Bill C-27 to strip you of your online privacy rather than protect it
by Dan Fournier, published Thursday, Oct. 27, 15:12 EDT on fournier.substack.com
Image source: Wikimedia Commons
As Bill C-11 just recently passed the first reading in the Senate, Canadians have yet another bill to worry about regarding online privacy, namely Bill C-27.
An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act – sometimes abridged as the CPPA – contains a lot to worry about.
While numerous concerns regarding the bill have been outlined by Openmedia.org, the main focus here pertains to the exceptions explicitly stated in the act that would enable private companies to share and possibly abuse sensitive personal information of Canadians.
In the section Exceptions to Requirement for Consent – Public Interest – 39 Socially beneficial purposes of the bill’s first reading, it is clearly outlined how our personal information can be shared without our knowledge or consent for “Socially beneficial purposes” [emphasis added in red underlining]:
Section 39 of Bill C-27
There’s a lot to unpack here so let’s break it down to obtain a simplified understanding of this legal jargon.
Firstly, an “organization” is defined as “an association, a partnership, a person or a trade union” so it’s quite broad in scope and can most likely be interpreted to include private businesses. What is quite worrisome is that these organizations can share peoples’ private information without their knowledge or consent to many types of entities.
While we could expect such information to be shared with government institutions, health care institutions, on the other hand, could prove troublesome. For instance, let’s suppose that some entity has our personal medical information such as our vaccination (health) status; there is nothing that would prevent them from sharing that with multiple parties, despite it being a clear violation of the sharing of your personal information.
Next, your personal information could easily be shared with an organization mandated, i.e., hired by, a government institution for a “socially beneficial purpose” or endeavour. Looking at their definition of this term, we can see that it’s broad in scope since it encompasses “any other prescribed purpose” which essentially means carte blanche – ripe for all kinds of abuses.
Let us speculate a bit on those that are listed. “improvement of infrastructure” is quite broad, but suppose that this could include the upcoming infrastructure used in the implementation of a Central Bank Digital Currency (CBDC). In this case, our identity and sensitive financial information could be used to verify transactions such as purchases we make, to whom, and for what purpose. These could easily be shared with taxation agencies and private entities including those interested in tracking our financial moves, such as advertisers, but to name one.
In addition, our purchases could also be scrutinized and verified in the name of “the protection of the environment”. Moreover, with the recent craze of tracking our carbon footprints, what is to say they won’t set limits of what we can buy or how far we can travel based on whether or not we have reached our designated carbon limit? This is already the case with certain credit cards.
These are but a few examples of the types of abuses that could easily arise given the way the bill is currently drafted.
Notably, there is no mention whatsoever about the collection of people’s biometric information. This is an astounding fact given that biometric data is becoming increasingly used to identify us online.
Abuses in this regard already exists. For instance, Bank of Montreal’s Mastercard uses Voice ID technology to biometrically record and database callers’ voices with most customers not being aware of the practice.
A lot of our personal biometric information is already being collected by many parties such as with mobile phone providers and their partners, but to name a few. And this is likely to increase going forward.
Bill C-27 provides next to zero protection regarding the use or abuse of this type of data that is central to our personal identity.
Who introduced Bill C-27?
Trudeau-appointed François-Philippe Champagne, current Minister of Innovation, Science and Industry (formerly the Minister of Foreign Affairs) is the bill’s sponsor.
As per his Wikipedia profile, Champagne was designated a "young global leader" by the World Economic Forum and worked as a lawyer for ABB Group in Switzerland and Amec Foster Wheeler in London, both affiliated with the WEF.
François-Philippe Champagne’s profile page at the World Economic Forum
While being tied to the WEF doesn’t necessarily signify mischievous intentions by the Canadian politician, it does, however, raise some concerns with regards to the motivations behind introducing Bill C-27.
It’s no secret that the WEF has been involved in may questionable endeavours, particularly since the start of the Covid-19 Pandemic. Part of their goals include pushing for strict climate change measures, promoting CBDCs through public-private partnerships, and the advancement of AI technologies – particularly with regards to Big Data harvesting.
There are currently thousands of Canadian companies hard at work in these sectors. A lot of the data being tracked and used by them include people’s online and spending habits, personal preferences, and financial transactions. And, as people spend an increasing amount of time online and provide more personal details to access various services, they are exponentially vulnerable to abuses, including, but not limited to, identity theft.
Bill C-27 opens a real Pandora’s Box when it comes to the wanton dissemination of sensitive private information of Canadians.
The bigger question that remains, though, is how much opposition will the bill face by members of the opposition in Parliament and by ordinary Canadians who value their right to privacy?
Notes:
This article is also published in The Counter Signal.