Debates of March 7th, 2023

Madam Speaker, I was hoping the hon. member could just elaborate a bit on some of the concerns around the personal information and data protection tribunal. It seems there is no justification for this tribunal. No privacy regime in the world has this tribunal. It introduces unprecedented levels of complexity, potential delays and uncertainty, so I am curious about the member's thoughts on this.

Madam Speaker, never in all my speeches have the questions been so astute as this. That is exactly the case. We have a tribunal now being created, with a whole bunch of people, six people, three of whom are going to have to know something about what they are talking about, which is ridiculous, quite frankly. It is actually six new people, when we already have a Privacy Commissioner who can do all of this work and, supposedly, accomplish something.

In addition, all the details of this are going to be in the regulations. There is nothing we are looking at here in Parliament that deals with the details, which are very important for us to look at, as well.

Madam Speaker, I rise today to speak about Bill C-27. I will focus on the artificial intelligence and data act, but before that, I would like to briefly talk about the overall digital charter implementation act.

Canadians have never been more reliant on the digital economy, yet the current privacy law was last updated over 20 years ago, before iPhones or Facebook even existed. In the new digital economy, enhanced privacy would not only benefit consumers but allow companies to innovate, compete and thrive. We are now at a juncture where, over the next few years, the rules of the road for digital privacy and AI are being written and entrenched. That is why it is crucial to have clear rules when it comes to this sector. For Canadians to prosper and benefit from the digital economy, they need to have confidence that their data is safe and trust that their privacy is being respected.

That is why the government has introduced this legislation, which would ensure that Canada has critical protections in place. Bill C-27 would ensure that Canadians have first-class privacy and data protection and that companies that break the rules face severe consequences, some of the steepest fines in the world. It would also hold organizations to a higher standard, in particular when it comes to protecting the personal information of minors by giving them and their parents more power over their information, including the ability to have it deleted. With Bill C-27, we are moving beyond traditional privacy protection to ensuring data control for all Canadians. Canadians can be reassured that we will never compromise on the trust and safety of their privacy.

Over the last decade, artificial intelligence technologies have been expanding rapidly and have been benefiting Canadians in a variety of ways. These technologies are evolving rapidly and with that, there is an increase in risk and harms due to the use of AI systems, whether intentional or unintentional. The artificial intelligence and data act, or AIDA, would establish rules to promote the responsible use of AI and the related governance practices. The framework would ensure that the development of AI systems has to include plans to mitigate bias and harm and that organizations are accountable for their practices.

The AIDA seeks to regulate international and interprovincial trade and commerce in artificial intelligence systems by requiring that certain persons adopt measures to mitigate risks of harm and biased output related to high-impact artificial intelligence systems. The act would provide for public reporting and would authorize the minister to order the production of records related to artificial intelligence systems. The act would also establish prohibitions related to the possession or use of illegally obtained personal information for the purpose of designing, developing, using or making available for use an artificial intelligence system in an intentional or reckless way that causes material harm to individuals. This would ensure that Canadians have strong privacy protections and clear rules of the road for business, as well as guardrails to govern the responsible use of artificial intelligence.

This bill would provide Canada with adequacy within the European Union's GDPR framework and international interoperability on privacy. Further, it would enable Canada to remain on the cutting edge of artificial intelligence development. This bill would help us to build a Canada where citizens have confidence that their data is safe and their privacy is respected, while unlocking innovation that promotes a strong economy.

The University of Toronto’s Schwartz Reisman Institute for Technology and Society studied this bill, and I would like to quote from an article written by policy researcher Maggie Arai:

As technology continues to advance and permeate almost all aspects of modern life, it has become necessary for regulators to grapple with how to best regulate it. New ways of collecting and processing personal information necessitate new regulations to protect those whose information is being collected, analyzed, and sold—often whenever they visit a new website or sign up to a new app like Facebook or TikTok. Advances in artificial intelligence (AI) are also top of mind for many regulators, posing unique risks and challenges that must be addressed. The recently tabled Bill C-27 represents Canadian regulators’ efforts on both fronts.

She goes on to say:

The Artificial Intelligence and Data Act (AIDA) is the federal government’s first attempt to comprehensively regulate artificial intelligence. Canada is not alone in this: AIDA comes in the wake of similar initial attempts at AI regulation by other governments around the world, such as the European Union’s 2021 AI Act and the United States’ 2022 Algorithmic Accountability Act. AIDA, like the EU’s AI Act, takes a risk-based approach to regulating AI. However, it is worth noting that Canada proposes categorizing AI based on whether it is “high-impact,” while the EU uses the language of “high-risk.” AIDA is also far less prescriptive than the EU AI Act. The draft Act is quite short, with much room left for the enactment of provincial AI laws as well as further federal regulation....

