Fifth Session, 41st Parliament (2020)
Special Committee to Review the Personal Information Protection Act
Virtual Meeting
Wednesday, July 8, 2020
Issue No. 7
ISSN 1913-4754
The HTML transcript is provided for informational purposes only.
The
PDF transcript remains the official digital version.
Membership
Chair: |
Rachna Singh (Surrey–Green Timbers, NDP) |
Deputy Chair: |
Dan Ashton (Penticton, BC Liberal) |
Members: |
Mable Elmore (Vancouver-Kensington, NDP) |
|
Adam Olsen (Saanich North and the Islands, BC Green Party) |
|
Steve Thomson (Kelowna-Mission, BC Liberal) |
Clerk: |
Susan Sourial |
Minutes
Wednesday, July 8, 2020
9:30 a.m.
Virtual Meeting
1)Canada’s Digital Technology Supercluster |
Sue Paish |
2)BC Tech Association |
Jill Tipping |
Chair
Clerk Assistant, Committees and Interparliamentary Relations
WEDNESDAY, JULY 8, 2020
The committee met at 9:38 a.m.
[R. Singh in the chair.]
R. Singh (Chair): Good morning. I would like to welcome everyone participating in and listening to the panel discussion today. My name is Rachna Singh. I’m the MLA for Surrey–Green Timbers and the Chair of the Special Committee to Review the Personal Information Protection Act.
I would like to begin by recognizing that my constituency is on the traditional territory of the Coast Salish people, in particular the Kwantlen, Katzie, Semiahmoo, Tsawwassen First Nation, Kwikwetlem and Qayqayt people.
We are an all-party parliamentary committee of the Legislative Assembly, with a mandate to review the Personal Information Protection Act. Normally, the committee would have held its public hearings in person. However, due to the COVID-19 pandemic, public hearings are being held by video and teleconference.
As part of our review, the committee is meeting today with Sue Paish, CEO of Canada’s Digital Technology Supercluster, and with Jill Tipping, president and CEO of the B.C. Tech Association, to hear about PIPA’s impact on technological and digital innovation in British Columbia and to seek insights on how PIPA should be amended to take into account the changing digital economy and the commodification of data.
British Columbians are also invited to send us their thoughts in writing before August 14. All the information we receive will be carefully considered as we prepare our report to the Legislative Assembly, which will be released in February 2021. More information is available on our website, www.leg.bc.ca/cmt/pipa.
Just about the virtual meeting format, each of our presenters this morning will have 15 minutes for their presentation. Following the presentations, there will be 30 minutes for questions from members.
All meetings are recorded and transcribed by Hansard Services, and a complete transcript will be posted on the committee’s website. A live audiocast of this meeting is also available on our website.
Now I’ll ask the members of the committee to introduce themselves.
D. Ashton (Deputy Chair): Thank you, Madam Chair.
Again, Sue and Jill, thank you very much for coming in today. I have the pleasure of representing the area from Penticton to Peachland and also of being the Deputy Chair and working with some incredibly fine individuals.
S. Thomson: I’m Steve Thomson. I’m the MLA for Kelowna-Mission.
Good morning, Sue and Jill. Thanks for joining us today. I look forward to the presentations.
M. Elmore: Good morning. I’m Mable Elmore. I’m the MLA for Vancouver-Kensington.
Thank you very much for joining us.
A. Olsen: Good morning. My name is Adam Olsen. I’m the MLA for Saanich North and the Islands. It’s wonderful to be here with you all today, and I really look forward to these presentations.
R. Singh (Chair): Thank you so much, Members.
Also assisting the committee today is Susan Sourial from the Parliamentary Committees Office. Dwight Schmidt from Hansard Services is also here to record the proceedings.
I think we are ready whenever you are. Thank you so much.
Presentations on Statutory Review of
Personal Information
Protection Act
CANADA’S DIGITAL
TECHNOLOGY
SUPERCLUSTER
S. Paish: Good morning, everyone, and thank you for the invitation to speak with you. Before diving into the topic at hand, let me thank you for the work that you’ve done, together with your colleagues in the Legislature, in respect to addressing the many and constantly evolving issues respecting COVID-19.
In many ways, B.C. has set the standard for pragmatic, thoughtful leadership in a challenging and rapidly evolving environment. British Columbia has led the country in protecting the health and safety of citizens. I’m sure that you will help our province lead the country now in finding a path to economic recovery and a return to economic prosperity, and this is actually a good segue to today’s topic. There are three matters that I’m going to raise in my address with you, and more items will come in the submission that will follow a bit later, in advance of the deadline.
The first item I want to discuss with you is the digital evolution of our economy in our society. Obviously, this has accelerated over the past few months, and it has materially changed the landscape in respect of domestic and international trade and the expectations and needs relative to privacy in a digitized world.
The second item I’d like to raise with you is that we now live and operate in a truly global economy. There are global standards that can be a good guide for your review and which can increase opportunities for B.C. businesses to compete globally and also increase opportunities for international businesses to invest in British Columbia.
My third point that I will discuss with you is that we need a harmonized approach to privacy in this country. The current patchwork of legislation is both confusing and unnecessary, especially for small businesses. Just as our province has led the country in addressing the COVID crisis, B.C. can lead the country in the transformation of our approach to privacy, in a way that will preserve provincial sovereignty, protect citizens and create an environment that supports citizens, businesses and innovative organizations, the lifeblood of our economy and the future of our prosperity.
Before I dive into those, let me just answer a question that might be in the back of your minds: what is the supercluster, and why am I here? The Digital Technology Supercluster is one of five superclusters selected by the government of Canada in 2018 to improve Canada’s global competitiveness and prosperity.
As I think you likely know, on the last OECD scorecard we were placed, as a country, 12th out of 16 in innovation. That’s not acceptable. We are intending to change that. We’re intending to accelerate the growth of small and medium enterprises and to grow innovation ecosystems that will place Canada on the world stage as a leader in the development, deployment and scaling of digital technologies created in this country.
In the digital supercluster, we’re focused on solving some of society’s and industry’s biggest problems through the development and deployment of Canadian-made digital technologies created through a collaborative innovation environment, with multiple organizations — public, private, large and small — working together on projects which address some of these big problems that I’ve just referenced.
With practical and meaningful outcomes coming from our projects, we will improve the global competitiveness of our province and of our country. We’ll grow prosperous companies that want to stay and succeed in British Columbia. We have over 600 organizations that are working with us, from small organizations such as Careteam and LlamaZOO, to high-growth enterprises like Terramera and EarthCast, and large global leaders such as Telus, Canfor, Microsoft and Teck Resources.
