ETHI Committee Meeting

    Good afternoon, everyone. I hope you had a good week in your constituencies.

    First of all, I cannot overlook this special day. Today is Mr. Warkentin's birthday and I would like to take a few moments to wish him a happy birthday. Happy Birthday, Mr. Warkentin.

    Without further ado, we are going to continue our study on social media. As you know, we have two witnesses with us today and I thank them for joining us. We will hear from Mr. Gupta, President and Chief Executive Officer from the Information Technology Association of Canada, and Mr. Landry, Professor at TELUQ.

    We are going to start with two 10-minute presentations, one by Mr. Gupta and another by Mr. Landry. As usual, the question and answer period will follow.

    Mr. Gupta, the floor is yours whenever you are ready.

     Good afternoon, Mr. Chair, and my thanks to all members. I appreciate the opportunity to present at this committee.

    My name is Karna Gupta. I'm the president and CEO of ITAC, which is the Information Technology Association of Canada. We represent 350 or more companies across the country, but 65% of our members are SMEs.

    The ICT industry produces today about $160 billion of revenue for the country, and we make up probably 750,000 ICT and related jobs. It is a key to the future growth of the Canadian economy across all sectors. ITAC has long advocated a comprehensive digital economy strategy to improve Canada's growth and prosperity.

    Today I want to talk about three key pillars of that strategy in the context of privacy policy.

    First is innovation. When it comes to social media, we have only scratched the surface in innovation and spinoff benefits for consumers and businesses. Protecting personal information as this unfolds is essential. We need to find the best way to do this while promoting innovation and growth. Smart regulation is the second pillar of our strategy. The third is digital literacy. We need a national, digital skills strategy to help Canadians learn to use the tools for the 21st century effectively and safely.

    You have probably heard a lot about Canada's innovation gap. The ICT investment gap between Canada and the U.S. is widening. The labour productivity gap between Canada and the U.S. persists at 10% to 20%. In a 2012 World Economic Forum report, Canada fell in the innovation ranking to 21st place from 15th the year before. No other top-ranked country dropped that much.

    What does social media have to do with all of this? The adoption of ICT is the key driver for productivity, and the popularity of social media like Facebook, Google, or LinkedIn has spurred a tremendous amount of ICT development in all sectors. It shows an amazing potential for increased productivity and social change.

    Let's look at some of the economic numbers. The World Economic Forum in 2012 ranks Canadians in 13th place in Internet use but in 6th place in the use of social networks. It is estimated that by the end of this year 60% of Canadians will own a smart phone, a rise in phone ownership largely driven by the use of applications and social media.

    Canadians are adopting the technology, and we're well placed to capitalize on it. As for growth potential in the related industries, all of the current research predicts that Canada will add 70,000 jobs by 2015 as a direct result of cloud computing and more cost-effective ways of storing data.

    One of the most promising spinoffs for Canada is data analytics, the ability to interpret large quantities of information and seize the market opportunity to solve social problems. It is estimated that the worldwide market for these services will grow to $15 billion to $20 billion by 2015. Canada has strong expertise in this space. For example, the Ontario Centres of Excellence along with the federal government, IBM, and seven other academic institutions have set up a virtual network to help small and medium enterprises manage the data sets to solve critical challenges. In Vancouver, police use data analytics to coordinate leads and resource deployment to improve public safety. They claim that property crimes are down as much as 24%.

    Companies use data analytics to outperform their competitors and seek higher profits. Based on a recent survey, most companies that use cloud-based solutions outperform their peers by 68%. That's the link to productivity. All of this social media and social networking that spurs innovation drives productivity.

    This is also a highly mobile and a global industry.

    Our digital economy strategy needs to ensure that Canada is a destination nation for business to grow and prosper because the jobs and the economy we are talking about are highly migratory. They will go where all of the conditions are right. One important factor in ensuring this growth is a regulatory environment that supports what we call smart regulation.

    Let's talk about some of the issues around privacy. Canada's current privacy framework is seen as a model by several countries in the world. It does a good job in the crucial area of protecting personal information and promoting innovation. Our members and a number of other sources tell us that the framework works well because it is principles based and it's neutral across technologies or business sectors. They say that the current framework adapts to the fast-changing area of social media and related industries where we cannot anticipate the future applications. It is very critical to underscore that we cannot anticipate a lot of the future applications. They also say that consistent rules across all sectors are better for investment and compliance by companies.

    What do we have here? It promotes innovation by allowing collaborative and constructive dialogue with the Privacy Commissioner. New features come into play. This does not happen in the EU where the rules are more prescriptive. In fact, a study by one Harvard academic has found that the EU rules have led to reduced venture capital investment into companies that use online data.

    Also, it's effective. The Privacy Commissioner's guidance, rulings, and impressive collaboration with her international counterparts has achieved a real change. It shows by the strong social media adoption rate in Canada. Ranking number six in the world is quite impressive.

    Finally, I want to say a few words about digital literacy, another important pillar of our digital economy strategy.

    To grow and prosper, Canadians need the skills to make effective and safe use of digital data. Our members play an active role in this. I also want to applaud the Privacy Commissioner for her active role in educating Canadians on the use of online media. There is an excellent opportunity to leverage existing organizations, like ITAC, to help build on this outreach program. We can be used as a portal to help IT businesses, especially SMEs, to understand and comply with the privacy rules.

    In closing, Mr. Chair, the protection of personal information is extremely important and I know that our members take this very seriously. At the same time, Canada needs a digital strategy that promotes innovation and encourages businesses to locate here and grow here. As l have described, social media is helping to drive a number of our new and related industries in Canada, which shows great potential for our economy. It's at an early and fragile stage. We need to ensure that we have an environment that fosters these industries in order to realize that potential.

    I thank you for your time, Mr. Chairman.

    Thank you, members, for the opportunity to present to you.

    Thank you very much.

    Without further delay, I am going to give the floor to Mr. Landry, who is a professor at TELUQ, a distance-learning university, member of the Université du Québec network.

    You have the floor.

    Good afternoon, hon. members of the committee.

    My sincere thanks to you for inviting me here, today. It is both a pleasure and an honour to say what I came here to say. I think this is a particularly important and current topic. It is urgent that we take a consistent approach to deal with this issue in Canada.

    Before I begin, I would just like to reiterate that this presentation is both mine and Professor Leslie Regan Shade's, from the University of Toronto, with whom I prepared the brief that was submitted to you. So I speak for both of us, and I have no intention of taking credit for the work that we did jointly.

