Hello, welcome to this Jurivision meeting with Canada’s Privacy Commissioner, Maître Philippe Dufresne. Good morning, Maître Dufresne.
Hello.
So you’re with us here today, and we’re going to discuss several issues and the practice, the legal practice in the field of privacy. I’m joined here today by Professor Karen Eltis, so hello Karen. Karen and I are going to ask you a few questions, Karen maybe introduce yourself for people who might not know you.
Yes, hello, it’s an honour for me to be here with you today. I’m a full professor in the civil law section of the Faculty of Law at the University of Ottawa. I specialize in privacy, cyber law more generally, and artificial intelligence. So I’m very much looking forward to our conversation, thank you again Commissioner.
So, I’ll ask the questions in French, Karen will ask them in English, and you’ll answer in the appropriate language.
But let’s start right away. Perhaps you could introduce yourself and tell us a little about your background.
Absolutely. First of all, thank you very much for the invitation, Jurivision and the Faculty, it’s a pleasure for me to be here. I have fond memories of the faculty, having studied at Fauteux for the Bar.
So, I spent a lot of time here and then I was fortunate enough later in my career to be a part-time professor here at the University where I taught international and Canadian human rights and also appellate advocacy, so it’s really nice to get back to the source. I’m here to talk to you about my role as Privacy Commissioner and a little about how I got here, and it’s interesting, I’m glad there are law students present because it’s always inspiring to see, and I still remember, sometimes it seems like yesterday that I was in class and then I wouldn’t necessarily have anticipated being in the role I’m in now, but on the other hand, the things that drove me then are still the things that drive me today. I remember being a law student and thinking about fundamental rights and the protection of individuals and vulnerable people, and the role of jurists in society; guardians of the rule of law, and the role we could play in learning about institutions, and here at the University of Ottawa we’re in the heart of Canada and the institutions of government and justice. At the time, I was inspired to see what institutions there were, how they worked, how we could protect them, how we had to protect them; you can’t take democracy and justice for granted, all that must be worked on, and how you can learn about that. I’d been lucky enough to be a parliamentary guide; that also inspired me about federal parliamentary institutions.
So, I had these interests in public law, the fundamental rights of individuals, and so I started my career in private practice in Montreal at McCarthey Tétrault and then came to Ottawa to devote myself to human rights. I became a lawyer at the Canadian Human Rights Commission and then stayed there for some fifteen years in progressively more senior roles in the sense that I ultimately had management responsibilities. I was responsible for investigations, mediation and all that, as well as privacy. And in that context, I really had the chance to plead several times before Canadian courts, including 15 times before the Supreme Court of Canada, in very important cases that again were in line with my values; cases on pay equity, Bell Canada and Canada Post, where there were allegations that wages were different for work of equal value between the sexes, cases on parliamentary privilege, cases on the balance between human rights and national security, cases on accommodating people with disabilities in the context of transportation, on trains – issues that really for me raised the question of how we can protect fundamental rights while at the same time protecting the public interest and protecting a strong economy and all that.
These are themes still very relevant today, in my role as Commissioner. And I spent a year at Foreign Affairs working on international criminal tribunals: the Criminal Court, the Rwanda tribunals, Sierra Leon, once again issues of protecting vulnerable people and defending institutions. So, this aspect of international diplomacy is relevant to my role today as Commissioner, because there’s a huge international network of Commissioners around the world, we work very closely, including with the G7, the Francophonie and so on, so these are things I bring to my career.
