Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 15 of 75
Daniel Therrien
View Daniel Therrien Profile
Daniel Therrien
2021-06-21 11:28
Thank you very much.
The next year will be an important year of transition for privacy law in Canada and for the Office of the Privacy Commissioner. I intend, during the next year, to continue to comment on legislative proposals that are being made, or may be made, both in private sector privacy law and possibly in public sector privacy law. Indeed, there was a consultation paper published by the Department of Justice in the fall of 2020 that outlined a good plan to reform the public sector Privacy Act. Therefore, first and foremost, I intend in the next year to continue to provide comment and advice to parliamentarians on the legislative proposals.
In addition, although we don't yet have, of course, the precise content of these laws that will eventually be enforced in the private and public sector, we were starting to have a good idea of some of the new roles that the Office of the Privacy Commissioner might have under reformed laws. Although this is early days, what I intend to do in the next year, given the fact that I know the Office of the Privacy Commissioner a little bit, is to prepare the office to inherit these new responsibilities. By that, I mean the order-making authority that is found in Bill C-11 and that is also mentioned in the justice department's consultation paper for the Privacy Act.
What does that mean in terms of structure and the OPC? How separate should adjudicators be from investigators? I ask this because we currently do not have adjudicators making [Technical difficulty—Editor]? What should be the profile and competency profile of adjudicators once we inherit these responsibilities, if we do?
I'll mention one other element in terms of organizational structure. Bill C-11 speaks to a greater role for the OPC in engaging with stakeholders. We have already in the past engaged with stakeholders on many policy documents. I'm thinking of the consent guidelines that we published a few years ago. I'm thinking of the proposals we made for artificial intelligence more recently. We're not foreign to the idea of consulting stakeholders before publishing important documents, but Bill C-11 certainly sends the signal that there should be more of that, and we welcome that. We want to give some thought in the next year to how we will proceed to engage with stakeholders once new legislation is enforced.
Beyond legislative reform, I'll mention very briefly, as you know, that we published a special report a week or two ago on the issue of facial recognition, which includes draft guidance for the police. We intend to engage with the police, and also civil society and other stakeholders, on that document. In the next year, we hope to be able to finalize it jointly with our provincial colleagues, because this is obviously a very important privacy issue.
Let me stop here.
I will try to answer your questions.
View Patricia Lattanzio Profile
Lib. (QC)
Thank you, Mr. Chair.
Thank you, Monsieur Therrien, for being with us once again today.
Some of my questions are with regard to the possible enactment of Bill C-11, which would significantly increase the power of your office in terms of the fines that you can recommend be levied and your ability to certify the data protection codes of practice of companies or organizations as compliant. I understand that you're concerned about a new panel that would in fact levy the fines you recommend and that would be appealable, but given that you have been calling for stronger enforcement laws for years, isn't Bill C-11 a positive step in that direction?
Daniel Therrien
View Daniel Therrien Profile
Daniel Therrien
2021-06-21 11:39
Bill C-11 includes the authority to make orders and, as you say, to recommend fines. Is it a step in the right direction? I think the overall goal should be to ensure that Canadian consumers have access to quick and effective remedies when their privacy rights are breached or violated, and as we tried to explain in our submission, in most cases we think that the imposition of administrative penalties would result, on average, seven years after the violation has occurred. Is that a step forward?
Personally, I don't think so, particularly when the list of violations that can result in fines is extremely limited, contrary to the laws of other countries, and excludes the most central provisions in privacy law, which are obtaining consent meaningfully and for organizations to be accountable in the way they handle information. The extreme narrowness of the scope for offences and violations and the extremely long period leading to the potential imposition of a fine makes me say that this needs to be reconsidered completely.
Daniel Therrien
View Daniel Therrien Profile
Daniel Therrien
2021-06-21 11:41
First of all, it would be that most if not all contraventions of the law should be eligible—let's put it that way—for administrative penalties, as is the situation in most other countries that have penalties. There are modalities that we can discuss if we have time, but the rule should be such that essentially all violations lead to fines if the proper authority determines that the law has been violated.