    As you know, the right to privacy is a human right that is absolutely essential. This right entails important concepts such as human dignity, reputation, honour and joie de vivre. Equally essential, the right to privacy is closely connected to the rights and freedoms that are critical to safeguarding our democracy. These rights include the right to freedom of expression, the right to freedom of association and peaceful assembly, and, of course, the right to participate in public affairs.

    It is generally acknowledged that the right to privacy has four broad dimensions. The first dimension is preservation of anonymity, meaning that a person is not identified or identifiable. Second, we have freedom from surveillance, which means not being monitored or watched by external entities. The third dimension is the preservation of a private space, which has to do with having a space deemed inviolable, a sanctuary. The fourth and last dimension of the right to privacy is obviously everyone's right to have access to sound management of personal information. It has to do with an individual's ability to control access, circulation, sharing and accuracy of their personal information.

    It does not come as a surprise when I say that the development of social media raises major problems for each of those four dimensions. That being said, our presentation today essentially focuses on the fourth point, the management of personal information, which is quite clearly considered as a fundamental component of the right to privacy.

    The protection of personal information calls for nine specific criteria to be applied. Everyone about whom information is collected should: be properly informed that information is being collected; voluntarily participate in the collection; be able to identify the actors who are collecting the information; know the ways in which the information is being collected; be able to identify the nature of the information collected; know what uses will be made of the information; be able to identify the actors who may have access to the information and the rules that govern the confidentiality of the information; be able to assess whether the information is properly protected; and be able to access the information collected and rectify or remove personal information collected elsewhere.

    We feel that those nine criteria should be used as benchmarks for assessing the measures taken by social media sites in order to protect the personal information of Canadians. But we are seeing many problems with that. One of the main issues with the protection of personal information on social media sites is the proliferation of standards and protection policies in relation to privacy. We are concerned about the lack of an exhaustive, clear and consistent framework that provides social media users with a set of clear standards on the protection of personal information. Users would then know what their rights are, regardless of the platform or social media they choose to use.

    That is why we conclude that it would be fully appropriate for authorities in charge of the protection of privacy in Canada to draft and adopt a social media site privacy charter, in partnership with Canadian civil society. All social media that have activities in Canada should comply with the charter.

    If time permits—please stop me if that is not the case—I will conclude my presentation by describing all the elements that, in our view, should be included in that type of charter.

    For now, I would like to talk about the problem relating to the protection of personal information on social media sites. We believe that this problem has three parts and that it largely stems from the business model preferred by social media sites.

    We believe that this problem has three parts and that it largely stems from the business model preferred by social media sites.

    Generally speaking, a social media site can create value and generate profits by monetizing its users' personal information. That is usually done in two ways: by charging interested individuals and businesses a fee to access the personal information of users and to interact with them—that is the model preferred by dating sites and some professional networking sites—and, more recently, through advertising offers that rely on collecting, handling and analyzing personal information available on social media sites.

    A social media site like Facebook aggregates an audience and it sells it to advertisers. That is its job, its business model. The specific nature of the product offered by Facebook to its clients truly relies on its ability to provide marketing and advertising products that are tailored to the tastes and preferences of every user. In other words, personal information is currently a currency of exchange between users, social media sites and their business clients. Any changes in the practices that govern the collection, analysis and handling of personal information therefore have a direct impact on service delivery and, in turn, on the revenue generated by businesses that use social media sites.

    In terms of the protection of personal information on social media sites, we have identified three components that each come with specific problems. Let us give you a quick overview.

    The first component has to do with collecting, handling and sharing personal information. In this regard, we have observed the following problems.

    First, minors, and more specifically children, are always vulnerable to the personal information collection processes used by marketing agencies. The development of games, interactive applications and marketing processes on social media is extremely attractive to children, who do not have the tools they need to effectively protect their own privacy. To our knowledge, there is no legislation in Canada to protect minors' personal information online from violations by commercial actors.

    Second, we are seeing an explosion in personal information collection and handling policies. Application and game developers are investing massively in social media sites. All these developers and marketing agencies have their own confidentiality and privacy policies. The rise in contractual agreements with social media users, resulting from the incorporation of applications in social media sites, makes it difficult for users to know exactly to what extent and which parameters are being used to protect their personal information.

    In addition, on certain social media sites, we are observing the absence of real control available to users for identifying and selecting the third parties that will be able to access their personal information and, where applicable, for determining what information is collected and denying permission to transmit that information. Once you agree to have an application on your Facebook page, it is very difficult to determine what the developer of that application will do with your personal information and who they will share it with. It is very difficult to maintain control over that information.

    There is also an absence of exhaustive studies of the risks that the new cross-tabulation and facial recognition techniques present for privacy and personal information protection. In other words, most users now have a number of accounts open on various social media sites. Each of those sites has its own purposes, its own objectives, and users have to figure out which confidentiality policies seem to best meet their needs.

    The risk is that, with the new techniques for cross-referencing data, you can track an individual's entire private life by multiplying the inquiries done on social media sites the user visits. The danger is there, and the problem is growing.

    Finally, we are seeing that social media sites are vulnerable to cyber attacks. For example, in June 2012, LinkedIn had six million user passwords stolen. In 2011, I believe, someone got access to the account of the Facebook president and founder and managed to reveal his most intimate photos in an entirely public manner. The issue of privacy on social media sites is not at all regulated.

    The second aspect of our brief and my presentation has to do with the information available to users on changes to the collecting, handling and sharing of personal information.

    In that respect, we are seeing that the problem is that there is a real lack of transparency about the real and anticipated effects of any change to the confidentiality parameters relating to the privacy of users who have accounts on social media sites.

    In the past few years, changes to the confidentiality parameters, which are often made unilaterally, have led to deep controversies and resistance within the user communities, have been of concern to privacy rights organizations and have led to class action lawsuits.

    Imposing changes to the confidentiality parameters on social media sites poses three very specific problems for users.

    First, it deprives users of the ability to determine themselves the level of protection they want to apply to their personal information.

    Second, the many changes to the confidentiality parameters generates real confusion over the years for users and decreases their trust in the privacy policies in effect on social media sites.

    Third, unilaterally imposing changes to the confidentiality parameters on social media sites shows the lack of healthy and productive dialogue between users and managers of social media sites on the issue of privacy.

    The third and final aspect of our brief focuses on education concerning the risks associated with social media.

    I would ask that you wrap up in 30 seconds please.

    Yes, fine.

