In the last act of an incredibly intense digital policy stretch, the government today tabled new private sector privacy legislation in the form of Bill C-36, the Protecting Privacy and Consumer Data Act. It is a big bill, and my initial take will be divided into two: this post will focus on the seismic shift the bill creates for privacy administration and enforcement, and a second post (hopefully tomorrow) will discuss the substantive changes and additions. I start with the enforcement side because the most consequential feature of C-36 is the question of who will administer the rules. The bill firmly cements the Digital Safety Commission as a new digital super-regulator in Canada, stripping the Privacy Commissioner of authority over private sector privacy law and handing it instead to the same five-member commission the government created a few days ago to police online harms. I believe the approach is unprecedented among peer countries and will have negative repercussions for Canada’s standing in the privacy world. Indeed, removing an Agent of Parliament from private-sector privacy enforcement after decades isn’t something you tuck into a lengthy bill, but rather requires extended public consultation and analysis on how best to ensure Canada has effective privacy enforcement. This is a stunning abrogation of good policy development and a poorly conceived vision of the breadth and importance of privacy.
Post Tagged with: "digital safety commission"
The Commission: How Bill C-34 Creates an Internet Super-Regulator That Will Touch the Lives of Millions of Canadians
The proposed kids’ social media ban is capturing the headlines, but lost in the debate over Bill C-34 is that its most consequential element may be the creation and powers of the government agency the bill establishes to oversee the entire system. The Digital Safety Commission of Canada will be a super-regulator of the Internet, with greater influence over the daily lives of Canadians than perhaps any other regulator in the country. The breadth of its influence can’t be overstated: it will set the standards that millions of Canadians must satisfy to verify their age in order to use social media services. It will establish what platforms must do about harmful content, including the removal of certain material. It will determine whether the age-gating requirement may be lifted for any given service. It will both regulate the platforms and advocate for their users, dual roles that raise obvious fairness concerns. And it will exercise investigative and adjudicative powers, complete with penalties, hearings, and formal, law-enforcement-style investigations. Yet despite all those powers, it will not be bound by the rules of evidence, will be free to conduct its hearings in secret, and, at least in the beginning, will be capable of operating as a one-person body in which the Commission and its Chair are one and the same individual. The full scope of the new powers is illustrated in the infographic below.
The Exemption Illusion: Why the Government’s Plan to Fast Track Bill C-34’s Kids’ Social Media Ban Means No Standards, No Privacy Review, and No Enforcement
One of the most heavily promoted features of Bill C-34, the government’s Safe Social Media Act, is that its social media ban for those under 16 comes with a potential exemption for platforms that satisfy the new Digital Safety Commission that they provide adequate safeguards for children. But based on comments from government officials, it appears the exemption is an illusion, at least for years to come. The legislation carefully sets out how the ban is supposed to work, but officials at a technical briefing on the bill this week described a very different plan that involves moving quickly after Royal Assent with regulations to bring the ban into force without waiting for the Digital Safety Commission to be fully operational. No Commission means no age verification standards, no privacy review, no exemption, and no effective enforcement. It also creates huge risks since the initial start of the ban is when tens of millions of Canadians would be required to verify their age, yet the government is sidelining the privacy protections written into its own bill and essentially conceding that the ban is unlikely to carry any real consequences for those services that fail to comply when it first takes effect.
The Law to Be Named Later: Bill C-34 Punts 50 Key Decisions to Cabinet and a Digital Safety Commission That Does Not Yet Exist
The government’s plan to address online safety was introduced yesterday with Bill C-34, the Safe Social Media Act, featuring an under-16 social media ban, pornography age verification, AI chatbot rules, and platform regulation that I argued amount to an everything-all-at-once approach built on a “trust us” bet. My initial guide to the bill highlighted many key issues, but this follow-up examines just how much has been left for later. In many respects, Bill C-34 is best understood as version 1.0 of the Safe Social Media Act with a framework that establishes institutions, sets penalty ceilings, and fixes the age of 16 in the statute. But the bill leaves nearly everything that will determine how the law actually works, including which services are covered, when the ban applies and to whom, what counts as adequate age verification, and what design features platforms must build, to what amounts to a version 2.0 that will be developed later through multiple regulatory processes.
My First Take on the Online Harms Act: Worst of 2021 Plan Now Gone But Digital Safety Commission Regulatory Power a Huge Concern
After years of delay, the government tabled Bill C-63, the Online Harms Act, earlier today. The bill is really three-in-one: the Online Harms Act that creates new duties for Internet companies and a sprawling new enforcement system, changes to the Criminal Code and Canada Human Rights Act that meet longstanding requests from groups to increase penalties and enforcement against hate but which will raise expression concerns and a flood of complaints, and expansion of mandatory reporting of child pornography to ensure that it includes social media companies. This post will seek to unpack some of the key provisions, but with a 100+ page bill, this will require multiple posts and analysis. My immediate response to the government materials was that the bill is significantly different from the 2021 consultation and that many of the worst fears – borne from years of poorly thought out digital policy – have not been realized. Once I worked through the bill itself, concerns about the enormous power vested in the new Digital Safety Commission, which has the feel of a new CRTC funded by the tech companies, began to grow.
Recent Posts
The Law Bytes Podcast, Episode 273: Rebroadcast of the Globe and Mail’s The Decibel on Canada’s First Steps Towards a Social Media Ban 
Midnight Madness: The Government Rushes Lawful Access Bill Through the House Without Debate or a Recorded Vote 
One Step Forward, Two Steps Back: Bill C-36 Modernizes Canada’s Privacy Law, Then Delays It to 2030 
Gary Anandasangaree’s Vic Toews Moment Shows the Government Has Lost Its Way on Lawful Access 
Government Moves to Shut Down Lawful Access Hearing In Order To Fast Track Passing the Bill This Week