We’re solving problems such as reducing the time it takes to diagnose malignant melanoma — from six months to a matter of days. That changes your survival rate from 15 percent, if you have to wait six months for diagnosis, to 85 percent. We’re using earth observation satellites to increase our ability to detect and even forecast extreme weather events such as forest fires.
In the context of COVID, we’re building the resilience of our health system by developing, for example, handheld remote sensors to detect COVID in the lungs of patients who, in remote, rural settings, don’t have access to sophisticated hospitals. We work with small and medium enterprises every day. We see their potential, and we see what they contribute to our economy and to our future. We also see the obstacles that prevent our SMEs from growing and flourishing domestically and globally.
Let me turn to my first point — the digital transformation of society. Digital transformation was on the business plan for many organizations prior to March 2020. Since that time, it has become a critical element for success of any business.
How does this affect privacy? As a small trading nation, we were judged in the past based on our effectiveness and the efficiency of our ability to move goods and, to a certain degree, services. We invested as a country and as a province in infrastructure to connect our country by road, rail and, beyond that, to international markets through our ports and our airline sector. The world measured us not just by the quality of the products we produce but by whether we could effectively get them to markets.
Today’s world is based on the transmission of data. Yes, hard goods on ships and trades are still critical, but the data that’s used to evaluate these goods and to evaluate the efficiency of our supply chains and how we handle these goods is critical. Forbes noted that more data has been created in the last two years than in the previous history of the human race. That’s not going to slow down. Within five years, there will be 70 billion smart devices around the world collecting data 24-7.
This creates opportunities and challenges for B.C. companies and citizens, as we must get current and stay current on the collection, protection, curation, privacy, sharing and commercialization of data. If we don’t do this, it will be as if we’d stopped building the railway in Saskatchewan or failed to expand the Port of Vancouver. In short, today’s economies are powered by data. We need a modernized, flexible, resilient, clear and practical approach to privacy and the handling of data, an approach that protects the rights and interests of individuals, organizations and the state. Our current legislation does not do that.
I encourage you to take a holistic and forward-thinking approach to your review. This is not, in my view, an opportunity for you to tinker with a few sections here or there. I encourage you to take a comprehensive approach that reflects the reality of today’s global economy. I also encourage you to take a national approach. I’ll say more about that later. Businesses do not operate just in British Columbia. Citizens will return to mobility soon, and citizens expect the same protections and rights relative to data and privacy whether they are in Prince Rupert, Miramichi or Quebec City.
That is not the case right now. A business operating in Canada needs to comply with at least four different privacy statutes — the federal, the Alberta, the British Columbia, the Quebec — and I’m sure you’re well aware of that, with a different regulatory regime, different privacy commissioners and different systems in each of those jurisdictions.
There are also several other pieces of legislation that layer on to the privacy legislation I’ve just referenced — some that apply to the private sector, some that apply to the public sector, some that apply to health data, and some that don’t. There are situations where it’s not even clear which legislation applies to an organization, even if that organization is a B.C. company.
None of these laws have been comprehensively updated since coming into force, and there are now a number of initiatives underway. Quebec, as you know, has proposed a big overhaul of the Privacy Act. The federal government is looking at the digital charter, and you have this review underway.
We are at risk of creating confusion in our local market and in the international market. We’re a small country of 40 million people that could end up with a multiplicity of legislative and regulatory regimes that make it difficult for foreign investors to understand and sometimes impossible for our own domestic companies to navigate.
My first point: the world is now digital. Economies and societies are powered by data. In your review, I encourage you to take a forward-looking, holistic approach and to create a framework that is resilient, adaptable, clear and that sends a message to the world and to the companies in British Columbia that we’re indeed open for business.
My second point is that there are global standards that can provide a guide. The GDPR is increasingly being recognized as a global standard, or at least a guidepost. Elizabeth Denham addressed a number of elements in respect to the GDPR with you in her presentation. I’m not going to repeat what Ms. Denham said other than to emphasize that in my view, you don’t need to recreate the wheel on matters such as mandatory breach reporting, for example.
What is key is that whatever you do, please do it through a lens of the reality that we live in a global economy and that organizations who want to invest in our province want to see clear, crisp approaches to privacy that appropriately balance the rights of the state, citizens and businesses.
At the same time, B.C. needs to be seen as a jurisdiction that complies with or exceeds international standards, and there’s a material risk here. Canada’s adequacy status under the GDPR is at risk. I’m sure you’ve heard this in other briefings, but adequacy status means that the European Union has recognized a country as having adequate privacy laws.
There are three benefits to this. Organizations can transfer personal data from the EU to Canada, if we have adequacy status, without added requirements. That’s not the case right now with the United States. So we have a better flow of data between the EU and Canada if we are recognized as an adequate nation. It also helps our reputation. Having adequacy tells the world beyond the EU that we have strong privacy laws.
Canada has a finding right now of adequacy by the EU, but that only applies to PIPEDA. It’s not clear whether it applies to the Alberta PIPA or the B.C. PIPA, and the Quebec privacy act was expressly rejected as being adequate by the EU.
Getting adequacy will take a lot of work. We’ve heard conversations that it might take as much as two years, or it has with other jurisdictions, but it’s critical to our role as a trading nation and thus British Columbia’s role as a trading province.
In your review — my second point — please take note of the GDPR. See it as a global signal, and adopt the principles that make sense for B.C. as you build your new framework. Please resist the temptation to create a bespoke B.C., made-in-B.C. unique set of guidelines and requirements that are inconsistent with what is increasingly being seen as a global standard through the GDPR.
My third point is that B.C. can lead Canada in developing a harmonized approach to privacy. We are not served right now by the confusing and unnecessary complexity of multiple legislative and regulatory regimes across the country. This is a big ask of you I’m going to make. Just as B.C. has led the country in its approach to COVID with a thoughtful, non-partisan approach that has delivered strong positive results, I encourage you to take the same approach on privacy now. Yes, this might look like a federal-provincial joint effort, and B.C. can lead this. B.C. has legal and compliance privacy and data expertise to lead this.
We all know that our former B.C. Information and Privacy Commissioner Elizabeth Denham is now the U.K. Information Commissioner, and she’s a globally respected expert. I think she’s seconded the current B.C. Information and Privacy Commissioner into her office in the U.K. as well.
B.C. has a distinct requirement requiring the public sector to keep personal information in Canada subject to certain limitations. Nova Scotia, I think, is the only jurisdiction that has something similar. Regardless of whether that’s a good approach or not, we have developed expertise in British Columbia with respect to cross-border data flows. This expertise lies with the staff in the Office of the Information and Privacy Commissioner, in the province’s privacy compliance training division, with IT professionals, with privacy professionals and across multiple levels of the private sector.