    To conclude, there are basically six risks and pitfalls associated with disclosing personal information on social media sites: psychological and sexual violence, particularly targeting minors; cyberbullying, particularly targeting adolescents; re-identification, meaning the loss or absence of anonymity on social media sites and the disclosure of information deemed to be private or confidential; identity theft, which is a growing concern; employment-related dangers and risks; and lastly, multiple attacks on honour and reputation.

    In short, the problem is that for users to be able to coherently determine the parameters related to their privacy requires a very high level of technological literacy. Actually, only people who have the cultural, socio-economic and educational resources necessary are currently able to make enlightened choices about social media. The problem is that two classes of users are being created: one class of users who have the skills required to manage their privacy, and one class of users who are at risk of having their private life disclosed without their consent to various parties and third parties.

    If you have any questions during the question period about the principles of the social media site privacy charter that we would like to see established in Canada, I would be pleased to answer them.

    Thank you for your attention.

    Thank you very much.

    Without further delay, I will give Ms. Borg the floor. You have seven minutes.

    Thank you, Mr. Chair.

    I would also like to thank our witnesses for being with us today. The presentations were very interesting and quite relevant. We may have differing points of view, but it is a good setting to create a dialogue.

    Mr. Gupta and Mr. Landry, you spoke about the need to increase technological or digital literacy. Both terms were used. We've seen other countries, like Great Britain and Australia, in particular, develop certain strategies. They have invested a great deal in digital literacy programs to ensure that people have sufficient knowledge to make choices and change the criteria, if they wish, which is something that can often be done. You can authorize your personal information to be used for one thing but not another. However, you need to be very comfortable with the digital world to be able to do that.

    I would like to hear what you have to say about the situation in Canada and what we, as parliamentarians, can do to improve digital literacy here, in Canada.

    Thank you for your question.

    I know you attended the WCIT in Montreal. As you heard from the rest of the world, we live in an open world, so you cannot control everything and contain it in a lockdown mode. We need to make sure we have the ability to manage the risks that are out there.

    The Privacy Commissioner today is doing a very credible job engaging the industry, in setting up what the frameworks are, and what needs to be. The consultation process is ongoing.

    If you have specific prescriptive rules of a certain type, what may happen is you might be looking backward rather than forward. You have to change it every so often. This world is moving very fast.

    At the same time, you've all heard the terms “crowd sourcing” and “crowd funding”. If you want to spur innovation and growth in the country, you need to allow the digital world to come into Canada, live here, grow here, and nurture industries here. You have to be inviting.

    As a nation we need to strike a delicate balance, that we not only create a condition whereby we not only attract companies coming in and businesses grow, but at the same time we make sure we have the right protective tools and the ability to deal with them.

    For example, today any Federal Court has the power to award punitive damages if the company is out of line in any area. The Privacy Commissioner could lay down certain rules and guidelines if somebody is out of line. For industry not to be engaging in this conversation and just having a set of rules would be very difficult because again you're looking backward rather than forward.

    I'm not sure you fully understood my question.

    You spoke about digital literacy in your plan and in the digital economy strategy. That was under point 3. Do you have a specific vision for that part?

    Digital deliveries need to start at school. We are working with several organizations that are building programs today at a high school level and even at the polytechnic and university level to deal with the digital literacy that young people get into. It is no different from anything else that previous generations have learned.

    They need to know how to use the tools and what's important or not important to put into the digital world. Once you put anything out there it almost has a permanent life. That teaching and learning has to get in early, but you cannot quite say you cannot use it.

    At a very early stage, schools need to get into how the kids should use an online tool, whether it be games or anything else, their personal information, and what they can or cannot put in.

    When I talk to CCICT and other groups that are working in this domain, I hear the generation gap is playing a big role. Kids need to learn. We learned a lot from our own parents, but kids today don't get proper guidance from their parents because they are not quite as literate digitally as they need to be. The generation gap is a huge factor in terms of teaching our children what is appropriate or not in this new digital world.

    It is a major issue. Schools, the academics and the educators need to step in to do that, because they don't get that guidance at home. The kids at home get their guidance from across the street, but they don't know how to get online. There is a huge problem in that space.

    Thank you.

    Dr. Landry, would you like to add anything?

    There are three points I would like to make.

    First, there has to be a fundamental change in attitude, meaning, we need to stop seeing privacy protection as an expenditure for social media sites and other organizations. Protecting the privacy of Canadians is a long-term investment that will ensure better trust in the product by users and that makes it possible to drastically reduce the very real risks associated with cybercrime in particular. Protecting everyone's personal information is an investment, not an expense. Once we see the problem from that perspective, we will have already taken a huge step forward.

    Second, we are seeing that, in this increasingly digital society, we are quite simply reproducing social and economic inequalities. In fact, the privacy protection problems first and foremost affect all the most socio-economically vulnerable groups in Canada. So it is important to think about privacy as an issue of social and economic inequality.

    Third, we need a national privacy protection strategy for the digital era. It should be consistent, involve academics and independent organizations that focus on the issue, but it would also require extensive research, which should be of quality and subject to concrete applications that would enable Canadians across the country to better protect their privacy in a digital environment. Basically, it would be very important to establish this kind of national strategy.

    Thank you.

    Unfortunately, since this period includes questions and answers, your time is up.

    I will now give the floor to Mr. Mayes. You have seven minutes.

    Thank you, Mr. Chair.

    Thank you, gentlemen, for being here today.

    One of the requests from the Privacy Commissioner is to have the ability to impose fines. The fact is, enforcement is the only way to ensure that the rules are followed. In hearing that, Mr. Gupta, how does your association feel about giving that authority to the Privacy Commissioner?

    When we talk to our members today, their general commentary is that they're very engaged with the Privacy Commissioner in developing all of the framework. There is no need to put a predetermined fine relative to anything. The courts can do that, if there is something breached, so that authority is already there. The general consensus was that we do not need to create anything different. The Privacy Commissioner has the trust of the industry today and they work extremely well together on an ongoing basis. The industry's view is that they would like to see it stay that way.

    As I understand it, the Province of British Columbia, which is where I'm from, and Alberta have some order-making powers. Has the threat of that increased the compliance of the service?

    I have not seen any data to indicate that at this stage.

    Maybe I can address this to Mr. Landry. As far as enforcement and making sure we have compliance as far as privacy issues are concerned, should it be done through monitoring or through enforcement? Should it be regulatory enforcement or compliance-based monitoring? It really is beyond the capacity of government to even monitor this to make sure that we have compliance. Are we able to do that, and what are the costs? Have you any idea what you would need to really monitor social media for compliance?

