After testifying before U.S. lawmakers, Facebook CEO Mark Zuckerberg passed on appearing before the Canadian Standing Committee on Access to Information, Privacy and Ethics and that has upset the chair of the committee.
“I as chair and we as a committee don’t take lightly the fact that Mr. Zuckerberg declined to appear,” said Bob Zimmer, Prince George-Peace River-Northern Rockies MP and chair of the committee, reprimanding Facebook executives for CEO Mark Zuckerberg’s decision not to testify before the committee.
Kevin Chan, Head of Public Policy for Facebook Canada, and Robert Sherman, Deputy Chief Privacy Officer for Facebook Inc., testified as part of the committee’s study on a breach of personal information involving Cambridge Analytica and Facebook.
Zimmer challenged Facebook to do more to protect Canadians’ privacy after hearing that of the 23 million Canadians who use Facebook, over 600,000 had their data compromised.
“As chair of the committee, I think we’ve all appreciated the good parts of Facebook in connecting with loved ones and connecting with voters on a daily basis. I check Facebook regularly for my news,” said Zimmer. “Yet we task you with a deep responsibility of keeping Canadians’ data safe. I think this is one thing that is unique about this committee is that all parties are committed to do what we need to do to ensure that you keep Canadians data safe.”
Personal Information Protection and Electronic Documents Act
In February, on behalf of the committee, Zimmer tabled in the House of Commons a report entitled “Towards Privacy by Design: Review of the Personal Information Protection and Electronic Documents Act“.
The report makes 19 recommendations to update the Personal Information Protection and Electronic Documents Act (PIPEDA) and to take other measures to improve the protection of Canadians’ privacy in their relation with private sector organizations. One key recommendation is to make privacy by design a central tenet of PIPEDA and to include the seven foundational principles of this concept in the Act.
The Committee also recommends amending PIPEDA to provide the Privacy Commissioner with enforcement powers – such as the power to make orders and impose fines for non-compliance – as well as broad audit powers, including the ability to choose which complaints to investigate.
The other recommendations of the Committee ask the Government of Canada to:
- ensure that consent remains the core element of the privacy regime, while enhancing and clarifying it by additional means, when possible or necessary;
- propose amendments to PIPEDA to explicitly provide for opt-in consent as the default for any use of personal information for secondary purposes, with a view to also implementing a default opt-in system regardless of purpose;
- consider implementing measures to improve algorithmic transparency;
- study the issue of revocation of consent in order to clarify the form of revocation required and its legal and practical implications;
- modernize the Regulations Specifying Publicly Available Information in order to take into account situations in which individuals post personal information on a public website and in order to make the Regulations technology-neutral;
- consider amending PIPEDA in order to clarify the terms under which personal information can be used to satisfy legitimate business interests;
- examine the best ways of protecting depersonalized data;
- consider implementing specific rules of consent for minors, as well as regulations governing the collection, use and disclosure of minors’ personal information;
- amend PIPEDA to provide for a right to data portability;
- consider including in PIPEDA a framework for a right to erasure based on the model developed by the European Union (EU) that would, at a minimum, include a right for young people to have information posted online, either by themselves or through an organization, taken down;
- consider including a framework for the right to de-indexing in PIPEDA and that this right be expressly recognized in the case of personal information posted online by individuals when they were minors;
- consider amending PIPEDA to strengthen and clarify organizations’ obligations with respect to the destruction of personal information;
- work with its EU counterparts to determine what would constitute adequacy status for PIPEDA in the context of the new General Data Protection Regulation(GDPR);
- determine what, if any, changes to PIPEDA will be required in order to maintain its adequacy status under the GDPR; and, if it is determined that the changes required to maintain adequacy status are not in the Canadian interest, create mechanisms to allow for the seamless transfer of data between Canada and the EU;
- work with the provinces and territories to make sure that all relevant jurisdictions are aware of what would be required for adequacy status to be granted by the EU; and
- amend PIPEDA to replace the term “fraud” with “financial crime” (and propose a definition for that term).
“This Committee has listened to a variety of witnesses from a large cross-section of Canadians with regards to protecting their privacy. We are deeply concerned with the rights and protections of all Canadians and I believe that the report tabled today highlights the concerns that we have for the future and the necessary updates to the Personal Information Protection and Electronic Documents Act” said Zimmer in a news release.
“Our laws should empower Canadian consumers to control their own personal information, and empower the Privacy Commissioner to better protect that information. Privacy should be the default in commercial relationships, Canadians should have the right to easily move their own personal information between competing businesses, and the Commissioner should have the ability to make orders and issue fines” said Nathaniel Erskine-Smith, Vice-Chair of the Committee.
“I am happy to sign on to this report with my colleagues, and believe that it contains excellent ideas for protecting Canadians’ privacy” said Charlie Angus, Vice-Chair of the Committee.
The Committee held 16 public meetings as part of this study and heard from 68 witnesses, including privacy experts and representatives from the government and private sector organizations. The Committee also received 12 briefs on this topic. The witness testimony heard by the Committee and the briefs submitted are available on the Parliament of Canada’s website: (ourcommons.ca/Committees/en/ETHI).
The Standing Committee on Access to Information, Privacy and Ethics has 11 members. It is chaired by Bob Zimmer (Prince George–Peace River–Northern Rockies), with vice-chairs Nathaniel Erskine-Smith (Beaches–East York) and Charlie Angus (Timmins–James Bay). The other members are Frank Baylis (Pierrefonds–Dollard), Mona Fortier (Ottawa–Vanier), Jacques Gourde (Lévis–Lotbinière), the Honourable Peter Kent (Thornhill), Joyce Murray (Vancouver Quadra, Parliamentary Secretary – non-voting member), Michel Picard (Montarville), Raj Saini (Kitchener Centre), and Anita Vandenbeld (Ottawa West–Nepean).