We have all of the ingredients to be a global leader for digital technology development and adoption, and we should be capitalizing on our knowledge and expertise in data and privacy to bring that expertise in building a nationally harmonized approach to privacy. I encourage you to take the lead in developing a single pan-Canadian privacy law that is pragmatic, balanced and responsive to today’s needs. The new law should respect international standards while introducing pragmatism and flexibility that makes B.C. an attractive place to innovate.
We need to work together as a country on this. Canada’s complex patchwork of privacy legislation at the federal and provincial levels is unnecessary, confusing and complex, and it could get worse. While we have this review underway, we have the Quebec review underway; we have, potentially, federal reviews underway, through the digital charter; and we could end up with multiple jurisdictions going in different directions. That would be unhelpful to British Columbia businesses. If provinces and the federal government don’t work together, we could end up with a situation that’s even more complex than it is now.
I’m particularly concerned for small and medium enterprises in this context. For them, privacy compliance is already confusing. If it becomes more confusing, it could be prohibitively expensive. We need pragmatic, flexible and responsive legislation. While I expect international standards, like GDPR, will drive much of the substance of a new privacy law, we’ve got to think about the impact on innovation.
The worst thing we could do is to go too far and create a reputation where Canada or British Columbia is seen as an organization that is hostile towards data-driven innovation. Conversely, we can take steps to make Canada known internationally as a place that is safe because of our strong privacy laws and welcoming to innovation because of our willingness to work with policy innovators.
I’m going to give you a couple of examples where I think we can lead. One is regulatory sandboxes. These are a hot topic, and it’s for good reason. As we strengthen our privacy laws, we need to delegate authority to the regulator to permit exceptions to laws where doing so will foster innovation without compromising privacy. That’s why I’m using the term “framework.” It will be impossible to create a piece of legislation in your review that can predict and address every issue that’s going to come up in the future as data, and our approach to data, continues to evolve. The regulatory sandboxes give the opportunity for regulators to address issues within the framework of the legislation.
The second idea is collaborative regulation. Regulators can’t see everything that is going on in all of the organizations that they regulate. Obviously, stakeholder consultations need to take place, but we need to go further. Industry and advocacy groups, including those representing small and medium enterprises, should know that if they put the time and effort in to help shape the regulatory framework, their positions will be respected.
Our supercluster projects are driven by collaboration. We have public sector, private sector, SMEs, big companies, post-secondary institutions, research organizations all working together to solve a single problem. They’re able to do that because they focus on the problem, and they focus on each other’s interests in delivering the solution to the problem. And I know that if we take the same approach now in working with our other provincial colleagues and with the federal government, we can come up with a cohesive approach to privacy for our country. All I can say is that B.C. can, and I say should, become a global centre for excellence in privacy policy, innovation, regulation and compliance.
Similar to how Israel has evolved to become the global centre for cybersecurity, B.C. has the opportunity to be the equivalent in privacy. We’ve shown it with people like Elizabeth Denham.
Innovators need good advice on building products that meet and exceed the requirements of privacy laws, and we should keep and invest in the talent so that Elizabeth Denham isn’t just one person who came out of British Columbia. We should look back and see Ms. Denham as a predecessor of dozens of other international experts in privacy that come out of B.C.
The team at the current OIPC office is world-class. The office is an important source of expertise. They do great work, particularly in educating the public and businesses through presentations. We also have the province’s privacy and compliance and training division and all of the leaders in our tech and legal sectors working together.
In summary, B.C. can lead the country in developing a cohesive, coordinated, federal-provincial approach to privacy that will help British Columbia be seen as a leader, will help B.C. businesses trade and be encouraged to trade across the country and, indeed, internationally, will attract international investment and will be a flexible, pragmatic and resilient legislative framework that will address the changes that are happening in a digital world.
The digital evolution of our economy and society is not going to slow down. We need to make sure that our privacy legislation keeps pace and is seen as a world leader, and we need to respect and, where appropriate, adopt standards such as the GDPR in the framework that you develop.
Thank you for your time. Happy to take any questions.
R. Singh (Chair): Thank you so much, Sue.
I think, Susan, we’ll go with Jill’s presentation and go for the questions together.
B.C. TECH ASSOCIATION
J. Tipping: Wonderful. Thank you, Madam Chair, Deputy Chair, members of the committee. Thank you so much for the time and the interest in hearing from us on how technology and innovation and the commoditization of data might influence PIPA.
Just to let you know a little bit about B.C. Tech, who we are, we’re the non-profit that champions technology as a key part of B.C.’s future — our economy, but also our society. We’re the largest industry member association. We have 500 members, many of whom are employing many of the 114,000 British Columbians that are employed in the tech industry as well as the 50,000 British Columbians that are employed in tech roles in traditional industries.
We work very much in a partnership approach, whether that’s with our government partners or with other non-profits and similar organizations around the province, with whom we’ve built a partnership we call ScaleUP B.C.
Perhaps the most significant partnership that we have is with the digital technology supercluster — Canada’s digital technology supercluster, powering technology innovation right across Canada but headquartered in British Columbia. We can be very proud of what is being achieved there.
In B.C. Tech, we see technology as an industry, yes, but also as a tool that’s transforming every industry in exactly the way Sue described: the digital transformation of the world. This was already happening, but COVID has accelerated it far faster than any of us anticipated. I think it’s important to accept that that is now the global reality.
Now, I am an optimist, self-confessed, and I will tell you that I see technology as a tool for good. Technology is an accelerator. It has the potential to accelerate great social outcomes. It has the potential to accelerate risk. That’s why regulation is so essential and has to be taken thoughtfully and intentionally, as B.C.’s PIPA legislation has.
As Sue mentioned, a lot has changed since the legislation was introduced. In January 2004, there was no such thing as an iPhone. Now imagine, if you will, how much has changed with those smartphone devices that we today use. It would be astonishing if we had been able to anticipate, when the legislation was introduced, everything that has happened in the 16 years since. So I would echo Sue’s call that now is a good time for a comprehensive review and to see what needs to be maintained and what, perhaps, should be tweaked.
My remarks will cover four main areas very complementary to Sue’s, but I’m focused a little more on technology, innovation and giving you that angle on what we’re seeing and how we’re experiencing the world of data and how that might impact privacy legislation.