    That is at the heart of the problem. You are absolutely right. It's extremely difficult, if only because of the volume of data being exchanged and the extensive use of the media today to adopt a perspective that allows us to manage everything. I think what we need, first and foremost, is a set of consistent standards that would serve as a framework and would very clearly require the various players, regardless of their business model, to respect the standards across the country.

    In addition, there must be increased accountability of those players to Canadian public institutions. We also need some non-judicial processes—and I stress the word "non-judicial"—to resolve conflicts between users and managers of social media sites. The lines of communication between the people who manage the sites and the people who use them must be improved. The lack of productive and non-judicial conflict management mechanisms create the tensions we are currently seeing.

    Above all, it is important for us that users be more involved in the dialogue on privacy issues. They know what problems they are facing and they have solutions. They have brilliant ideas that escape the experts most of the time. Let's start a dialogue with those people.

    Mr. Gupta, I'd like to get a sense here about the collection and marketing of personal information by social media providers. Is it part of a business model? Can they survive without that, with only the advertising that they have on their sites? It seems, and we've heard that as testimony from a witness, that part of the game is collecting data on people and then marketing it so they can derive a revenue stream and, through that, they could be compromising the privacy of individuals. What I'm asking is, the business model to make this profitable, does it rely on that personal information to the extent that they couldn't afford not to have it?

    There is a line to be drawn as to what personal information should not be compromised. The privacy framework we currently have has the principle that certain data should be deleted if it is no longer needed or intended to be used. That was passed by the Privacy Commissioner and most of the companies that are engaged in this discussion. The currency here is trust. They comply with that.

    Now, in terms of your other question on how the business model works, we, as consumers, also demand that things be sent to us based on our data. If I'm at the corner of Laurier and some other street, I would want to know where the closest Starbucks is. I would want to know where the cheapest gas is in town. I'm demanding that information on the other end, as a consumer, that the businesses need to send to me.

    It is a push-and-pull issue that is playing out here. If all of the data is removed, we, as individual consumers, cannot pull for a certain set of data we need to make our lives easier and to make a certain set of choices, purely from a marketing point of view, from what the companies provide. But there is a set of data that should be on the other side of the line, so to speak, and should not be disclosed. Again, the companies comply. After a time lapse, certain data is not passed on, and some is deleted after that. That line is constantly being negotiated, as we all know, between the Privacy Commissioner and the industry. It's an ongoing process as the market evolves.

    How much time do I have?

    You have 10 seconds left.

    Thank you.

    I will now give the floor to Mr. Andrews. You also have seven minutes.

    Thank you, Mr. Chair.

    Thank you to our witnesses for coming in today.

    I have two questions for Mr. Gupta and one for Mr. Landry.

    Mr. Gupta, when you talked about innovation, you talked about the spinoff benefits. Could you elaborate on that and give us some Canadian examples of the spinoff benefits? Do you have a dollar value for what you think these spinoff benefits are? Do you have any research in that area?

     I'd like you to elaborate on these spinoff benefits when it comes to innovation.

    There was a tradition, probably about three years ago, when a lot of the software development work went to India, Malaysia, and Indonesia, for labour reasons and other reasons. Nowadays, as the investors start looking at solving some of the problems, they often use what is known as crowd sourcing. They put it in the open world in terms of somebody telling them how to solve this problem. That becomes part of the innovation cycle for most of these young start-up companies in Canada. Pretty much in any sector in Canada, they use what is known as crowd sourcing to solve their problems.

    I'll take it one step further. This really started in earnest probably in Massachusetts and California. It's called crowd funding. It's now come north and to the rest of the world.

    You know about the issues with VC funding in Canada. Most of the start-ups in any of your constituencies are crying for venture capital funding to survive. A lot of the time they are surviving because individual investors come in with smaller amounts of money. I sit on some of the boards of these small companies, and they are raising funding from individuals. It is done with a crowd-funding model. They go out and indicate that this is the type of problem they are trying to solve for society or the business or in general in the market and ask if anybody is willing to invest money in this and come with them on this journey. The investment amounts could be somewhere between $100 to $10,000, depending on where you fall.

    Today these two are the lifeblood of Canadian business in the start-up community. Just in Ontario, there are 14 regional innovation centres. If you go to any of the regional innovation centres, whether it be MaRS, ventureLAB, or Communitech,crowd sourcing and crowd funding are the topics that come up all the time. This is a true input into our economy in terms of creating jobs, starting new innovation, and starting new companies. One of these days, these companies will grow into bigger companies. This has a real, measurable impact.

    Your second question was whether we know by dollar amount what this open-market model, using social media and reaching out to the market may look like. I don't know. It could be massive. The size of the worldwide market just for the data analytics, all of the research and that side of the business, is a very large number. It is approaching, as I mentioned in my opening comments, somewhere between $15 billion and $20 billion over three to four years. That's the size.

    If we want to play in the digital world, and if we want to be a knowledge-based economy rather than just a natural resources based economy, we need to play in that world and have all of the tools available to support that. I cannot give you a number as to how big the impact of social media or open platforms like that would be on the economy.

     My second question for you is about smart regulations. It's something that we've talked about at this committee.

    Do we regulate? What do we regulate? How much do we regulate? If you were to advise us to do any regulation, what would be the number one priority for you for a regulation when it comes to this?

    On this specific topic, I believe, from a regulatory point of view, what we have is probably sufficient. The tools are needed for the Privacy Commissioner at this point to go out and establish the framework with the industry, the academics, and the community at large, as to how it works. I'm kind of afraid to say what should be the regulation because it becomes too quickly a prescriptive model when we're at a very early stage of a new economy unfolding in front of our eyes.

    Any kind of pre-emptive regulatory process could make it actually hard for a business to grow. I'm just coming from a business point of view, how they'll react. It would be very hard to deal with it. Smart regulation in this sense is really to deal with it as things unfold, establishing the right framework to deal with it on an ongoing basis.

    As long as the commissioner has the tools to do that.

    Would you put any enforcement in with her tools? Currently there are no real fines or those types of enforcements.

    I think the tools that are there are pretty reasonable. If I was a credible business and the Privacy Commissioner went out to the market and said that I did not comply—and I think we as an association were on paper committing during a peer period discussion that we wanted disclosures to be done. If I was a company, and I was disclosed to be non-compliant, that's a tremendous penalty to the company, in terms of economics, loss of customers, market share, reputation, goodwill, you name it. It all goes down. There is a tremendous amount of impact to the companies for non-compliance.

    At the same time, you want the companies to be engaged in a conversation with the Privacy Commissioner on an ongoing basis to build what is needed, given that the technology and innovation is moving very, very fast. That conversation needs to be always ongoing on a regular basis.