In terms of who decides between the OPC and the appeal tribunal that is proposed in Bill C-11, it is certainly possible for Parliament to create an appeals tribunal, but in privacy matters this would be, to our knowledge, exceptional. We do not know of any other jurisdiction that has such a tribunal, which is not to say that I am not concerned, obviously, about the fairness of the process under which companies would have to pay fines. If the OPC had that authority and there were no administrative appeal as proposed, the courts could intervene and control the legality and fairness of the process undertaken by the OPC. That system of the privacy regulator being authorized to impose fines subject to judicial review by the judicial courts is the normal structure in privacy laws, and we would recommend that it be adopted.
View Patricia Lattanzio Profile
Lib. (QC)
Would you not say that our fines are among the highest in the world? That would be a subsequent question I have for you.
More importantly, I would also like to ask you the following question. You've called for Bill C-11 to be grounded as a law in human rights. Should Parliament wish to amend it to do this, how can it best do so without infringing on provincial jurisdiction and the risk of constitutional challenges?
Daniel Therrien
View Daniel Therrien Profile
Daniel Therrien
2021-06-21 11:44
In the submission that we presented to your committee about a month ago, we addressed that important issue. We recommend the addition of preamble and purpose clauses in a new law that would firmly ground the federal legislation in trade and commerce. This could be done by having explicit language in a preamble or purpose clause to indicate that the purpose of the federal private sector law—Bill C-11 at this point—is to ensure viable and sustainable digital commerce by protecting privacy.
That would set the purpose of the federal law squarely in the jurisdiction that Parliament has under trade and commerce. Once that is done, then Parliament can legislate to protect privacy in the best way that it feels should be part of that law. If Parliament so decides, that could include, without infringing on provincial jurisdiction, a rights-based law.
View Marie-Hélène Gaudreau Profile
BQ (QC)
Thank you, Mr. Chair.
Mr. Therrien, let's continue in French. I have a few comments to start with.
First, I would like to thank you for your impartiality and to congratulate you on your role as commissioner. We need your input to do our work. I am very grateful for that.
I am also grateful for your co‑operation with our counterparts in other provinces, for going to see what is going on elsewhere and also for seeking to understand legislation in other countries.
In 2019, I did hear your request about fundamental reform. As a committee, we clearly had to adjust.
However, I am very concerned. Yes, [Technical difficulty—Editor] in the first part of the session, my motion had been clear that we need to stop checking people's social security numbers and make sure that we use other means to check identity. Many private companies are already doing this.
We didn't get to see Bill C‑11 go through, but how would that bill have contributed to your desire for reform? At the same time, how do you see the coming months, as your precious time is running out in the coming year?
Those are the first questions I want to ask you.
Daniel Therrien
View Daniel Therrien Profile
Daniel Therrien
2021-06-21 11:48
With respect to Bill C‑11, I would refer you to the brief we submitted a month ago.
The current Personal Information Protection and Electronic Documents Act (PIPEDA) is essentially an act that originally incorporated into federal legislation an industry code of practice that was created a little over 20 years ago. So the current wording of PIPEDA is very much a repeat of that code. A code of practice is a code that is intended to improve business practices, but it is not written like a law. Bill C-11 is certainly a step forward. The structure of the bill is adequate, in terms of its content, to raise the appropriate questions.
That being said, we clearly have a lot of concerns about the content and the answers that the bill gives to those questions.
For example, what should the rules be on consent? What should the rules be on corporate responsibility? What should the powers of the commissioner's office be?
The starting point of the structure of the act is good, but a lot of work remains to be done. Looking at it broadly, I would say that the work before you, and before us, is to protect the right to privacy as a human right, as it should be. That's my view.