She continues:

A person becomes a “person responsible” for an AI system if they design, develop, make available for use, or manage the operation of an AI system in the course of international or interprovincial trade and commerce.

The major requirements contained in AIDA for “persons responsible” for AI systems include ensuring the anonymization of data, conducting assessments to determine whether an AI system is “high-impact,” establishing measures related to risks, monitoring and keeping records on risk mitigation, and requirements for organizations to publish a plain-language description of all high-impact AI systems on a public website. If at any time the Minister has reasonable grounds to believe that a person may be in contravention of these requirements, the Minister may order that person to conduct an audit into the possible contravention, or engage an independent auditor to conduct the audit.

She goes on to say:

The tabling of Bill C-27 represents an exciting step forward for Canada as it attempts to forge a path towards regulating AI that will promote innovation of this advanced technology, while simultaneously offering consumers assurance and protection from the unique risks this new technology...poses.

She also states:

There are also sections of C-27 that could be improved, including areas where policymakers could benefit from the insights of researchers with domain expertise in areas such as data privacy, trusted computing, platform governance, and the social impacts of new technologies.

She goes on to say:

To ensure that the powerful new technologies that shape our world today benefit everyone, it’s essential that our policies are well-informed—especially when it comes to how technical systems work, how they interact with our legal infrastructure, and how they impact society. As we approach the implementation of this landmark regulation, it’s critical that Canadians are engaged and informed on these topics and ready to make their voices heard.

I will now quote from an article written by the law firm of McCarthy Tetrault, which states:

Bill C-27, if adopted into law, is set to have a significant impact on businesses by creating new requirements for those who make, use, or work with AI. The bill imposes several new obligations on the AI sector which are backed by serious penalties for non-compliance.

Madam Speaker, I listened intently to the speech from the member for Nepean. I note that at the beginning, the member talked about the issue of children, and the minister went on about that in his opening speech. However, the bill is 124 pages, and do members know how many times minors are mentioned? It is once, and it does not define what a minor is. It says that a minor's information is “sensitive”, but it does not define what “sensitive” is.

Perhaps a member of the Liberal government could define for the House what a “minor” is under this proposed law and what “sensitive information” is, as it would say in the definitions section.

Madam Speaker, there are two things to note here.

One is the definition of “minor”. There is well-recognized legislation that has been adopted by various authorities and institutions on who a minor is, and I think that would be applicable here.

On the definition of “sensitive” and “sensitiveness” and other definitions related to these technologies, my view is that we should not cast in iron in the legislation the definitions of various things that are involved here, but leave it to the government and the regulators going forward to have the flexibility to define the various terms that are used in this legislation.

Madam Speaker, I thank my colleague. I would simply like him to answer the following question.

Since Quebec already has its own privacy legislation and it works very well, does my colleague not think that Bill C‑27 should clearly state that it will not contravene Quebec's legislation?

This should be stated in the bill.

Madam Speaker, the member is right that Quebec has an existing law, but this proposed law in no way would impede Quebec's ability to promote and act on its own law. In fact, this legislation would enable Quebec and other provinces to move forward with any changes they may need to make to improve their own laws to protect the privacy of people.

Madam Speaker, as the member knows, the bill is actually three pieces of legislation stuck together. I would like to get the his rationale as to why the Liberals chose that path, especially given that the first two pieces of legislation had some time in the House. After the NDP's question to the Speaker about the bill, we separated it into two different votes, because the artificial intelligence part in particular is new and requires different processes.

I think it is unfortunate that the Liberals could not find a proper way to bring this bill forward, and I would like his reflection on that, because it appears the Conservatives will not even support bringing it to committee. It appears as well that the Liberals seem intent on perhaps sabotaging efforts where there seems to be some consensus.

Madam Speaker, there are a lot of things that overlap all three pieces of legislation that put them under one bill, especially artificial intelligence, which goes beyond one particular domain. It acts on almost every aspect of the Canadian economy and of Canadian society, and it permeates almost everything else it touches. That is the reason the government has brought in one single piece of legislation.