    That's the input we have from our members. I think it kind of works well at this stage.

    Mr. Landry, in your conversation with Mr. Mayes, you talked about a dialogue for conflict resolution between the individual and the owners. It's nice to be able to have that kind of conflict resolution, but how do we ensure that this actually happens? Is there any way that we can demand, regulate, or have that conflict resolution? I'm not confident I follow exactly how that conflict resolution would actually occur.

    I'll give you about 30 seconds to answer the question.

    The first point would be to have very clear incentives from Canadian public authorities so that the large operators of social media sites who do business in Canada develop this mechanism on their own. You let sites and the businesses that operate these sites determine the mechanisms they want to put in place based on their experiences, their products and their business culture in order to have the best input possible.

    The idea of this type of mechanism will be a trial and error process. We don't have a choice. It will probably be a trial and error process. If it works well, it will lighten things up for the courts and will enable a more constructive dialogue. If it doesn't work, we will see that, meaning, that the complaints and concerns we have currently will continue.

    I would also like to raise a very important point. Canadians are currently very concerned about their right to privacy. That's a fact. In survey after survey, Canadians are telling us that they are particularly concerned about the current trend in the digital world. They are also indicating that they have very little trust in the confidentiality policies of the major social media sites.

    The rules do not currently work adequately. What we are seeing when there are solutions that go before the courts is that a very heavy burden rests on the shoulders of a few individuals who have the skills, resources or desire to set a precedent. That's not how you manage a large-scale problem. Our solution, which is to create a privacy charter that all big operators of social media sites should comply with, would include a formal commitment on the part of the big operators of social media sites to develop and put in place such procedures. They would have to determine how they would do it. The idea would be that there would at least be an initial step so that we would move away from a dynamic of confrontation and opposition to one that involves productive dialogue.

    I don't know if that answers your question.

    Thank you. Unfortunately, time is up, but we will be able to come back to that.

    Ms. Davidson, you have the floor for seven minutes.

    Thank you very much, Mr. Chair, and my thanks to our presenters this afternoon. Both your perspectives on this are interesting.

    Mr. Gupta, you talked about digital literacy and its importance. You talked about the generation gap, and there definitely is one. I'm not sure how we overcome that in a timely fashion. I think it's something that will evolve, but there will be some concerns and perhaps some damage done in the meantime.

    One thing you said was that our Privacy Commissioner has a good education program for companies, but you thought that ITAC could be leveraged to assist in this. Is that happening now? Is ITAC being leveraged?

    No, not today. The way we see it, it is a big part of the broader ecosystem. We believe that the message and the education needs to be pretty deep in all parts of the country and in every sector. We're going to be talking to the Privacy Commissioner's office. We are proposing a very broad-based membership. We do events and meet with businesses in all parts of the country. If ITAC can be leveraged as an association organization, we would be more than happy to be the portal to get the information and education out. If you want a broad-based approach, one of the ways would be to use ITAC as a portal, whether it's in a digital world or a real world part of the process, to get the message out.

    For example, we're working with EDC, a very credible organization that helps a lot of the young companies. Their services are still not reaching the small companies that need support. We approached EDC about using ITAC as a portal to get their message out, and we're in the process of negotiating how to do that. As an association of the private sector, we feel the private sector needs to take the ownership to get the educational message out.

    Do you have any recommendations for SMEs in regard to making easily understandable privacy policies? We've heard over and over again that you need to be a Philadelphia lawyer to understand these privacy policies. Do you have any suggestions?

    I think the point is valid. This needs to be written up in plain English rather than in legalese. In addition, it needs to be distributed as almost a code of business for businesses that are part of the ICT community.

    That information could be disseminated through ITAC and other organizations. For example, there is the Canadian Manufacturers & Exporters and the Canadian Marketing Association. Several associations across Canada could collaborate to get the message out, and it needs to be simple to understand. People going into it should be able to easily understand what the ground rules are, what they need to comply with, and how they move forward. They're looking for clarity, but most people don't know what it really means.

    Mr. Landry, you talked about the vulnerability of minors to marketers, and you talked about the explosion in the collection of personal information, with people not knowing who it's going to be used by, and the third party acceptance or denial. Can you talk a bit more about that, where you feel we are on that and what we can do to improve this situation?

    With pleasure.

    We feel the main problem is that there are so many policies on the confidentiality of personal information, sometimes on the same social media site and among platforms.

    Within a single site, like Facebook, dozens and dozens of different applications are offered. When you register for each of those applications, there is a confidentiality policy that you must agree to. When you have 15 or 20 of those applications, it is almost impossible for the average user to be able to specifically control access by third parties to their information. That creates a volume of confidentiality policies that is simply untenable for the average user.

    Add to that the fact that the average user often has a number of accounts on different sites. Each site has its own general confidentiality policy. Each of those sites also has third parties, such as game developers or marketing companies, that do business with them. You very quickly reach a volume that is simply unreasonable. It's unreasonable to expect that a user who is required to add more and more contractual agreements is a master, with full knowledge, of the decisions that are made with respect to personal information.

    If you take for granted the fact that very young children have access to these sites and use them and that these sites take them in when they don't have the training, resources, or skills necessary to pay attention to the information provided, you end up in a situation where the exercise of real control is just wishful thinking. Pushing this on the user, saying that it is the user's duty to take responsibility overlooks a policy economy of personal information that, among other things, operates on this generalized confusion on the part of the user.

    Furthermore, the issue of privacy for children is particularly serious. We are suggesting a national, pan-Canadian policy. It would also include a very clear component on critical media education, particularly digital media. It would be in the school curriculum, and children would be required to develop skills at a young age and early in their schooling.

    You know, there are two ways to see the problem currently. We can see the users of social media as consumers who want access to services, or we can see them as citizens. We can also see them as both. In the end, the final question, the question you are going to deal with, is which of the two you want to make a priority.

    Is your priority a group of consumers who have individual rights, or is it creating a body of citizens who are informed about their privacy?

    The two aren't incompatible, but they are both fundamentally under stress. It will be important to make a choice.

    Thank you for your answer. Unfortunately, your time is up.

    Mr. Angus now has the floor for five minutes.

    Thank you, Mr. Chair.

    Thank you both for coming.

    In 2004 Laurier LaPierre produced a very interesting report called “Canadian Culture Online: A Charter for the Cultural Citizen Online”. Mr. LaPierre was trying to respond to what was seen as the big issue of the time, which was how the traditional cultural industries were going to find their place on the worldwide web, as it was called then. Nothing was really done with that report, but I thought that the idea of a cultural citizen was a really important concept, the role of a cultural citizen and the rights of a cultural citizen.

