I thought that in today's intro I'd highlight testimony from six civil society groups that appeared before the House of Commons Standing Committee on Industry and Technology studying the omnibus Bill C-27, the Digital Charter Implementation Act, last week. I think it's fair to say they cranked up the heat.
The Canadian Civil Liberties Association said the Consumer Privacy Protection Act needs to better define sensitive data and, in particular, specify biometrics as being particularly sensitive. They also take issue with consent carveouts, suggesting the bill is porous with exemptions and exceptions.
The International Civil Liberties Monitoring Group criticized low thresholds permitting the disclosure of personal information to government for national security purposes. Meanwhile, they said the Artificial Intelligence and Data Act is deeply flawed overall, that it lacked public consultation and debate in its creation, that there isn't proper oversight over private sector AI systems used by government, and that it should be withdrawn.
Open Media supported the CPPA penalties and changes regarding human rights, but expressed concerns about the consent exceptions and insufficient coverage over non-government entities like politicians and nongovernment organizations. They fear the AIDA will make Canada a dumping ground for AI projects due to lower standards. If the AIDA advances, they want to see an independent AI Commissioner instead of one reporting to the Minister of Innovation, Science and Industry François-Philippe Champagne, and a two-year mandatory review.
The Privacy and Access Council of Canada said Bill C-27 is a bad law that starts off by defining everyone as consumers. They said it won't slow the use of AI and facial recognition or the monetization of personal information. They said that while requiring plain language privacy policies is good, the law doesn't impose enough granularity. They too made the point that it wouldn't apply to political parties. They said the law isn't well aligned with other laws, including Quebec's Law 25.
The Public Interest Advocacy Centre didn't pull any punches either. They feel the bill reverses the notion of informed consent, that business activities are defined too broadly, that the way the law handles deidentification will further enable data brokers, and that there's a lack of scrutiny around "social beneficial purposes." They said the CPPA reverses 25 years of privacy law in Canada and The Personal Information Protection and Electronic Documents offers better protections. They also had many concerns with AIDA, suggesting it's rocket fuel for discrimination, there's no government applicability and it lacks independent oversight.
Toronto Metropolitan University focused on AIDA. They echoed the concerns about lack of public consultation and Commissioner independence. They said narrowing harms to individuals misses other harms, for example at the community level. They feel the bar for individual complaints is too high, that pre-emptive audits should be possible, and said there's a double standard in terms of its application to only the private sector.
It'll be interesting to see whether and how the committee reacts to this feedback in its ongoing work. Remember these aren't the only privacy advocates we've heard from so far and I imagine there may be more — I've just done a snapshot of one meeting, but I think it gives you a flavor of the concerns out there from some groups.
Anyway, many of these organizations submitted briefs and you can watch all the appearances from the wide range of folks sharing their input on the committee's website.
