians by being provided, whether by contract or by capture, private information that is not knowingly provided by citizens. Examples include service companies that recognize when a consumer might be able to save a percentage of their fees by bundling certain services. In such a case, the benefit of this information availability is shared by the consumer and the service provider.

Let us make no mistake. What drives the action by the service provider is profit, which is known as the greater share of wallet. Nevertheless, in such cases, the consumer sees the benefit of being included in the information sharing, whether they know it has occurred or they do not.

This apparently benign approach to gathering information has now stretched to our daily lives, where our computers, our phones and our in-home private intelligent assistants, like Siri and Alexa, are gathering information on us. When my sons are at their homes and use Siri, they say, “Siri, turn on”. They have figured out that Siri was listening the whole time. A lot of information is being culled. Do we know that our information, in that case, when we have not actually disclosed it willingly, is being used in a benign or creditable way? Which of that has become public information to be monetized by somebody else? That is what is occurring.

Large corporations are gathering data that is being sold to others for their own purposes. That supposedly benign relationship is now being passed to another organization, in that case, that is paying the information gatherer, and so on. There is no accountability mechanism to the individual for the benefit of the supply of one's information to flow.

There is only one measurement at play, and that is profit. One need only look at the incredible financial returns associated with these technological information-gathering companies, including the Googles, the Metas, the Amazons, etc. None of those are Canadian, by the way, and realize that the value-extraction industry is lopsided in their favour. At no time in human history have start-up companies, many without a tangible product, achieved such lofty valuations so quickly. Billionaires are created out of computer code, which provides what, exactly. It provides our information.

Value is created and destroyed in commercial markets. That is the economic engine that has led the western world to prosperity, but value is only traded in financial markets. Let us ask this: Is the culling and selling of private information, however obtained, creating value or transferring value?

In that respect, the intent of this bill is good. It is designed to modernize the protection of Canadians' digital privacy rights. It is past due, and it is important. It cannot be delayed by another prorogued Parliament or another unnecessary election call, as happened to the prior bill that was introduced to advance this issue in the last Parliament. The aim of this bill is good. The execution, I would say, is way off. I see a bureaucratic solution, designed by bureaucrats, for use by bureaucrats, with what would be a minor effect for the Canadian population in general. As we say, if you are a hammer, everything looks like a nail.

The design outcomes of this bill are increasing bureaucratic oversight. The personal information and data protection tribunal act would have six members and would be put together in a tribunal, three of whom would have experience in information and privacy law. Only three out of six, which is half, are going to have experience in the very laws that they would be overseeing.

This is going to be responsible for determining the severity of financial penalties. It would have a staff of 20 with a budget, along with a larger budget for the Privacy Commissioner, which already exists. Does anybody see any redundancy in this solution?

There is a litany of financial penalties listed through this bill and a host of requirements of all businesses, even small businesses, which are going to find the requirements of this bill onerous in the extreme. Joe's Garage is going to be treated with the same expectations as the Royal Bank and face the same potential penalties.

I will read from this legislation something that would scare any small-business person. This is about privacy management programs, as required under the legislation. It states that, “Every organization must implement...a privacy management program that includes the [organization's] policies, practices and procedures....”

It further states that, “...the organization must take into account the volume and sensitivity of the personal information under its control.” What does that mean, and how do we interpret that?

It also states, “...the organization must ensure, by contract or otherwise, that the service provider provides [substantially the same] protection....” Therefore, a businessman is going to need to ensure that something nebulous is not being provided by their service provider when forwarding information. Clearly, no one involved in this bill's design has even considered what this means for Canada's small-business community.

Here is the issue for Canadians. Who has the most information on Canadians? Governments, first of all. Who is likely to get information hacked? Those same governments.

This bill shows a complete lack of accountability by the government regarding how it might misplace or misuse Canadians' data. Is the government going to fine itself in such an instance? I doubt it. That would be a round-trip anyway, at that point in time.

Banks, secondly, have a lot of information about Canadians, and they use that information to increase their returns. They have large bureaucracies, large legal departments and government relations departments to stick-handle these fines. I should note, in this legislation, many exemptions are included. Therefore, we are building more bureaucracy. That is just what Canadians have elected us to do, I say very sarcastically.

On top of the 30% increase in federal government employees over the past six years, we are going to build more bureaucracy. What this bill should be doing is trying to strike a balance between business use of data and the fundamental protection of our privacy.

Let us quickly discuss some of the nefarious uses of digital information gathering. Let us go back to the pandemic, when CERB payments were given out to Canadians, and how many criminal organizations misused that government information to pilfer the pockets of Canadian taxpayers and get undeserved CERB payments into the wrong accounts. This is what happens when government information is pilfered, and this is the main problem with the privacy of Canadians' information.

My advice to the government is to get this bill moving. It is way behind other jurisdictions on this very important issue. Look at how the absence of privacy protection has affected Canadians, and take a look at where the value of Canadians' information has gone: to all the large American tech companies.

The government must listen to that input and the alternatives that are going to be put before it when it puts together this bill. Hopefully, the government amends this bill so it actually addresses the privacy of Canadians in a more complete manner. Listen to that input and to those alternatives. As the Supreme Court of Canada reiterated 34 years ago, Canada needs to recognize privacy as a right, so let us get to work in providing an outcome that actually safeguards Canadian's privacy.

Madam Speaker, I wanted to relate to the hon. member an experience I had back in 2014 or 2015. I saw something on Facebook that said it was Stephen Harper's birthday and to wish him a happy birthday, so I did. What the heck. I am a Liberal, and I know he is a Conservative. I disagree with what Mr. Harper did, but a birthday is a birthday.

Imagine my surprise when, after that, I saw posts online that put me down as a supporter of Stephen Harper. That did raise some questions among my family and others. That is an example of something that also needs to be paid attention to. How many times, for instance, have we been asked to fill out a personality test, or whatever, not knowing that we are giving all this information that could be used against us? I am wondering if the hon. member could reflect on that.

Madam Speaker, it is a very good question. Often, we differ on policies in the House, but it is still good to wish others here a happy birthday, no matter whether we differ in our policy positions one way or another. Cordiality, of course, is very common here. When we are saying happy birthday to somebody, I think it is recognizable that when we are on that website and filling out a form, people are culling that information. They are using it and they are actually interpreting it as something that we may not necessarily intend.

That is exactly what is happening in the world right now. How this bill addresses that concern is beyond me at this point in time, because we have actively given that information, and that is going to continue to happen. We have probably filled out the form or checked off the box that says that we agree to supply the information, and it is probably 60 pages long, about how to actually access that going forward.

This is something this bill needs to address. It is something it needs to address in a legitimate and concise fashion so that small businesses and individuals understand what that relationship is and how it transpires.

Madam Speaker, I thank my colleague for his speech.

I will repeat the comments I made earlier for another one of his colleagues concerning the very delicate line between the need to protect the personal information of each user on digital platforms and and digital services in every business and economic sector. There is also the issue of security and how to protect people who may be more vulnerable or more likely to be targeted by online attacks, or cyberviolence. We spoke about this yesterday during an interesting meeting with the two spokespersons for the StopCyberviolence campaign, who directed the film Backlash: Misogyny in the Digital Age.

I would like to know if my colleague believes that we are going to have to do some work to be able to identify and intercept cyber-attackers and to legislate against cyberviolence, while at the same time protecting the personal information of users of online services.