    Mr. Landry, you talked about this charter of privacy. What do you see that this charter would do? How would it be built around the concept of an online citizen?

    Thank you for your question.

    The first thing the charter would do is create expectations. I think the industry would like that. Very clear expectations would be created for the industry, along with a framework establishing parameters for what we consider to be normal and usual privacy protection rules in Canada.

    Basically, expectations would be created in three highly specific areas. First, clarifications would be made to the procedures for collecting, processing and analyzing social media users' data. The current problem is a lack of transparency. Users don't know what is being collected, where that information is going and what kind of control they can have over that data.

    Second, as I already mentioned, we would also need ways to allow users to participate in the discussion process on privacy issues. Our approach would include much broader participation. A charter would aim to achieve not only greater transparency, but also greater inclusion in the decision-making process.

    Finally, the charter would provide specifically for companies' commitment to co-operate with the Canadian Parliament, provincial parliaments and various federal and provincial privacy protection organizations. Once those commitments have been made, we would establish a relatively consistent normative framework for the whole country. Businesses would thrive within a clear and specific framework.

    I disagree with the theory that giving businesses greater responsibility will scare them off. Doing business in the digital world and social media in Canada is currently very profitable. I am not at all worried when it comes to that.

    Thank you for that.

    I am interested in how you say we can look at users as consumers, or we can look at users as citizens, but something that has certainly been an eye-opener for us is that users are the product. They're what's being marketed. The more users you have, the more you can market, so there's a value to the person.

    When I meet with young people, they are very concerned about privacy. They are very aware of the issues. They're just not sure where they fit into this universe that they have basically grown up in where they are using a platform that has been phenomenal for growth but they're also the product on the platform.

    Without becoming too encumbering of the process and to allow this incredible revolution to continue, how do we reassure people that when they're on there, if they choose not to be a product, they're not going to be a product?

    My answer has two parts.

    The first is transparency. I urge you, please, to reread Facebook's privacy policy. Reading that policy will not provide you with any answers to the most difficult questions we are currently facing. So there is a problem with transparency. Social media site operators should review the ways in which they communicate their business model to their users and review the use of the data they collect.

    The other part—and we both agree when it comes to this—is that we will need an investment in a national strategy for citizen education on media and digital media. We need that strategy as quickly as possible, along with considerable resources and a vision of where we want Canada to be as a high-tech society in 10, 15 or 20 years.

    I think these are the two most important aspects.

    Unfortunately, Mr. Angus, your time is up.

    I was just getting started.

    You may be able to continue later, but for the time being, we move to Mr. Carmichael for five minutes.

    Thank you, Chair.

    Mr. Gupta, obviously we are into short timeframes now, so I'll try to be as tight as possible.

    Canada's data protection legislation encourages companies to work with regulators to resolve consumer complaints as well as regulators' questions. In your view, would this change if the commission were given more power, more authority to regulate, to play hard ball given a transgression by a social media company?

    When you ask for more power, we need to understand what that is.

    It could be financial. It could be just expanding the suite of powers the commissioner has available to regulate the industry.

    At this stage, most of our membership's comments about dealing with the Privacy Commissioner have been that they feel it is actually working well, because they are engaged. The Office of the Privacy Commissioner is quite engaged with the industry in regular conversation and dialogue as to what needs to happen.

    Actually, we've heard contrary to that, that she doesn't have that cooperation necessarily from across the industry. It's one thing to respond to a complaint, but there doesn't seem to be a lot of cooperation to have that complaint resolved and enact a penalty. The concern is whether we need to provide her, as one avenue, with a bit more power in order to ensure that the envelope isn't so continually pushed. Then they apologize that we have to have a way the commissioner can in fact exact some degree of response from the companies.

    It is possible. My suggestion and my response would be that it would probably be useful to have that dialogue with the actors around the table. Most of the credible organizations that are our members would be happy to sit down with the Privacy Commissioner to have the conversation, and if it's non-compliance, look for the ways that it may need to be resolved. If that includes disclosure, if that includes some other powers, that I'm sure will get accomplished.

    There could be any number of resolutions to that. We're also conscious of not stifling growth and stifling industry, and the business opportunity as well.

    I'm sorry, but in the interest of time I'd like to ask Mr. Landry a question. We've heard a lot about privacy issues relevant to social media companies and you've talked about it today, about multiple privacy policies within one company's site. I wonder whether you would support an automatic deletion or withdrawal from a site of one's information. Or do you believe that once an individual has provided their personal information to a social media environment, that's it, they're there ad infinitum?

    I'm not sure I understand the question clearly.

    We talked to one major social media site which said that they are building in an automatic deletion. If you want out of that site and you want to recover your privacy, your personal information, you can push a button and over whatever period of time—I don't think it's that simple—that information will be deleted and you'll recover your information. To whatever degree it hasn't been distributed, you get to pull back what information you may feel is creating vulnerability for you.

    Currently, that is not entirely possible. The information shared on that platform also ends up in thousands of different accounts. It is very difficult to establish traceability. For instance, if someone posts a photograph online, and it is downloaded by 15 of their friends, it will be downloaded by other friends because of the network. That cannot be controlled.

    However, there is a very clear database that contains the vast majority of our personal information. I think that database should be erasable upon every user's request. That is a matter of basic human dignity, especially when someone dies. That kind of an issue becomes very sensitive when a person is living with an incurable disease and no longer has control over the personal information shared online.

    So I feel that the very existence of that possibility, that power given to the user, is a matter of basic human dignity.

    Thank you, Mr. Carmichael. Unfortunately, to ensure fairness, I have to interrupt you after five minutes.

    I just got started.

    This may appear a bit sudden, but I now yield the floor to Mr. Boulerice, who has five minutes.

    Your sense of fairness contributes to your great reputation, Mr. Chair.

    I want to thank our two witnesses for their presentations and for being here. That's greatly appreciated.

    Mr. Landry, I would like to understand your statements better. You said earlier that you ask companies to implement measures they should test to improve their privacy and consent policies.

    Moreover, you are calling for a charter to which they would adhere. Are you telling us you want companies to self-regulate under a non-binding charter?

    I mostly wanted to say that I think corners should not be cut.

    Notwithstanding the discourse of the industry—which has a very clear problem in terms of privacy protection—currently, our main concern in Canada is the lack of a national standards framework within which businesses would operate. We suggest establishing a set of very clear standards—with very clear parameters—which companies would have to meet.