Beyond that, we need to find the right methods to help Canada ensure that data, including personal data, can be used in the public interest while protecting privacy. I think that's the overall goal. Public authorities have a responsibility to ensure that, in the 21st century, laws are drafted in such a way that we, as a society, can enjoy the benefits of the digital age, but in a way that protects privacy. That's how—
View Marie-Hélène Gaudreau Profile
BQ (QC)
With respect to Bill C‑11, my understanding is that we cannot be against motherhood and apple pie, because steps need to be taken. Clearly, we, as legislators, should quickly put forward the reform. We see reports from other countries that have moved forward, and we are a little behind. What I understand is that, regardless of current events or partisanship, if we are concerned about fundamental rights, we should make this a priority.
There is also the issue of facial recognition, the data and images that are used. I am very concerned as an individual, but also as a legislator. When I'm asked about what we have done to properly protect people, I'm a little embarrassed.
Do you agree?
View Charlie Angus Profile
NDP (ON)
In the RCMP documents on Project Wide Awake, they have a [Technical difficulty—Editor] their officers, “You have zero privacy anyway, get over it.” It suggests to me a disregard for the law. As well, the RCMP took the position that they weren't responsible for the fact that Clearview AI, as a private sector partner, broke the law. If they were using it, it wasn't their problem. You stated, “In our view, a government institution simply cannot collect personal information from a third party agent if that third party's collection was unlawful in the first place.” That would seem to me to be a pretty clear reading of what Canadian law should be, and yet they seem to think they weren't obligated.
We have this new law, Bill C-11, which is supposed to clarify the uses of technology, but Minister Bill Blair, when I asked him about this, said they were certainly looking to give the police tools to use. Are you concerned that Bill C-11 would allow the RCMP to ignore these basic principles of privacy law and would allow them to contract with third party operators like Clearview AI?
Daniel Therrien
View Daniel Therrien Profile
Daniel Therrien
2021-06-21 11:58
I would answer with respect to the two relevant clauses.
In terms of the RCMP, to the extent that the principle that we outlined, i.e., that a federal department or institution should not rely on information that was obtained illegally by a third party partner, if that's not clear and the RCMP argue that it is not clear, then what needs to be changed is the public sector Privacy Act. That's point number one.
In terms of the particular use of the Clearview technology, Clearview also was, and I think still is, arguing that its database was created to assist the police and other institutions in law enforcement against crime. The company sees that as a legitimate purpose. There's no question that to develop some tools to assist the police to enforce the law is legitimate, but neither the police nor the private sector can or should do anything they like, regardless of privacy protection. That's point number two.
In our submission on Bill C-11, we ask that Parliament does make clear, with a technology like Clearview, which in our view constituted mass surveillance, that the law be extremely explicit, and that this is contrary to private sector privacy law as well.
Daniel Therrien
View Daniel Therrien Profile
Daniel Therrien
2021-06-21 12:21
At the beginning of my mandate, there was a lot of emphasis on public and national security issues, and on measures that followed the events of September 11.
The Snowden phenomenon highlighted certain government practices. It's not all perfect, but we have made progress on those issues. Legislation has been passed to raise the bar on which departments [Technical difficulty—Editor] for national security purposes. Most importantly, independent oversight bodies have been established and are now in place within the public service and within Parliament. As I mentioned, not everything is perfect, but significant progress has been made.
In recent years, with Facebook, Cambridge Analytica and all the rest, there has been a lot of focus on what some call surveillance capitalism, where companies collect, process and disclose a lot of information about their consumers to provide services, but also to make money, of course. That is where we are at now, which is why it is extremely important that these issues be properly regulated through Bill C‑11 or its successor.
I have to say that recently we are seeing more and more public‑private partnerships. Clearview AI and the RCMP are just one example among many. This leads me to suggest that you think seriously about the relationship between the public sector and the private sector in terms of sharing personal information, and the idea of the same legislation governing both sectors, which we think would be extremely desirable. If two laws are used, it would be best if they had very similar principles, because data has no geographic borders and no boundaries between the public and private sectors. It is important that similar rules govern both sectors.