Madam Speaker, this is my first opportunity to get in on the debate on Bill C-27 today, and I have to say that my thoughts resonate a great deal with those mentioned by the hon. member for Windsor West in his pointing out that this is three bills in one.

To focus on the part that is completely new, artificial intelligence, I find that there is a great deal of tautology when we look at the bill. For instance, it says that we will know what a high impact of artificial intelligence is if it “meets the criteria for a high-impact system that are established in regulations.” There are a number of other places like this, but we do not have regulations yet. When will we know what the bill means?

Madam Speaker, I agree with the hon. member that there are a lot of things that could be explained much better, and I am sure this will be looked into at the committee level.

With respect to artificial intelligence, it is very difficult to define everything in the legislation, because it is a moving thing. Artificial intelligence is evolving on a daily basis, which is why it is best that we allow it to be done through regulations.

Madam Speaker, we are here today to debate Bill C-27, the digital charter implementation act. With this bill, the government seeks to bring Canada's consumer privacy protections up to date, to create a tribunal to impose penalties on those who violate those protections and to create a new framework on artificial intelligence and data.

For my constituents, I think the most important question is this: Why are consumer privacy rights important? Our personal information has become a commodity in the modern world. Businesses and organizations regularly buy, sell and transfer our personal data, such as our names, genders, addresses, religions, what we do on the Internet, our browsing history, our viewing and purchasing habits, and more. This happens so often that it is almost impossible to know who has access to our sensitive data and what they do with those personal details. Unfortunately, this bill fails to adequately protect the privacy of Canadians and puts commercial interests ahead of privacy rights.

The first part of this bill is the consumer privacy protection act, and I will note, as many others have during this debate, that it is really three bills in one. It is the largest part of this bill and brings in new regulations on the collection, use and sale of the private data of Canadians. I will cover three issues that I have found in this act in the first part of this bill.

The first issue relates to how organizations may collect or use our information without our consent. Subclause 18(3) states:

(3) An organization may collect or use an individual’s personal information without their knowledge or consent if the collection or use is made for the purpose of an activity in which the organization has a legitimate interest that outweighs any potential adverse effect on the individual resulting from that collection or use

Without defining what a “legitimate interest” is, this subclause risks giving organizations free rein to define “legitimate interest” in whatever way suits their own commercial interests.

The second issue I will cover relates to how the bill would protect the privacy rights of children. Subclause 2(2) states:

(2) For the purposes of this Act, the personal information of minors is considered to be sensitive information.

However, nowhere in this bill are the terms “minor” or “sensitive information” defined. This will lead to confusion about how the personal information of children should be handled, and will ultimately lead, in my opinion, to weak protection of that information. There is also no other provision in this legislation that regulates the collection and use of children's personal data.

Every parent in the House of Commons is very concerned about their child going on Minecraft and about their interactions with other people and other gaming sites. This bill does not do enough to protect children in the context of online gaming.

The last issue I will raise in this act relates to when organizations can rely on implied consent to collect and use personal data. Subclause 15(5) states:

(5) Consent must be expressly obtained unless, subject to subsection (6), it is appropriate to rely on an individual’s implied consent, taking into account the reasonable expectations of the individual and the sensitivity of the personal information that is to be collected, used or disclosed.

This subclause highlights that the bill lacks a clear definition of “sensitive information”. This means that organizations will have free rein to determine when they can rely on implied consent, and they will be free to decide what information is or is not deemed sensitive according to their interpretations and not the legislation's interpretation.

The second part of the bill relates to the creation of the new personal information and data protection tribunal act. The bill would create a new semi-judicial body with the power to levy financial penalties against those who violate the CPPA, the first part of the act. I question whether this tribunal would be able to enforce the penalties outlined in clause 128, which are tied to global revenue and a proportion of profit in the previous fiscal year.

How does the government plan on ensuring accurate figures? Does the government really believe that it will go after Google in a global context, hold Google accountable and collect up to 4% or 5% of Google's global revenue? It is farcical.

We need very clear and very big amendments to this section. We need to question whether we even need a tribunal, because if it is in charge of enforcing clause 128 of the bill, I already know it is going to fail.

Under the third section of the bill, the artificial intelligence and data act, new provisions would be created that apply to the private sector. However, this bill does nothing to address the relationship between government and artificial intelligence.