    In addition, companies would be asked to adopt effective measures. Those measures could be evaluated occasionally by Canadian public authorities, for instance, to determine whether those standards are being met. I don't see private stakeholders telling private companies how to organize the way they want to interact with their clients. A broad framework is required.

    Mr. Gupta, we have some concerns about privacy and personal information protection in the social media world. Many witnesses have told us this area is problematic. On last May 29, for instance, Commissioner Stoddart told us that she had started worrying about the obvious contempt certain social media companies have shown for Canadian privacy laws.

    Your comments lead me to believe that you think—and correct me if I am wrong—that this is simply the way things work in that sector and that, if we want to play the game, we cannot really change its rules.

    Is that your position?

    No, that's not what I'm saying. What I'm saying is that, first of all, this is an industry at a very early, nascent stage, and things that are unfolding and innovations that are taking place are happening very rapidly. Often we don't know what's going to happen tomorrow or in two weeks' time.

    The best thing we should do is make sure the actors are engaged in the conversation to figure out what makes the most sense.

    Based on what you know today, if you impose a set of very prescriptive regulations and restrictions, it will do more harm than good. It is important. I'm talking about mainstream, credible, organized business organizations. I'm not talking about a bell curve that includes the fringes on both sides. I'm talking about the organizations that are doing a respectful, good business with innovation in this area.

    You need to engage them in collaboration. With the Privacy Commissioner, several rulings have come out, and in all of them the industries were part of it. They applauded them, and by and large they followed them.

    Thank you for clarifying.

    Mr. Landry, are you suggesting a type of piecemeal confidentiality policy that would enable clients, consumers and citizens to select the information they authorize to be shared? For instance, if I am a fan of poutine, I may not want that information to be disclosed in order to avoid advertisements from poutine-serving restaurants appearing my Facebook page.

    Could that type of selection be made?

    I will respond by saying I should not be answering that question—users should. In my presentation, I stressed the importance of giving users more of a voice so that we can hear them better. If that suggestion is clearly expressed by users, Canadian regulatory authorities will at least take note of it.

    Currently, the issue is that many experts and people who have invested a lot in this sector are discussing privacy. The silent voices, those we do not hear, often belong to individual users. We need structures that help us hear their concerns and not the concerns of third parties who have an interest in the process.

    Thank you.

    Citizen Boulerice thanks you.

    I would also like to ask a question, really quickly. I don't often have an opportunity to do so. However, I will ask my question after Mr. Dreeshen is finished.

    Mr. Dreeshen, you have five minutes.

    Thank you very much, Mr. Chair.

    Welcome to our guests.

    We stated earlier how significant and important privacy is. Of course, there had been some discussion that consumers need to know there is a place where they can be protected and that their privacy can be protected.

    Of course, we also talk about digital literacy. I happen to come from an era when phones had party lines, and I knew the ring for ours was two longs and a short, which wasn't really too far removed from Morse code. Nevertheless, we're looking at that type of generation gap.

    You also made suggestions about the schools and how they are able to deal with these things. Until we come up with standards.... All the schools are doing it. It isn't a case of suggesting it doesn't occur now, but they're not really focused on any one particular area. I think it's important that we look at that, but also we should be able to use the commissioner's role as far as education is concerned to expand that.

    I would hope that all the industry actors would get involved in that, as well as the academics, to give her the sort of information that would be important.

    One of the other things that was mentioned is that we want Canada to be a destination for this particular type of industry. I believe it was mentioned that if the conditions are right, people are going to come here, so we have to make sure we get it right.

    A discussion also took place on the digital strategy. I assume that industry and all people who are interested in this will be looking at a digital strategy that's going to promote innovation. We also have to look at this from a worldwide focus as well, the cultural citizen. We're a cultural citizen of where? Is it simply our own province, our own region, our country, or is it global? I think that's significant as well.

    I was wondering if you could comment on the digital strategies that would promote innovation while still protecting the privacy as we see it and where we can get people working in this direction.

    Thank you for your question.

    I think a comprehensive digital society is probably at the very core of a lot of these issues. It's not only the social media; you're talking about e-commerce and you're talking about mobile technology. By and large, we are dealing in a global arena and fighting for resources to be successful. If I am building an industry or a company, I'm looking for a resource that can best deliver the product regardless of whether they're from Ontario, Quebec, or Hong Kong.

    On the global scale, we want to make sure that we have the conditions right to attract the top talent from everywhere in the world, so that they look to Canada as a destination place. We need to be the country where these innovations are spurred. We need to be the country where these industries are built if we want to build a knowledge-based economy.

    To create those conditions, we need to have the framework that supports all of the pieces. Privacy and the social media is only one aspect of it. The other aspects are equally important. We need to have the appropriate intellectual property regime. We need to have appropriate taxation policies. We need to have proper education standards. All of these dots need to be connected. When we look at a digital strategy, these are all part of the conditions. We cannot just optimize on one. All of them need to be dealt with, and that's what industry is looking for.

    One of the things we need to understand as we build in this world is that, fundamentally, the biggest part is the education. We all need to understand that if we put something online it is not always private. All communication is not always private. There is a separation of data that, as the professor mentioned, certain things are completely private offline, but anything you put online in terms of communication is not always private. It's online and it has a longevity much beyond what we're looking at.

    May I have your comments, Mr. Landry?

    I think Canadian public authorities should establish some requirements, but they could provide certain benefits to balance things out. First, a secure environment would be needed. We do expect companies to actively protect their users' personal information. In return, Canadian public authorities could provide them with a stable, consistent and welcoming regulatory environment.

    As for the policy-making process, the policies should be transparent, regardless of whether they apply to Canadian public authorities—and in this case, all stakeholders could be asked for their opinion—or companies. They would all be asked to be more transparent with regard to privacy issues.

    Next, we have the responsibility issue, which has to do with companies' ability to address any criticisms in an effective, prompt and satisfactory manner. A public stakeholder could do the same, thus establishing a consistent and productive dialogue.

    Finally—and we very much agree when it comes to this—the environment should enable businesses, encourage innovation and specifically promote the development of Canadian talent. This concerns support for small and medium businesses, which we think is absolutely crucial.

    Thank you, Mr. Dreeshen. Your time is up.

    I will yield the floor to Mr. Angus for the last five minutes.

    Thank you, Mr. Chair.

    This has been a fascinating discussion. I think one of the issues that we are trying to grapple with is the effect of risk if privacy is breached. This is a serious issue. We can develop as much as we want, but the risks to citizens are much higher now than they've ever been because of the ease of access.