First of all, I wanted to just start with the concept that everything in technology is not new. As I say, technology is an accelerator, but many uses of information and data go back 100 years, 200 years, 500 years. This concept of “know your customer; know who you’re dealing with” is fundamentally grounded in the concept of using the data that you know about your customers to inform other decisions. Every piece of product development, every new product that’s introduced is based on knowledge about customers’ existing use of existing products.
Fundamentally, innovation is grounded in the use of information and data of what’s happening today and then the application of that to a new circumstance. We must make sure that whilst we have strong privacy legislation, we don’t end up with an unintended consequence that it gets in the way of innovation.
Key here is perhaps to look at de-identification of data. Can we secure privacy through anonymity? Is there a way to preserve the use of the data without penalizing the individual’s personal privacy?
Secondly, I want to focus a little more on innovation. As Sue was mentioning, we in the technology and innovation space are problem solvers. We’re relentless. We can’t help ourselves. We don’t like problem-description. We like solution-finding, and those solutions are always, by definition, coming up with an idea that was not anticipated originally.
Again, as you conduct this review of the legislation, I would encourage you to embrace what the novel use cases are, what the new things are that have happened in the last 15, 16 years. They bring tremendous social value.
Sue’s description of what can happen to a melanoma diagnosis and a survival rate is a great example of how data can actually drive fantastic human and social outcomes, but it was an unintended consequence of the camera that enables the diagnosis that Sue is talking about. The camera that was invented was not designed to diagnose melanoma, but that’s the consequence. That’s how it’s being used.
Thirdly, I’d like to just talk about the concept of consent for a moment. To be meaningful, consent needs to be thoughtful, intentional and considered. We have to reflect on the reality of today’s world. It’s extremely challenging for industry to comprehensively communicate every aspect of a potential use of an individual’s use of data. As a consequence — and we’ve all seen it — the descriptions are long, they’re technical, and they are indeed comprehensive, but I would ask whether they are user-friendly.
For the users themselves…. Again, we all have the experience of clicking the “I agree” box when perhaps we haven’t read everything written on the page. So we do need to make sure that our legislation reflects the practical realities, yes, for the companies themselves but also for the individuals, and to make sure that consent is meaningfully given.
Finally, I do want to emphasize the point that we’re in a small, open economy operating in a global world. My passion is to help B.C.’s small businesses grow and thrive and become medium-sized businesses, become exporters, become large businesses and become global world champions. To grow and scale, a company has to have a global prospective, and I would just invite you to consider, all the time, what is gained from arriving at a made-in-B.C. solution.
It’s certainly going to be necessary, certainly going to be essential for there to be some elements of any legislation that are very appropriate to the B.C. context. But we always have to ask ourselves: is it a true advance on a federal norm or an international norm?
Keep the variances to what’s essential, to what’s necessary, to what’s truly important for British Columbians, rather than to start with a blank sheet of paper. To the extent that we can leverage federal norms or international norms, particularly the EU, the concept of adequacy status is essential for British Columbian businesses to be able to develop technologies and products that can access global markets.
I wanted to just leave you with a thought. All regulation is always well-intentioned, and it usually starts from the perspective of seeking to protect the individual — the private citizen — or small businesses. But ironically, paradoxically, what happens over time is that regulation becomes a barrier to entry. Regulation becomes a barrier to entry that favours multinationals and monopoly situations, because only the largest companies are in the position to comply with all of the regulations in every market of the world.
Whilst I am strongly protective of British Columbia and our very special way of life and our very special freedoms, and I would like to see us have excellent legislation here that reflects our requirements, I also want us to take care that we don’t, through trying to do good, actually create a situation where we have squeezed out some of the small and innovative British Columbia companies that are making products that have the potential to solve huge problems in the world and bring B.C.’s innovation centre stage, exactly as Sue described.
Thank you so much for your time. I’m very happy to answer any questions you might have.
R. Singh (Chair): Thank you so much, Jill and thank you, Sue, for this comprehensive information that you gave us. It is very important. We have heard from a number of stakeholders, and some of the things that you both have brought together echoes what we have been hearing from many of them. It’s really good to hear that B.C. is leading in privacy laws, and we want to set the example. And that’s also what we have heard before. Really good to hear that feedback.
I’ll open up the floor for questions. Members, any questions?
S. Thomson: Thanks to both of you for your presentations. I think they were very, very important and very timely in our considerations and have given us a lot to think about going forward as we craft recommendations.
I had a couple of questions, and maybe we’ll have a couple of follow-ups following the other questions and things as well. I wanted to direct this one maybe to Sue, mostly, because you really talked about the need to keep the harmonized national perspective on it all and things like that. But I think, you know, we’ve all had experience in those processes, and you have, as well, in terms of how long that takes in many cases, to get broad agreement across the countries and all the provinces and federal legislation and regulation all harmonized and everything like that. Laudable goal, I think, and something that we have to keep in focus.
Would you think that there are initial steps that we need to take with our process and with our legislation that would assist in that and lead to that, that would incrementally improve the situation and lead, ultimately, to creating a foundation that might help with that harmonization approach? Keeping B.C. as a leader, but keeping that overall perspective. What would you suggest would be the…? Or would you have suggestions around the initial steps that need to be taken with our legislative approach, particularly with the responsibility we have with PIPA, as an incremental step to get to a nationalized harmonized approach?
S. Paish: Thanks for that, Steve. Yes, I have some thoughts. I anticipated that might be a question.
We’ve seen, over the last three months with COVID, provinces and the government of Canada working together at a speed and with an intensity and results that, prior to that, would have been, quite frankly, unheard of in terms of the approach to data, to testing, to the approaches to supporting Canadians through various programs.
Yes, historically federal-provincial engagements can be arduous and time-consuming, but they don’t have to be. So a couple of things that I would suggest. One is: let’s leverage the current environment of what I think is goodwill, where — I’ll speak as a Canadian and as a British Columbian here — it’s been actually delightful to see the prior competitiveness that sometimes comes into these discussions dissipate in favour of finding solutions to issues that are good for Canadians. Let’s build on that current harmony. What I’m suggesting is that you don’t come up with the solutions right now, but that B.C. starts to talk, around these economic recovery and economic growth discussions, about issues that can promote or impede our growth.
One of those is how we approach privacy as a country. We are a country of 40 million people. We are a tiny trading nation. To have a minimum of four…. Actually, if you add in the personal health information legislation and the other pieces of legislation across the country, it’s more than four different sets of legislation across the country. That’s going to impede our growth. It’s going to impede the ability of companies in British Columbia to get restarted, especially if they trade outside of the province.
Start to foster a conversation around the fed-prov table that says: “Let’s think about developing a national framework. We don’t have to answer all of the questions right now. But let’s at least send a signal across the country and a signal globally that as a small trading nation we’re going to come up with a cohesive framework.”