Right now in Parliament, we are debating Bill C-11, which talks about the government's use of algorithms in the context of the CRTC. This bill has rightly infuriated Canadians across the country who are concerned about how the government would determine what people say and do on the Internet and where they would be directed. Why is the government not trying to apply the same standards upon itself as it is trying to apply on private corporations?

I want to address some other key oversights in the bill.

First, in the U.K., EU and even Quebec, certain personal details, such as race, sexuality and religion, are given special protection in comparison with other personal information. Why does the government believe the most identifiable aspects of our personal information are not worthy of being defined as sensitive information in the context of privacy law?

Second, the bill does nothing to regulate the sale of personal data. I am reiterating this point. In a world where the sale of personal data has become an integral part of our economy, why is the government not concerned with setting clear rules on how data and what kinds of data can be bought and sold, especially in the context of children?

Third, the bill fails to regulate the use of facial recognition technology. The RCMP used Clearview Al's facial recognition database, which was illegally created. Why does the government not think it is appropriate to ensure this never happens again?

Fourth, the consumer privacy protection act and the personal information and data protection tribunal act proposed in this bill are nearly identical to the acts proposed under last Parliament's Bill C-11. The consequence is that Canada's consumer privacy laws will be out of date by the time they come into force.

This bill was an opportunity to put forward strong regulations on the collection and use of personal data, but it failed to meet some basic criteria and thresholds. While the increased penalties for violating the act are welcome, they are watered down by the implementation of a tribunal that would take months or potentially even years to make a decision and levy fines. It is even questionable whether such a tribunal could actually do what it is purported to be responsible for.

Do we really need privacy legislation that fails to protect the privacy of Canadians? Do we really want privacy legislation that fails to put consumer interests ahead of corporate interests? Do we really want privacy legislation that fails to protect the personal information of children? Do we really want Al regulations that do not apply to government? Frankly, the government needs to withdraw Bill C-27, break it up into different parts and come back to Parliament after it has looked at the drawing board again and done something a little more comprehensive.

Madam Speaker, it is interesting that the deeper we get into the debate, the deeper the Conservative Party gets into disliking the legislation. I look at the legislation as something that will have a very strong positive impact in protecting the privacy of Canadians. Penalties are going to be put in, substantial financial penalties, even though the member opposite mocks them. There are other issues as well, such as the privacy management programs that businesses would have to put forward.

There is so much good stuff in this legislation, yet the Conservatives are prepared to say they do not care; they have other things on their agenda, and they are going to prevent this legislation from passing. Does the member not feel that Canadians deserve this kind of legislation, at least as a starting point, and that the Conservatives could do whatever they like afterwards?

Madam Speaker, why bring forward legislation that does not define “sensitive information” in the context of children? We all know this is a problem. I acknowledge this is a problem. Why not do the work right now? There are a lot of very talented public servants who could define “sensitive information” in the context of children.

In relation to clause 128 and the fines imposed on people who would break the Privacy Act, the Government of Canada wants the ability to go after global tech companies and ask them to pay the government a portion of their earnings from a previous fiscal year, but the government is not capable of doing that right now. It is absolute fluff.

Madam Speaker, I was curious to hear my colleague's opinion on apps that use games or quizzes to not only get information out of the people who respond, but also access their cellphone contacts.

Does my colleague think the bill should legislate that?

Madam Speaker, that is a very important point. I have a seven-year-old son, and he is starting to play games on my iPhone and whatnot.

We cannot say that Bill C‑27 will protect children because this bill does not include a definition of sensitive information, which we need.

Madam Speaker, what is unfortunate with the Conservatives' position on this is that they have raised some significant problems with the bill, but they want to stop it from going to committee, which is rather ironic. The suggestion is to hand the entire project back to the Liberals, their central party organization and their political infrastructure to start over as opposed to moving it to public debate, witness testimony and expert dialogue, which is necessary.

I am not willing to turn this entire project back to the Liberal machine, and that is what is unfortunate here. I can attest that his members in the committee are very good. We have heard speeches from the Conservatives saying that they want amendments. Why will they not bring the bill to committee and get those amendments? That is a better choice than turning it back to the Liberals, whenever that is going to take place.

Madam Speaker, I will note that I am on the industry committee with the member for Windsor West, and he provides a lot of intelligent insight and corporate knowledge to key pieces of legislation like this one. Unfortunately, we are in a situation today where the New Democratic Party has decided to support the Government of Canada on all key pieces of legislation. Therefore, even if the member for Windsor West has a problem with a key aspect of the bill, I am not confident the supply agreement between those two parties will result in good legislation.

