Federal legislation needs further amendments to protect children’s privacy
Institute for Research on Public Policy (IRPP)
Improving public policy in Canada by generating research, providing insight and informing debate.
Bill C-27 must be flexible enough to adapt to rapidly evolving technology and foster business innovation, while safeguarding children’s rights.
While Parliament pursues the modernization of federal privacy law via Bill C-27, positive steps taken by MPs during committee hearings to address children’s privacy must continue to ensure there are no lingering blind spots.
If left unaddressed, these will leave Canada behind leading jurisdictions in the U.S. and around the world, as well as present unnecessary online risks to Canadian children.
Over the fall and winter months, the standing committee on industry and technology met 21 times and heard from 93 witnesses. Half the time, the key issue on the table was children’s privacy.
As a witness during the hearings, I saw the will of MPs to ensure that Bill C-27 includes stronger protections for minors and to align Canadian policy with other leading jurisdictions. One example was committee members from all parties agreeing during clause-by-clause review to amend it to include the term “the best interests of the child.”
However, there remain shortcomings, particularly when compared to what is being done in other countries. When legislators return from their summer break, it is imperative they make further amendments aligning C-27 with best practices around the world.
Protecting the Anxious Generation
Jonathan Haidt, an American social psychologist, argues in his highly regarded recent book, The Anxious Generation, that government and tech companies, as well as parents and educators, should “free the anxious generation” by rolling back phone-based childhood, restoring play-based childhood and reclaiming life in the real world.
In developing his call to “end the race to the bottom of the brainstem,” Haidt references the use of the term “best interests” of the child in the U.K.’s age-appropriate design code, calling it “revolutionary for asserting that companies have some moral and legal responsibility for how they treat minors.”
Specifically, the code establishes a level of fiduciary care for technology companies when it comes to minors: if a conflict arises between what is best for the platform and what is best for a user under 18, the child’s best interest must come first. This language is also included in the California kids’ code.
The California Consumer Privacy Act, the U.S. children’s online privacy protection rule (COPPA), the EU’s general data protection regulation and Quebec’s Bill 25 all establish a minimum age for consent ranging from 13 to 16.
Haidt recommends setting the “age of Internet adulthood” at 16, which is older than COPPA (13) but younger than the U.K. and California codes (18).
领英推荐
Recently, the Commons committee members passed an amendment that puts this age at 18 in Bill C-27. This will help provide clarity to technology companies, kids and parents; will help remove legal ambiguity; and align Canada with the laws elsewhere.
Age appropriate design and AI
Two issues must be addressed when the Commons committee debate continues in the fall.
First, the law must include provisions similar to the age-appropriate design codes that have been successfully implemented in the U.K., California and other U.S. states.
The global nature of online companies means that big businesses may already be following this approach. Canada should formalize it in Bill C-27 to ensure that business leaders are able to properly operationalize privacy practices
For example, the Office of the Privacy Commissioner should be mandated to develop a children’s design code with meaningful feedback from Canadian youth.
Second, the artificial intelligence components of Bill C-27 – heavily criticized and flawed in many ways – must also consider the interplay between children, privacy and artificial intelligence so that children do not become an afterthought in the process.
Lawmakers should look to the EU’s Artificial Intelligence Act, which contains key provisions covering children. For example, this might require “high-risk” systems to take special account of children and undertake detailed risk-management processes such as privacy impact assessments.
Lawmakers of the world unite
Canada needs a collaborative approach that includes lawmakers and policymakers from all levels of government, co-ordination with global privacy laws, engagement with parents and children, and co-ordination with educators.
As the committee continues to steer Bill C-27 toward its final version, the legislation should be amended so that it is flexible enough to adapt to rapidly evolving technology and to foster business innovation, while safeguarding children’s rights and needs in new ways that are appropriate for our times.