The first thing would be to leverage the current, I think, goodwill that exists across fed-prov tables right now. There’s a saying: don’t waste a crisis. We have to rebuild the economy. Having four different legislative reviews in privacy ongoing right now that could end up in four different directions is going to undermine economic recovery. It’s going to undermine our ability to be seen as a leader on the global stage.
Leverage the current goodwill. Don’t try and solve all the problems at once, but rather, seed the idea that a federal-provincial discussion that results in a cohesive framework is quite possible. We’ve done it on a number of things over the last three months. We can do it on this.
The third one is that having a federal-provincial discussion doesn’t require you to cede sovereignty over British Columbia citizens and businesses. As a province, you still hold that sovereign power over the citizens, but let’s make it coordinated across the country. I just say: start with the conversation, but don’t try and get to the answer too quickly.
My second thought is that yes, these take time. In my view, it’s time worth spending. It will be very, very unfortunate for Canadian businesses, especially small businesses, if we end up with the 2020 version of the securities dynamic that we had in the 1980s. I’m now old enough to remember what it was like to have 13 different securities approaches across the country, and it was very difficult for Canadian businesses. It didn’t put Canada in a good light internationally. Let’s not do that with privacy, especially now when data is going to be the engine that drives our economic recovery.
Don’t think that we’ve got to solve all of the problems right now, but let’s avoid getting into a situation where Quebec and British Columbia and the government of Canada each do their own thing, and then we have to unwind it. Those would be my two thoughts.
S. Thomson: Okay, thanks. Just a follow-up question, I guess. We’ve heard consistent recommendations in some of the submissions we’ve received already around mandatory breach reporting, enhanced enforcement compliance, penalty provisions and everything like that. What’s your perspective on that, particularly with respect to small and medium-sized businesses? You made some comments around…. Don’t do something that creates barriers and constraints to growth and opportunity.
Any comments with respect to those recommendations, which have been pretty consistent from groups and organizations that we’ve heard from?
S. Paish: Yeah. I’ll frame my comments in the context of mandatory breach reporting.
There’s a spectrum. I think it was Ms. Denham who used the term “the devil is in the details.” If we go to a system where every time an email is misplaced or sent to the wrong address there needs to be a report and a form filled in and an investigation, then we will paralyze the economy. That’s all that will happen.
That’s at one end of the spectrum. At the other end of the spectrum…. Let’s use the most obvious example, Cambridge Analytica. There’s your bandwidth.
The important thing is to provide a framework. This is why I referenced giving jurisdiction to the regulator to come up with the practical approach and define what triggers a mandatory report. If an email is accidentally sent to the wrong Mrs. Smith and there’s no personal information contained in it, does that require a mandatory report to a privacy commissioner and the filling out of a statement, etc.? Probably not. But how far towards the Cambridge Analytica situation do you go before there’s a mandatory report?
I think that’s something where, in my view, those folks in the regulatory dynamic need to weigh in. What makes sense? It’s something in-between those two.
I think business is ready for mandatory breach reporting as long as it’s not going to require the creation of a large bureaucracy so that we have to detail every single thing that we do. That’s the other reason why I think the concept of regulatory sandboxes is actually an interesting one. You put organizations in a conversation with the regulator, and together you come up with the solution for this sector or this industry.
I would respectfully suggest that you not try to incorporate those details in the legislation.
S. Thomson: Thanks.
R. Singh (Chair): Thank you so much, Sue.
Mable, you have some questions?
M. Elmore: Yes. Thank you, Rachna.
Sue, I was going to ask you about just deepening the discussion in terms of the recommendation around developing a national framework. I take your point not to be prescriptive. So I’ll take it at that. That’s a good point.
I’ll ask, more specifically, Jill. Your No. 2 and No. 3 points around de-identification of data…. Certainly, that seems key with respect to moving forward. Then we have had some discussion around consent. It’s a challenging area, you know, for that to be comprehensive but also up to date.
I was just wondering if you could talk a little bit more, Jill, around the de-identification of data and your thoughts or comments on consent as well.
J. Tipping: What’s key is, perhaps, if we think about the twin concepts of privacy and anonymity. I have a sensitivity, as an individual citizen, to my personal information being known and being associated with me, the individual. I don’t have the same level of sensitivity around my data being known, but separate from me, as Jill Tipping, mother of Veronica.
I have an active interest in my data being used to deliver better health outcomes, for instance. I’m using that as an example for myself and my daughter. I really would want to know, confidently, that the de-identification work has been done in a very robust way, right? The process through which the relevant parts of data are maintained but the connection to the individual private citizen is removed is done in a way that can’t be easily reverse engineered and backtracked.
That, to me, is key. There are solutions to that. So that is a solved problem. Not perfectly. Nothing in life is. But that, I believe, is the best path. That’s the path where we unlock all of the human and economic value of data without compromising the privacy elements that I think we all share.
To move to consent just for a moment. I will share my own personal private citizen experience. I have consented, in the last week, to at least 20 things that I have not read. That, I can assure you, is not the way I approach signing a contract, where I read every single word carefully and thoughtfully.
The reality is that when you’re in the process of setting up a computer or a printer or signing up for a software product or an app, you’re keen to move on. You’re keen to get to it. I really do question how many people read the very, very comprehensive descriptions that are given.
I like to use the phrase “the perfect is the enemy of the good.” What we want is for citizens to understand what they’re fundamentally agreeing to. That is best done with human beings in a simple, concise, plain-English form. It is not best done in a long form, legally written form.
That would be a good example, I think, of the sorts of unintended consequences of really super well-intentioned regulation. You can actually end up giving citizens less ability to consent to the use of their data. Practically, they end up just clicking the “I agree” button.
I hope that’s useful.
M. Elmore: Thanks, Jill.
Can I have one follow-up, Rachna?
R. Singh (Chair): Yes, please go ahead.
M. Elmore: Thank you, Jill. In terms of your comment about consent…. When you talk about the use of people, in terms of granting consent, what is that? Do they have to talk to someone? What does that mean?
J. Tipping: Sorry. How do you mean?
M. Elmore: Well, when you talk about not the legal long-winded pages upon pages that when you read through, you scroll it, and then you click the box versus, you said, plain English.
Interjection.
M. Elmore: Yeah, easier. So is it just a shorter version or with some human interaction as well? You mentioned…. What are those two sides?
J. Tipping: What I’ve seen, which is effective in a different context, is…. If you imagine the comprehensive user manual and then the one-pager with infographics that explains the four key things you need to know. You can always provide people with both.