That is why the Conservatives are calling on the Government of Canada to go back to the drawing board. At the end of the day, the New Democrats do not have enough money to fund a federal election. That is why they are supporting the Liberals, despite the poor legislation.

Madam Speaker, I am so pleased to rise today to speak to the digital charter implementation act, 2022. With Bill C-27, our government is showing leadership in a new digital world. Privacy is important to the residents of my riding of Hamilton Mountain. It is important to all Canadians. This legislation would not only benefit consumers, it would allow companies to innovate, compete and thrive.

The world I grew up in is significantly different from the world in which my son is growing up. This bill gives me confidence that we will be able to take advantage of the latest technologies, while at the same time be assured that our personal information is safe and secure.

I want to specifically talk about the consumer privacy protection act and how it sets out a balanced approach to compliance and enforcement.

Canadians clearly want their personal information to be handled responsibly, and they want meaningful consequences for organizations that break rules to gain some advantage. Canadians want fair punishment for truly bad actors.

According to a survey published by the Office of the Privacy Commissioner, 71% of Canadians have refused to provide their personal information to an organization because of privacy concerns. In an earlier survey, this same percentage of Canadians said that their willingness to share their personal information would increase if they knew the organization would face financial consequences should their information be mishandled. Such consequences are clearly an important tool for enhancing privacy protection for Canadians and also for helping organizations comply with the law right from the start.

The consumer privacy protection act, or CPPA, will assist companies to get privacy right and the escalating enforcement approach will correct problems as they arise.

The new privacy law incentivizes organizations to step up and improve their privacy practices at the outset. The CPPA will also provide the Privacy Commissioner with a key role in helping them do so.

Under the CPPA, businesses will be able to ask the Privacy Commissioner to review the policies and practices that make up their privacy management program, which will assist them in complying with the law. The commissioner can also ask to review such programs. This is a very important step in the early detection and serves to correct problems at the outset.

Privacy management programs cover a wide range of privacy considerations: how companies manage service providers; how they respond to breaches; when to undertake privacy risk assessment; employee training; complaint handling; and so on. Under the CPPA, the Privacy Commissioner will be able to examine these policies and practices outside of an investigation. The goal is for the commissioner to give advice and make recommendations.

The CPPA will prevent the commissioner from using what he or she has learned in these reviews in any enforcement action unless the organization willfully disregards recommendations. We think this would be very rare, but if it happens, action can be taken.

The approach provides an appropriate space in which the commissioner can provide advice and companies can take proper action. At the same time, the commissioner will be able to gain insights on how the law is implemented in real-world situations, thereby being able to better advise organizations on the challenges they may face in the privacy space.

Essentially this approach builds on the Office of the Privacy Commissioner's current business advisory function, which has proven successful in encouraging compliance through engagement rather than enforcement. By allowing for the review of privacy management programs, the CPPA provides businesses with a safe place to seek and obtain advice and implement compliance solutions at the onset. We believe this will help prevent privacy issues before they have an impact on individuals.

We know Canadian companies will be very interested in this part of the new law, particularly smaller companies and start-ups, and I can probably think of a few in Hamilton Mountain.

The CPPA recognizes that a one-size-fits-all approach does not work for privacy. Some organizations deal with minimal amounts of personal information; for others, it is central to their business model. That is why the CPPA allows organizations to develop their privacy management programs according to the volume and sensitivity of the personal information that they handle, and why the commissioner must also take this and a company's revenues into consideration during the exercise of the role under the law.

Another important protection under the new act is the ability of the Privacy Commissioner to review the risk assessments and mitigation measures that organizations must do if they rely on a brand new exception to consent for activities in which they have legitimate interest.

Under the CPPA, the Privacy Commissioner will continue to undertake research and publish guidance. It is a long-standing role and important in helping organizations meet their compliance obligations. It is a role that we wholeheartedly support.

The bill would ensure that organizations build privacy considerations into their products and services from the beginning. Working with organizations, giving guidance, this is a fundamental role of the Privacy Commissioner. We want to be proactive here. We want to prevent problems before they have a harmful impact on individuals.

However, there will be organizations that do not have the right practices. There will be others that have the right practices but still make mistakes. This law provides individuals with the right to complain about an organization's privacy policies when they appear to be offside with the law. The right to complain is considered to be a fundamental principle in all privacy statutes.

