The foot dragging continues for Canada’s privacy reform bill. We go looking to see what on earth happened to Bill C-27.
Visualize this: headlines about data leaks and breaches are happening on a nearly daily basis. What was once shocking that millions of users had their personal information compromised to hackers on the dark web became so commonplace, that few would even care that it even happened. Why is no one caring? It has become that commonplace and the government is unwilling to do anything about it.
On the international stage, massive data breaches have effectively become the new US mass shooting headline. Over 250,000 accounts were compromised today? Must be another average Tuesday. Someone lose their whole life savings because of stolen information? Meh, happens all of the time. Sucks for them, sure, but what are you going to do about it? Heck, you can expect your personal information to be found in massive data silo’s of stolen information by now. After all, the companies are going to do bugger all about securing this stuff because that might cost money.
Well, government finally did something about it. Tired of watching companies not be held accountable for obvious negligence, a government passed privacy reform. If your company was found to be negligently storing personal information, then there will not only be fines, but fines that will sting any corporation – big or small.
That wasn’t just wishful thinking. There was a government that got off their rear ends and did something about this massive problem. That was the European Union that passed the General Data Protection Regulation (GDPR). This happened clear back in 2018. At the time of passage, there was some mixed reaction at first. As time went on, however, the GDPR essentially became the gold standard for privacy protection of every day users. Fines were dolled out, and, for many, it ushered in a new era for respect to personal privacy.
Is the law perfect? No. By the 4th year anniversary, there were questions about Data Protection Authorities (DPAs). Specifically, is the law evenly applied across multiple jurisdictions? Many would argue that it wasn’t. While there are things that need to be worked on, at minimum, Europe has been long on the path to trying to finally tackle this monstrosity of a problem. This as opposed to sitting on the sidelines with a thumb up their rear end and endlessly talking about how the market will somehow magically sort itself out on this matter. After that, proceed to do nothing about it.
Canada, meanwhile, was once an international gold standard. In years past, it was bold and innovative to have not only privacy commissioners at the federal level, but also at the provincial level as well. However, the country has since been resting on its laurels, content with watching the world pass Canada by. Now, Canada has become one of the worlds biggest laggards in the developed world when it comes to privacy enforcement. While it was once enough to send strongly worded letters, these days, strongly worded letters are increasingly being met with companies responding with, “Yeah, you got a problem with that? F*** off, loser.”
It wasn’t as though Canada didn’t have a series of wake-up calls all of this time. There was the Cambridge Analytica scandal that affected Canadians, the Clearview AI scandal / RCMP Clearview AI scandal, the Desjardins data breach fiasco, and the Newfoundland hack to name four examples. Yet, after each successive privacy scandal, Canadian officials continue to be content with continuing to hit the snooze button.
The consequences are real. Because of the sorry state of affairs, the various Privacy Commissioners are left with laws without teeth. Though they continue to do incredible work, when you are only allowed to use kid gloves to try and treat an epidemic sized problems, there are only so many options afforded to you. As a result of federal inaction, Canada has also left billions on the table during a time of economic uncertainty. To say the situation in Canada is a joke brought on by negligence and incompetence would be an understatement.
Privacy reform is certainly something everyone wants. In 2019, the concept of privacy reform got broad party support. So, it isn’t as though one party is particularly upset about the idea. Yet, despite such a slam dunk political situation where there is a law that is obviously needed and everyone wants it, movement has been sorely lacking. There was hope when the CSE (Communications Security Establishment) said that attacks are on the rise and privacy reform is needed, but the Liberal party continued to drag its feet. Despite this, all Canadians got was finger pointing and more feet dragging.
After years of inaction, stalling, and radio silence, Canadian Innovation Minister, François-Philippe Champagne, commented on the situation, saying that privacy reform was his “top priority“. The months that followed was even more radio silence. In June of 2022, there was finally movement on this file. The Minister finally tabled Bill C-27. The tabling was met with disappointment and confusion as the bill, outside of a few language tweaks, was largely the same as before. Questions circled over, outside of picking lint out of his belly button, what the heck was the Minister doing all of this time? That may be a question that will never really get answered.
So, another eight months later, where are we at now? According to the legislation page, there was two debates on the bill. One on November 4, 2022 and another on November 28, 2022. Ever since, there hasn’t been any action on this. Ideally, the bare minimum would be seeing this bill get to committee by now, but who knows? Maybe the Minister was too busy playing thumb wars with the Environment Minister or something.
Some might look at all of this and ask if this is a little harsh. A question might be how legislation typically takes time. Well, for a point of comparison, Bill C-11, a bill no one outside of a small set of core media lobbyists wants, is somehow mysteriously having no problems whatsoever making its way through the legislative process. Looking at the bills information page, Bill C-11 was introduced on February 2,2022 and sailed through third reading at the Senate on February 2, 2023 where it currently awaits Royal Assent. Though it was defeated as Bill C-10 in the last session, the same thing happened with privacy reform as well, so that isn’t even an excuse here.
Meanwhile, Canada’s Link Tax legislation, again, a bill that almost no one wants outside of core media lobbyists, Bill C-18, was tabled April 5, 2022. It went through the legislative process at blistering pace, making it all the way to completing Senate first reading on February 2, 2023.
Though Minister Champagne may talk a big game about this being such a high priority, the actions suggest that feet dragging will continue to be a theme. He was late to introduce the bill and is barely moving this bill forward. Unless something dramatically changes soon (which it hasn’t for the last 4 years), it seems that more foot dragging will continue to be a theme for this government on this bill. Who knew there would be so much resistance for a bill almost everyone wants and unmistakably needs? At any rate, as time drags on, this bill further risks, once again, dying on the orderpaper – all because the Minister in question couldn’t seemingly be bothered to move this forward.