M. Elmore: Right.
J. Tipping: There’s no need to prevent that. But we know that what 99 percent of people are going to engage with is the one-page infographic that tells you the key points. So for me, it’s really important that that summary is substantively accurate.
I might pick up Sue’s point there, which is that the legislation is not the place to embed that. That’s a useful place to allow a regulator to have discretion around whether something does comply or does not. I’d rather see people be informed with information that is digestible so that they can then engage with that information and give an informed consent or refuse to give their consent, rather than go through a technical process that doesn’t really reflect true consent.
M. Elmore: Jill, is that approach around consent adopted in other jurisdictions broadly? Have you seen that? What’s the trend around that?
J. Tipping: I have to say that this isn’t an area that’s…. I don’t know a lot about other global jurisdictions. I’m thinking more about other situations that I’ve seen, in a business context or in a societal context, where what we want is to communicate the key points with people.
Let me give you a great example: the safety briefings that you get on an airplane — if you remember being on airplanes. That’s not a comprehensive legalese approach, but it’s what we want people to read. Or the briefing that the WestJet flight attendants give, which is amusing and causes you to listen but actually hear the advice that they’re giving you.
So when we really want people to understand the information, we approach it one way.
M. Elmore: Thanks. That’s really timely.
When I think back, I can’t recall in any apps or the different consents that I…. Most of them are all long-form page upon page, legal…. You know, reading through it, I can’t recall one having…. Maybe it’s also the nature of the types of apps that I download, but I don’t recall really seeing one that is an infographic kind of summarizing the main components. So it’s just interesting, in terms of what I’ve experienced. But I take your point. It’s an excellent point.
R. Singh (Chair): Thank you so much, Mable. Thank you, Jill.
Members, any more questions?
D. Ashton (Deputy Chair): Ladies, thank you very much for your presentation. I look forward to getting the transcript and also the written presentation you’ve given.
Just really quickly, the difficulties, as we all know, about interprovincial and national trade…. Is there any way that you could give a Coles Notes version of some points that you might think help to broach…? I’m not asking for a whole bunch of additional time, just three to five or six ideas that you think that we could….
Myself, I share an office with a gentleman who’s on Treasury Board, a Member of Parliament. It gives me an opportunity to talk to him in detail, without a long discussion, and get those points across like the WestJet flight attendants do. So would you mind just including, maybe, some of your best thoughts on how to bridge the gap between the various provinces and the federal government on personal information?
Second of all, the digital world is increasing, as we’ve heard in so many presentations. British Columbia’s review is six years. Should it be shorter, with what happens in today’s world? I’ll just leave that for you for the future, if you wouldn’t mind responding.
Again, thank you, ladies, for the presentation. Really appreciate it — very informative.
R. Singh (Chair): Sue, do you want to respond?
S. Paish: I will respond to the second question. Six years is a generation in today’s world. Finding the balance between perpetual review, which is unhelpful, and every six years, when it is a generation, is going to be important. We’ve got some suggestions in the written opinion.
In terms of the fed-prov suggestion that I’m making, we do have…. It’s almost the infographic — you know, the five key points — and perhaps some suggestions on how that can be approached.
D. Ashton (Deputy Chair): Perfect. I appreciate that. You give the analogies of when you’re looking and you’re signing on or putting a new program on your computer. I look at my personal mortgage and my personal credit card. I haven’t read all of those papers. There is that trust involved when you put your signature on it. However, it’s a very good point.
Those infographics do make a lot of sense, and that one-page Coles Notes, so that people can really understand. Or at least, if they have an interest in following through, it gives them a direction to where they can obtain additional information.
Again, thank you for the presentation. I greatly appreciate it.
R. Singh (Chair): Jill, you wanted to add something?
J. Tipping: Just on the first question on how to bridge the gap as well. I’m a little more focused on differences to the EU regulation. It is fabulous to have harmony across Canada and harmony with the federal regulations.
I can tell you that I spent most of my career in business until I took on this role, and the only question I would ask would be: how does this differ from the EU’s regulation? That’s all I want to know. I already have to comply with the EU regulation in order to sell my products and services globally, so that’s baked in to my business development, my product development processes. That would be true even of, you know, small tech companies that are getting started here in B.C., because they’re very focused on big global markets. So they know they need to be compliant there.
Perhaps that would be a way to bridge the gap: if you are compliant with that, here are the additional things that you need to do to be compliant in B.C. And keep it as limited as it can be.
D. Ashton (Deputy Chair): Do you think there would be an acceptance on putting a lot of onus on what Ms. Denham has brought forward?
J. Tipping: I do. I think there’s a…. Businesses of all sizes, small to multinational, need certainty more than anything. They need to know: “What do I need to comply with? What is it nice to have? What is going to get me in trouble? What must I do?” That’s their focus. Their focus is on getting their product to market. They understand there are going to be rules; they just need to know what they are.
S. Paish: Jill, can I just build on that?
The businesses that we work with…. There are three things. This goes, for sure, for small and medium enterprises, but it also applies to larger organizations as well: certainty, clarity, simplicity.
You know, there’s the saying: “You give a long speech when you don’t have time to write a short one.” It’s the same in how we handle some of the privacy things as well.
GDPR has some pretty clear statements and pretty clear regulations. Why on earth would a province of four million to five million people want to create its own bespoke set of regulations? I think we would send a very peculiar message to the global community as well as to our domestic businesses if we decided to create our own set of standards when a large part of the rest of the world has looked at the GDPR and said: “It might not be exactly what we need, but it’s 50 to 75 percent there.”
To Jill’s point, here are the general standards that we will accede to or adopt, and here are the three or four, not 38, things that are going to be different for British Columbia. My view is, in the context of harmony, have that Canada, so that we don’t have the British Columbia view, the Alberta view, the Quebec view and the Nova Scotia view.
R. Singh (Chair): Thank you so much.
Adam, you had some questions.
A. Olsen: Thank you, Sue and Jill, for your really informative presentations. It was important to hear more, I think, from the business side of this as we try to find a way to balance our role as protecting the public interest and ensuring that our constituents and the public have a robust set of regulations that protect their information as well as creating — as you’ve seen throughout a lot of the government’s documentation — competitiveness for our business community and for us to be able to compete with the rest of the world.
This is one that I…. It’s an interesting challenge we have in striking that balance and kind of walking it right down the middle and making sure that we recognize that the future is largely going to be trading in data. Many, many of the industries that have operated in the traditional sense are changing their business models.