Under the CPPA, like PIPEDA, the Privacy Commissioner also retains the ability to initiate a complaint investigation when there are reasonable grounds to do so. This is an important role because filing a formal complaint is not always obvious. Maybe some people will not know there is a problem; maybe they do not have time to make a complaint. This is where the Privacy Commissioner should be able to take action when intelligence gathering from media reports and their own research indicate that there could be potential trouble.

CPPA encourages the early resolution of problems and provides for dispute resolution. Over the years, through its active early resolution approach, the Office of the Privacy Commissioner has successfully been able to resolve many complaints with limited formality.

The CPPA maintains such tools for the commissioner. For example, compliance agreements, introduced relatively recently under PIPEDA, remain in the CPPA. Pursuing these agreements allows companies to work out an acceptable resolution with the commissioner, without the commissioner resorting to more formal measures, like orders. However, resolution will not always be possible or desirable. Sometimes the commissioner will need or want to consider stronger measures.

Under CPPA, the commissioner will have the power to issue orders to compel an organization to take necessary actions to bring the organization into compliance. This is a new power and a key improvement over PIPEDA.

Prior to issuing such orders and to ensure fairness, the Privacy Commissioner's office will need to go through a new process, called an inquiry. Once the inquiry is completed, the commissioner will issue findings and a decision, and will make orders as necessary to an organization to change its privacy practices.

As part of this process, the Privacy Commissioner may also recommend administrative monetary penalties to a new tribunal for certain contraventions of the law. The possibility of significant fines for non-compliant organizations, fines of up to 5% of global revenue or $25 million, whichever is greater, for the most serious offences, is another key improvement over PIPEDA.

A key part of the new enforcement regime, the personal information and data protection tribunal is being established to hear appeals of the commissioner's decisions. If required, it will also decide whether to issue a monetary penalty and, if so, the amount.

Industry stakeholders say that we need impartiality in enforcement decisions, given the different roles of the Privacy Commissioner. This was particularly the case for any proposals involving monetary penalties, which have the potential to significantly affect an organization.

The new privacy law will support additional due diligence in decisions to impose monetary penalties by introducing an inquiry phase before issuing orders, and by separating the imposition of penalties from the commissioner's other responsibilities.

We know that some organizations will challenge the commissioner's orders and recommendations, and we do not want to burden the courts. This is another reason for introducing a new tribunal. It is intended to be more accessible than the courts. It will ease access to justice for the individual and the organization.

After the previous version of this bill was tabled, stakeholders told us it needed more privacy expertise. We listened and this version of the CPPA has the necessary privacy expertise to ensure credibility.

Madam Speaker, I appreciate that the member has been participating in the debate today.

One of the questions that I have is, if this is really about protecting the personal privacy of individuals, why this bill has so many exemptions for businesses. It allows, in subsection 18(3), the legitimate interests of businesses to override the interests of an individual. In subsection 15(5), it allows businesses to use implied consent, not real consent, to override the interests of personal privacy.

Why is it that personal privacy is not part of the purpose of the bill as a fundamental right?

Madam Speaker, this legislation needs to be flexible. As I mentioned in my speech, it applies not only to big corporations but to smaller companies and companies that use a lot of personal data as well as companies that use very little personal data. It has to be flexible. It has to be able to work in different situations. It has to be able to work in the future because, as we have seen, technology advances very quickly. We need legislation to be able to adapt regardless of the changes in technology that are happening before we can change the laws to accommodate.

Madam Speaker, I think my question will resonate with my colleague. Personal information protection and security are very important to me. I myself was recently a victim of credit card fraud. I bought a nice couch that I did not even shop for myself. Handy, right?

Anyway, as much as I recognize the importance of protecting personal information, I also recognize the importance of protecting victims of cyberviolence. We will be studying an online hate bill soon. My colleague and I may have to work on a way to identify offenders, individuals who attack people online and hide behind anonymity.

Does my colleague think the legislative measures in Bill C‑27 could make it harder for us to adequately legislate online hate?

Madam Speaker, I do not think this bill is going to create any issues for the other bill that we are going to look at in committee. I think there are a number of measures that need to be put in place to deal with the problems of the digital world that we face today.

Madam Speaker, I just have a question for the member. She brought up Google before, but I will quote Jim Balsillie again.

I want your response to his statement that “Canada’s federal government has repeatedly failed to take privacy seriously and construct a legal and regulatory framework that protects the rights of Canadians in the digital age.” How do you respond to that?