    I'm concerned about two areas. One is in terms of fraud. Scams such as the 419 scam can track people now. They can find information. They can tailor their pitch to you in an e-mail or on Facebook based on specific points of data that would not have been possible before. We're not going to know about their ability to catch people because many people who are caught up in a fraud are just too embarrassed to come forward. This is happening all the time, and it's happening because it's not the good players who are breaching data, but other people who are breaching data.

    Mr. Gupta, given the seriousness of this, we're seeing that under Bill C-12, private companies should only need to report privacy breaches if it proves significant harm. That's a pretty high test. Don't you think that given what's out there, the Privacy Commissioner should be deciding whether a breach is something to be reported?

    I think when the original PIPEDA was passed by the legislature, we did go on record as part of the industry sector that agreed with the overall position of full disclosure on any of the major issues or breaches that came up.

    Now, in Bill C-12 they are looking at an amendment. We haven't quite gone through all of them, but it does require further dialogue with the Privacy Commissioner as well as the industry body. That's really where it is.

    We haven't done any more on Bill C-12 at this stage.

    Mr. Landry, the other element of worst case scenarios is what we see in the media with so-called cyberbullying, the tragedy of the Amanda Todd case. I've listened to a lot of talk shows on it and I've seen a lot of online media commentary. It seems that even our own digital literacy isn't all that clear on these kinds of issues. We talk about an extension of kids being mean in the schoolyard to kids being mean on Facebook.

    Amanda Todd was stalked by a sexual predator, who we believe was based in the United States. This adult destroyed this young woman's life. The police didn't seem able to track this predator, so he is still out there. Then we had the issue of her mother being an educator. This happened under circumstances where something could have been done.

    In terms of digital literacy, what do you suggest we do as parliamentarians? Is it just about education? Do we have to ensure that there are the tools to go after not just the kids throwing rocks on Facebook, but serious predators out there? Are there tools we need to bring us up to speed in the online world?

    How do we start to separate these issues so people know what we're dealing with? Cyberbullying is a broad word and is being used a lot, but I don't know if it is bringing us any further ahead in terms of the literacy of what's happening. What do we need to do? How do we empower young people and citizens to protect their privacy and create safe spaces?

    There is much to be done, and many avenues can be taken to address this issue in a way I deem satisfactory.

    First and foremost, I think we need an early educational strategy. By early, I mean as soon as children start elementary school. That is fundamental. We need a strategy where school curricula would include tools for professors to help them educate children on the risks involved in using new digital technologies.

    We would also need—and I am not looking after my own interests—structured research funded by public and, especially, independent powers on the challenges related to education on digital media, with evidence on all factors of key importance.

    In addition, of course, we need public resources where individuals, groups and organizations concerned by these issues could easily find all the tools they need for action.

    I think those are the three key aspects. Of course, the issue—and you know this better than I do—is resource investment for resolving this problem.

    Thank you, Mr. Angus.

    Your time is up, but I can allow Mr. Gupta a few minutes to answer your question.

    Thank you, Mr. Chair.

    Do you want me to give a closing comment or answer the question?

    You can answer Mr. Angus's question.

    Okay. I think the points are very valid. The issues are very serious in the arena of what is going on with young people and how vulnerable they are. Most of the industries take this very seriously.

    Several innovative technologies are being talked about within the industry, regarding how to create more parental control and the consent mechanism. Today a lot of it is not available.

    When the Privacy Commissioner meets with the industry groups, this is a very topical item. We talk about the innovative technologies they are looking at to provide the proper parental control.

    Going back to my earlier comment, the biggest thing, the educational part, is very critical to know at a very early age how online tools need to be used. We use online tools today almost like a babysitter. We hand the kid an iPod or iPhone while they are waiting in a doctor's office. They learn to use these things. Education is needed at a very early stage. Tech companies that we know, our members, are engaged with the Privacy Commissioner in terms of new technologies to look at consent forms.

    Mr. Gupta, thank you for your testimony.

    I have a short question for our witnesses. I am taking advantage now because I often don't have time to ask questions.

    Do you have any suggestions for the committee members regarding questions they could ask Facebook representatives? They should eventually appear before our committee. Do you have any suggestions on what the focus of such a meeting should be?

    Yes, I have a number of questions in mind. I would be curious to know what the company thinks about the information it provides its users for effectively protecting their privacy. Is that something they feel is important? Do they think the confidentiality policy available online answers users' key questions and, if so, why? If not, why?

    I would very much like to get a clear answer from them about that. Would they be interested in developing non-judicial dialogue and conflict resolution mechanisms? I'm talking about internal discussion processes that would make it possible to first change confidentiality parameters, obtain user input and avoid potentially serious public repercussions.

    I think that would be the fundamental issue. In short, do they want greater user participation in the establishment of confidentiality policies on the site?

    Thank you.

     Mr. Gupta, what do you think?

    Thank you, Mr. Chair.

    I think the main question I would frame for them, given today's discussion, is what they are doing from a technology point of view to provide control. At the end of the day, all of the things we talk about come down to the element of control at the user end and what kind of technology and innovation they're looking at to allow a level of control that could be managed at the user level. Then education can support and work at it. That's the technical question I would pose.

    Thank you for your time. This brings today's testimony to an end.

    As the committee members know, we have a number of other items on the agenda to discuss.

    I want to thank our witnesses. We may see each other again.

    Thank you.

    Thank you.

    I will interrupt the meeting for one or two minutes, and we will then come back with only the committee members to discuss the other items.

    We are continuing our meeting.

    I see that Mr. Warkentin would like to speak.

    Thank you, Mr. Chair.

    You were eager for us to begin.

    I know that we have a couple of things that we want to undertake, including some motions that would impact future meetings. I think it would be helpful for us to get an indication as to what we have on the schedule moving forward. I know that you would probably like to give us an update on that, but I think in order to do that it's best that we deal with that in camera, so I'm wondering if we could move in camera.

    The motion cannot be debated. Therefore, we will have to proceed with the recorded division.

    I will let the clerk conduct the vote.

    Mr. Chair, you had called the question before I heard anybody ask for a recorded vote. If you look at the rules, the request for the recorded vote has to happen before you call the question.

    I asked that before people even raised their hands. It makes no difference when it is asked.

    That's not how I see it, Mr. Chair.

    Mr. Clerk, you may go ahead.

    (Motion agreed to: yeas 7; nays 4)

    The motion is carried.

    We will therefore suspend the sitting for a few minutes to allow the technicians to do their job.

    [Proceedings continue in camera]