The B.C. Office of the Information and Privacy Commissioner launched an investigation — I just got the press release — into Tim Hortons, which we thought was just a doughnut and coffee shop. But as I shared an article around, it is actually largely trading in data now in a very substantial way.
I think it’s important that…. From my perspective here is that there is a disconnect with the desire of the government to push towards innovation — and certainly, I’m very supportive of that — without linking this aspect of it, the PIPA aspect of it, the private sector side of it. We’re doing the review now because it’s part of the requirements of the legislation to do the review, not because it’s an economic imperative for the province of British Columbia. That we ensure that as we grow and make sure that our business community in the sector is competitive, we need to make sure that we’re also….
I think it’s really important that we hear from those — from you — who represent the industry and the sector. I think that there are opportunities, and I really appreciate the ideas. I have more statements or comments rather than questions, because I really appreciate where your presentations have led us.
I love the idea of a sandbox approach to it. It’s fascinating, because we create this legislation here, then the regulations around the legislation, and then it sits there and guides us as we go. In this situation, to Sue’s point and to the comments that have been made around the fact that a lot of data is harvested today for use tomorrow that we don’t know exists right now…. So how is it that we are going to be able to understand what innovation is just around the corner and how that’s going to impact privacy and how that’s going to impact the people in British Columbia?
Perhaps the legislative framework that we work within and the regulatory framework that we work within doesn’t work in this situation. Perhaps we do need more flexibility, to give more flexibility, so that in between reviews, we can respond quickly to the changing nature of the marketplace. One thing is created, and then there’s somebody who is working immediately to disrupt it and to make it part of the past. That is the nature of the business.
I just want to raise my hands up and thank you in gratitude for the advice and the presentations that you’ve given us. I’m particularly interested, as well, because I also got so excited about that new app that I just downloaded that I didn’t stop to think of exactly what they’re harvesting. Thankfully, I’ve got an iPhone, and you can turn location services off, generally, on that.
I think we need…. Maybe an industry hackathon could dig into this to figure out how we can do those privacy agreements in a way…. I like the idea of: as it becomes more intrusive, it continues asking you questions, so: “Do you want to use this app?” “Yes, I want to use this app.” Then as it starts to…. Maybe another question down the road.
I think there are ways the industry can help us, because I think the imperative is theirs, as well, to ensure that the consumer knows that their product is safe and not harvesting or overharvesting.
I’m going to stop talking now, but I just want to thank you for the short notice and for turning a presentation around. This was really important — balancing, I think, the importance of the public safety aspect of this as well as business competitiveness. I’m keenly interested in both.
R. Singh (Chair): Thank you so much, Adam.
Jill or Sue, do you want to comment?
S. Paish: Thanks for your comments, Adam.
The idea of a round table, if you will, with business might shed some more light and ideas. I will say that one of the things that we do in the supercluster, which is really unusual, is we put organizations around a table who wouldn’t normally sit at a table, maybe not even be in a room together at times. We put people around a table and say: “Let’s not talk about our great idea. Let’s listen to each other’s great ideas.” It’s really quite astonishing what comes out. We use this word “collaborative innovation.” It sort of rolls off the tongue as though we all know what it is.
It’s very hard to listen to organizations or individuals that have very different perspectives, yet when we’re talking about things like privacy and the protection of privacy balanced with the need to be a globally competitive and, I think, globally leading jurisdiction, it would be interesting to have round tables of some small businesses, round tables of some big businesses, of some academic institutions. Don’t necessarily put them at separate tables.
In the same room, listening to their views on the points that you’ve raised, Adam, might shed some light on some of the issues that you’ve raised and also some of the issues that Steve raised, in terms of how we can be practical while at the same time being proactive.
I think it would be unfortunate if we changed section 6, second sentence, third word in the legislation, but it would also be, I think, unfortunate if we came up with a made-in-B.C. solution for what we see in B.C. in the spring of 2021, when your material will be done. Put some different people around the table, and listen to them discuss, rather than focus on one voice or another. It’s basically how we do our business. I’ll tell you that it is incredibly enlightening.
Having been in the business community for 40 years now, I’ve never been in an environment where you put…. As an example, you want to talk about how to make the health system more resilient. Put some airline manufacturers in there, and put some satellite manufacturers in the room, and listen to them talk about this.
Why? It’s because the intense detail, the quality requirements, the speed to outcome — those are all things that they need in their industries but aren’t necessarily top of mind in our health care system all the time. You could see people’s reactions go from “Well, this is different; I haven’t heard this before” to: “Oh, maybe this does help my sector.”
It’s a thought, Adam, on how you can address some of the points you’ve raised.
A. Olsen: Just quickly, Rachna, if I may, I have a similar…. I have this experience from a different file that I’m working on.
Perhaps I’m connecting things that aren’t connected here, but we did this with the salmon file. We put a wide variety of stakeholders that have largely been at loggerheads with each other together to say: “Okay, we’ve got a common interest. Now let’s talk it through, let’s listen to each other, and let’s listen to the concerns that we each bring to the table.” It was a very, very productive conversation, and it was one, I think, where common ground was able to be found.
R. Singh: Thank you, Adam. Thank you, Sue.
Steve, you have a comment?
S. Thomson: Yeah, just one further question and, maybe, just a quick comment — either from Sue or Jill, or both — on this. One of the intersections that we’re currently seeing now between the protection of privacy and innovation is around contact tracing, particularly in response to the crisis and other potential issues — resurgence, second wave or anything like that.
Any comments on the prospective of balancing off privacy protection in that respect and being innovative and able to do quick and efficient contact tracing coming out of all of this? I see a real issue there, in terms of people being very concerned about their privacy but an imperative to need to know, from the contact-tracing side of things, in response to crises like we are currently in and that we may see more of.
J. Tipping: I’m happy to maybe take the lead on that one. I think it’s a really interesting point. All of our rights and privileges are within the context of the greater social good, right? I think the context is important. What are we trying to achieve? What battle are we facing — in the contact-tracing piece, in particular? I would say that I don’t think there needs to be a trade-off. This is where the value of the approach that Sue was bringing to Adam’s question comes in. When we become domain experts, we imagine that the way we do something is the right way.
If you remember, Henry Ford famously said: “Don’t ask the customers. They want a faster horse. They’re never going to come up with a car, because they want a faster horse. They’re used to horses.” It’s the same sort of thing. I think that there are approaches using technology — to take the de-identification of the data and the information away from the individual and later couple it back again — that enable us to do those kinds of challenges around contact tracing well whilst having nearly perfect protection of privacy. That’s the sort of approach that gives a good social outcome.
