Liberals to add ‘fundamental right to privacy’ to proposed law, but no details yet

Share post:

Innovation Minister François-Philippe Champagne tempted members of a parliamentary committee meeting Tuesday with promises of big amendments to proposed Canadian privacy and AI legislation in hopes of getting the laws passed quickly.

However, he left several opposition MPs frustrated with his refusal to say when the detailed wording of the amendments will be released on Bill C-27.

Introduced last June, the act proposes three new laws: the Consumer Privacy Protection Act (CPPA), an overhaul of the existing law covering federally-regulated firms; the creation of an independent privacy tribunal to hear applications by the federal privacy commissioner; and the Artificial Intelligence Data Act (AIDA) to regulate AI.

Briefly, Champagne promised

— to include in the CPPA a new fundamental right of individuals to privacy;

— language giving better data protections for children;

— changes giving the federal privacy commissioner more flexibility to get agreements from businesses to comply with CPPA rather than have disputes go the proposed new data privacy tribunal or the courts;

— and better definitions of what “high-impact systems” AIDA will cover, such as systems that make decisions on loan applications or an individual’s employment.

The amendments will also include distinct obligations for companies offering or using general AI systems like ChatGPT.

In addition, Champagne promised to boost the federal privacy commissioner’s annual budget by almost $20 million a year to help enforce the CPPA.

Related content: Experts call for changes in C-27

The MPs’ frustration with not seeing details of the proposed changes was heightened because federal privacy commissioner Philippe Dufresne will soon testify before the Industry committee. MPs were left wondering what to ask witnesses without seeing what the final proposed laws will look like.

Normally, Champagne said, amendments are tabled at the clause-by-clause phase of committee work. In fact he suggested MPs should be glad the government came forward to outline early what the proposed amendments will be.

But clause-by-clause analysis would come after the committee has heard witnesses — and the committee has set aside 13 meetings to hear approximately 30 witnesses.

All he would promise was to “do our best to provide an outline” and a copy of his remarks to the committee “as soon as possible.”

Champagne repeatedly told the MPs they should be glad he was promising to change things many of them, and experts, have been demanding for months, such as including the right to privacy in the CPPA.

As it stands now, the Purposes section of the act says it is to establish “rules to govern the protection of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information.”

However, some experts say that isn’t enough. In a written submission to the committee in April, Dufresne said the law should refer to a “fundamental right to privacy” for individuals.

The CPPA would replace the Personal Information Protection and Electronic Documents Act (PIPEDA).

Like PIPEDA, the CPPA would cover federally-regulated industries like telecommunications, banking, interprovincial transportation and pipelines. It would also cover businesses in provinces that don’t have their own privacy law covering businesses. That includes all provinces and territories except British Columbia, Alberta and Quebec.

Among those pressing to see the actual wording of the amendments was NDP MP Brian Masse.

“We have to go on speculative assumption” on your brief remarks, he complained to Champagne. Each party’s legal teams and the Parliamentary Library will need to go through the proposed amendments for MPs to know what they mean, he said. Otherwise, he said, “we’re going to be spinning in circles here.”

Having hearings without promised amendments “doesn’t make sense,” added Conservative MP Bernard Genereux.

Committee vice-chair Rick Perkins (C) also hinted at trouble ahead with a section of the CPPA giving businesses the right under certain circumstances to assume they have implied consent to give a third party personal data of customers. Essentially this means the “private sector has self regulation,” he said.

Not so, Champagne replied. The section would apply to, for example, a business giving a customer’s address to a shipping company to deliver an ordered product. Besides, he added, if a business abuses the right, the consumer could complain to the privacy commissioner, who has certain powers to issue orders and fines.

But Champagne said he is open to better wording of the section.

Critics of Champagne’s refusal to table the language of proposed changes to the legislation quickly emerged. University of Ottawa law professor Michael Geist called on the committee to suspend hearings until the changes are tabled. 

The post Liberals to add ‘fundamental right to privacy’ to proposed law, but no details yet first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways