Innovation, Science and Industry Minister François-Philippe Champagne yesterday unveiled Bill C-27, the updated privacy reform law. While Champagne described it is a “historic day”, the bill is better described as a case of Groundhog Day, since it looks an awful lot like the last privacy bill that died with last year’s election call and which never even advanced to the committee stage. I wrote earlier this week about the government’s seeming indifference to privacy and this bill doesn’t do much to change the analysis as the bill raises many of the same questions and will likely face similar opposition.

Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh
Privacy
Why is the Canadian Government So Indifferent to Privacy?
Over the past several weeks, there have been several important privacy developments in Canada including troubling privacy practices at well-known organizations such as the CBC and Tim Hortons, a call from business organizations for privacy reform, the nomination of a new privacy commissioner with little privacy experience, and a decision by a Senate committee to effectively overrule the government on border privacy rules. These developments raise the puzzling question of why the federal government – led by Innovation, Science and Industry Minister François-Philippe Champagne, Public Safety Minister Marco Mendicino, and Canadian Heritage Minister Pablo Rodriguez – are so indifferent to privacy, at best treating it as a low priority issue and at worst proposing dangerous measures or seemingly hoping to cash in on weak privacy laws in order to fund other policy priorities.
The Law Bytes Podcast, Episode 124: David Fraser on Negotiating a CLOUD Act Agreement Between Canada and the United States
The CLOUD Act, which allows US law enforcement to use a warrant or subpoena to compel U.S.-based technology companies to provide data stored on servers regardless of where the data is located, was first introduced in the United States in 2018. Canada and the US recently announced plans to negotiate a Cloud Act agreement which would ease cross-border disclosures of data between the two countries.
David Fraser is a lawyer with McInnes Cooper in Halifax and one of Canada’s leading privacy experts. He regularly acts for clients on data disclosure matters and was one of the first to highlight the negotiations and its implications on his Youtube channel. He joins the Law Bytes podcast to talk about the Cloud Act, how it might fit into Canada’s privacy law framework, and how Canada should approach the negotiations.
The Law Bytes Podcast, Episode 121: The Law Is No Longer Fit For Purpose – My Appearance Before the ETHI Committee on Canadian Privacy and Mobility Data
The House of Commons Standing Committee on Access to Information, Privacy and Ethics spent much of February conducting a study on the collection and use of mobility data by the Government of Canada. The study stems from reports that the Public Health Agency of Canada worked with Telus and BlueDot, an AI firm, to identify COVID-19 trends based on mobility data with questions about whether there was appropriate disclosures, transparency and consent from the millions of Canadians whose data may have been collected. I appeared before the committee toward the end of the study, emphasizing that while the activities were arguably legal, something still does not sit right with many Canadians. This week’s Law Bytes podcast goes inside the hearing room for my appearance, where I made the case that Canada’s outdated privacy laws are no longer fit for purpose.
The Urgent Need for Privacy Reform: My Appearance Before the Standing Committee on Access to Information, Privacy and Ethics
The House of Commons Standing Committee on Access to Information, Privacy and Ethics spent much of February conducting a study on the collection and use of mobility data by the Government of Canada. The study stems from reports that the Public Health Agency of Canada worked with Telus and BlueDot, an AI firm, to identify COVID-19 trends based on mobility data. I appeared before the committee earlier this week, making the case that this is a a genuine privacy quandary where the activities were arguably legal, the notice met the low legal standard, Telus is widely viewed as seeking to go beyond the strict statutory requirements, and the project itself had the potential for public health benefits. Yet despite these factors, something does not sit right with many Canadians. I believe that something are outdated privacy laws that are no longer fit for purpose. My opening statement is posted below.