I’m a big fan of diversity and inclusion in all of its forms. For problem solving and for innovation, it’s essential. We need to bring people who are not tackling the problem today but are tackling other problems effectively into the room and brainstorm with them, and that’s where we get the super powerful innovation that Sue’s talking about. I would love to see it used more generally in public policy, but I think in this particular area, it’s going to be very, very valuable.
S. Paish: I think, just building on what Jill said, this is where informed consent is very important. So if we’re talking about contact tracing in the context of a global pandemic, where there is public good…. This isn’t about protecting your business or your particular personal interest. This is about public good. Yes, we are all participants in the public good, but informed consent.
If you want to go to the hockey game — if we’re ever able to do that again — then you consent to this element of contact tracing. If you don’t feel comfortable consenting to that, then that’s totally fine, but you’re not going to the hockey game. This is in the current context, even…. I’m referencing this in the context where understanding who we have come into contact with, from a perspective of our own personal health but in the broader perspective of public health, is important.
This is where informed consent allows each of us to make a decision. We might not like the decision because we might want to go to the hockey game without having contact tracing turned on, but that’s a decision that as a society, as a community, we are going to buy into. If you don’t want to let people know where you’ve been, then that’s fine, but you don’t go to the event or whatever it may be.
That’s where clear, crisp and informed consent is critical — back to Jill’s earlier point — not the 13-page diatribe that we sometimes click yes to.
S. Thomson: Thanks. That’s the end of it.
I’ll just make a comment that I think was referenced in some of the comments and maybe in some of the comments that Adam made as well. I really agree. While the focus of our work is privacy legislation review and PIPA review and everything, I really think it has an economic imperative to the work we’re doing here, in terms of the recommendations and things too.
We’ve got to keep that in mind as we go forward with the recommendations and not keep a narrow focus just on the legislation and PIPA and privacy. That’s the basis of our work, and it’s an important foundation that we have to do here. But we’ve got to keep that…. This work has an economic imperative on it as we craft our recommendations and things going forward.
I think I really appreciate the perspective that you’ve brought to the table today, in terms of your presentations. As I said in my opening comments, very, very informative, and something that gives us a lot of perspective and a lot of room for thought on. So thank you both for your presentations today.
R. Singh: Thank you so much, Steve.
I would like to echo his words. Thank you so much, Sue, and thank you so much, Jill, for this information. This is very, very timely information and very important for us.
Before I let you go, just one clarification. Sue, you talked about adequacy status — Canada’s adequacy status. Where do we stand? Maybe I missed it somewhere. Do we have it, or are we working towards it?
S. Paish: We have adequacy status right now under PIPEDA.
What’s unclear is whether the current provincial legislation, like PIPA, is subsumed in that adequacy status. That’s uncertain. What is clear is that the Quebec regime has failed in adequacy status.
This is exactly the kind of point that I’m raising, where it’s confusing. If you are a little company like some of the ones we work with…. Let’s say DNAstack, which is headquartered in Ontario and is building data platforms to allow global researchers to share data on the evolution of the coronavirus so that we can better predict how it’s going to evolve.
We’re building a data platform with a company headquartered in Ontario that has global reach. We’ve now got people looking at Canada and saying: “Okay. Well, federally you have adequacy status, but you’re actually a provincially regulated organization. So are you caught by that adequacy status? Probably yes because you’re in Ontario. But if you are a Quebec-based organization, how does that apply?”
That’s the kind of confusion that exists right now. If we go forward with multiple provinces each doing their own legislative review, we are at risk of the EU looking at us and saying: “Well, we don’t really know whether the B.C. legislative regime hits our standards. Maybe it does, but if a B.C. company starts doing business in Quebec, then that legislation doesn’t hit our adequacy standard.”
Let’s be clear. Canada hasn’t quite got adequacy status. That’s the risk we face if we have multiple provinces going in different directions. If there is a federal-provincial harmony that we can address…. That doesn’t necessarily mean that there’s just one piece of legislation that’s governed by Ottawa. I’m not suggesting that. That would be the easy solution, but that probably creates indigestion for many folks.
If there is a harmonious approach — so there’s one consistent approach to privacy, with details that might be bespoke to a province — then the EU is more likely to say: “Okay. Canada has a high standard. Canada reached the adequacy status. Free flow of data between EU and Canada.” That’s a lot easier for Canadian businesses then if they’ve got to navigate 13 different environments, with each province having its own approach.
R. Singh (Chair): Thank you so much, Sue. Just a follow-up on that.
In our previous presentations, listening to different stakeholders, we have heard a lot about PIPA’s compliance with GDPR. Is it the same thing that you are saying? When we are talking about…. When the EU is looking at businesses here in B. C., is that compliance the compliance with GDPR?
S. Paish: Yeah. The adequacy status comes under the whole GDPR regime. Basically, the European Union has adopted, as we know, GDPR. So you don’t have each country having its own regime.
The EU has said: “This is the regime around privacy. It’s called GDPR. To ensure a consistent approach to privacy and the sharing of data between EU nations and the rest of the world, we, the EU, are going to evaluate different nations and determine whether their privacy approach meets our standards. If we are sharing data with these nations, we know that it is properly governed and properly protected. If our data goes into that nation, we know that it’s properly governed and properly protected.”
They are looking at Canada, at this point, as a nation, which is not surprising. Big geography, small population. I’m not the expert on this point, but I think it would be highly unlikely that they would take 13 different approaches to Canada. That’s the risk we face.
R. Singh (Chair): Thank you so much, Sue.
Thank you, Adam. I know you have to leave, but thank you for being part of it.
Thank you, both of you, for taking all the time and for this great information that you have given to us. It’s very important and will really help us when we develop our report. So thank you.
Have a wonderful…. I hope we get some sunny summer days, which are simply refusing to come to B.C. this year. I hope you get some and have some relaxing time as well.
S. Paish: Thanks very much.
D. Ashton (Deputy Chair): Jill, thank you.
Thank you very much, Sue.
Other Business
R. Singh (Chair): Susan, I know we were thinking about an in-camera discussion we were planning to have.
S. Sourial (Clerk Assistant, Committees and Interparliamentary Relations): If committee members have the time, or we can schedule another time.
R. Singh (Chair): I have to quickly get into some meetings in about ten minutes. So if we want to have a quick discussion, a five-minute discussion, I’m good for it.
S. Sourial (Clerk Assistant): Sure. The first step would be to have a motion to go in camera, Madam Chair.
R. Singh (Chair): Members, I need a motion to get in camera.
D. Ashton (Deputy Chair): So moved.
Motion approved.
The committee continued in camera at 11:01 a.m.
The committee adjourned at 11:05 a.m.