I would add that, to maintain the confidence of the public and consumers, it is essential that [Technical difficulty—Editor] result in penalties that are proportionate to the magnitude of the impact of the privacy breach on privacy. Order powers and consequent fines are therefore crucial. The reason for recommending substantial fines is not to be punitive. Rather, it is to ensure that the consequences for people whose privacy has been breached are proportionate to the consequences for the companies involved, so that, over time, imposing such a regime will result in governments, departments and companies properly protecting the personal information of the public and consumers.
Daniel Therrien
View Daniel Therrien Profile
Daniel Therrien
2021-06-21 12:30
Yes. We think that for Canada to be competitive—and the government underlined this in Bill C-11, and I would completely agree.... We have a confidence problem, a trust problem. Consistently Canadians, at the level of 90% or so, have expressed their concerns that privacy is not currently respected. They continue to use the Internet, because frankly you cannot live outside of the digital world in 2021. However, they still have important concerns, so we have a trust issue.
In order to deal with the trust issue, you need to have laws that enhance trust. That means ensuring that with regard to privacy laws, rights and values, consumers and citizens see that the legislation is apt to protect rights and values and produces proportional consequences, penalties, if these rights and values are not respected.
The law should provide for flexibility for companies to use data for legitimate commercial purposes, and our submissions I think go in that vein. There is no opposition really between privacy protection and economic development or innovation. As far as our relationship with the Competition Bureau and other regulators is concerned, it's extremely important that digital regulators are able to co-operate and share information so as to have an effective regulatory framework across all sectors. We have a good relationship with the Competition Bureau.
Melissa Lukings
View Melissa Lukings Profile
Melissa Lukings
2021-06-07 12:31
I think the current issue is that perhaps the penalties that currently exist in PIPEDA are not strong enough to deter corporations. I'm not saying to put in new regulations—I'm not saying that—but when you're going to do the digital charter implementation act and you're discussing things like Bill C-10 and Bill C-11, it's important to remember that.
I think there is room for improvement. Because we've found that financial penalties don't really seem to impact companies that make a lot of money, fines could instead be based on percentages. The key here is that we need to not have increased regulation. If what we're trying to do is in fact what we say we're trying to do, which is to reduce human trafficking and harm to young people, additional regulations are not going to help that.
Did I answer your question?
View Paul Manly Profile
GP (BC)
Thank you, Mr. Chair.
I want to see this bill get moving along, as well. I was surprised that when we hit clause 3, proposed section 4.1, there was a Conservative Party amendment to it, and after the amendment failed, there was a move to remove section 4.1. There was no debate. There was no call for a recorded vote. We didn't deal with that section at that time, and we're stuck in this ongoing filibuster.
The minister has given an explanation. We should get through the rest of these amendments. There is a stage at report stage where section 4.1 can be added back in. If enough parliamentarians think that it's an important thing to have added, then that's what we should do.
I believe in freedom of speech as much as the next person, but I find that the whole system of algorithms with these private platforms doesn't really lend to freedom of speech at all. I get countless emails from constituents who say that there is no freedom of speech on Google, YouTube or Facebook, and that their comments are being blocked or that things are being blocked, so that's another issue we need to deal with.
We're dealing with private platforms that are censoring people, and determining what gets bumped up and what gets bumped down. It's mostly for commercial interests and advertising, and to inflame people, to weaponize our anger at each other. I think we need to look at this.
We're coming up to Bill C-11 where we're going to be talking about these things, but we should get this Broadcasting Act done. If there's an amendment at report stage to fix and bring back section 4.1, that would be the time to do it. Let's get the rest of the amendments through.
Results: 1 - 15 of 75 | Page: 1 of 5

1
2
3
4
5
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data