And finally I became what’s called the Law Clerk of the House of Commons for 7 years until my appointment 2 years ago, and the role of Law Clerk of the House of Commons is a role that’s not very well known, but it’s essentially the Department of Justice for the legislature, so everything the federal Department of Justice does for the government, that is to draft bills, give legal opinions, plead in court, well I did that with my office for the legislature, for the House of Commons, for the Speaker of the House of Commons. So it’s a very interesting role that gave me a good understanding of parliamentary committees, the role of MPs, the role of debate, the role of how a bill becomes a law and then how it can be changed along the way at the front again when I became Commissioner at a time when there are debates on amendments to the law, modernization of the law, and well, all that is very useful. So I mention all this to say that, in the end, I didn’t have a career plan saying I wanted to be Privacy Commissioner one day, but I had values and I had priorities and I said to myself, I want to work towards such and such a life, I want to work in such and such a field, then I made choices and with each choice, it was in line with those values and led to other things, so if there’s one piece of advice I can give you, it’s to listen to your values, listen to your passion because not only will you love your work more but you’ll go on to be better at it.
Thank you for your response and yes, you’ve had an interesting career and you’ve also had the opportunity to visit some very interesting institutions, which we’ll be talking about again. So…
Yes, so you talked about your background which is very interesting, but more specifically I’m curious what brought you to privacy law and what sparked your interest in privacy law and maybe what is your favorite part of working in this area?
Right. Well, thank you so much. It’s interesting when I, when I look back, even in my personal life, I realized that I was always attuned to questions of privacy early on when, people were asking for information about me as a customer. “When is your birthday?” I had a reaction: why do you need to know my birthday? I just, I just want to buy this or just seeing how individuals’ reputations or information would become known and technology and all that. So, I had on a personal level always, a keen interest in in that aspect. Professionally at the Human Rights Commission, I was dealing with fundamental rights, privacy is one of them and so dealing with: how do we protect individual’s vis-a-vis the state, vis-à-vis the civil actors and corporations and so on. So privacy as an element of, individual freedom making, making the choices you want to make and not having everyone know about them necessarily and it’s not that you have something to hide, but is that you want to be able to live your choices, so it was always a common theme, whether it was International Criminal tribunals and the role of international declarations and providing protecting rights such as privacy and at the House of Commons being very active looking at how do we support parliamentarians, giving them access to the information they need, but protecting the privacy of Canadians during that.
So, what I love about the role that I have now is Privacy Commissioner, is that I can protect and promote something that is near and dear to my heart: privacy as a fundamental right. But I also do this bearing in mind the public interest, bearing in mind the need for Canada to have a strong economy, so making sure that we have this, this coexistence, that we’re not forcing individuals to say, well, you can either have your privacy or you can have efficiency, or you can have technology and all that. So, so that role and those challenging issues and the fact that we’re in a time with privacy where a lot is changing, there’s questions about new laws for all grappling with technology and artificial intelligence. So, we need to look at our laws and understand that, and we need to learn about technology, and we need to learn about the context. We also need to learn about international relations, because privacy, and this is something that I find particularly true in the privacy field, data crosses borders all the time and this is something that when I was in the equality right side of Human Rights Commission, the need for the international exchange in partnership was there, but not to the same extent as it is for privacy, because for privacy you could protect human rights in Canada, do it well, and whatever others were doing, it may not so directly impact what you’re doing in Canada, but for privacy that’s not the case, so that that collaboration – hugely important.
Great, so let’s talk a little more about your role as Privacy Commissioner of Canada. So, could you tell us a bit about your mandate, there’s probably a federal/provincial aspect as well, so maybe tell us a bit about your mandate as Commissioner?
Exactly. So, the role of commissioner has several hats, and in the case of the Privacy Commissioner, there are several laws as well, and several areas. There are a lot of different elements, one of which is privacy protection. And that means managing, administering and rendering decisions in the context of a complaint process. It’s a role that could be described as an Ombudsman role, but I’d also say a bit more of a decision-making role, which resembles a judge’s role in the sense that you receive a complaint, you receive submissions, you decide at the end of the day.
So there’s that aspect, administrative law, managing investigations, procedural fairness, all that. There’s also a communications role. My mandate is to promote privacy, the protection of privacy – to communicate, to establish guidelines, to establish principles, to provide advice to the government, to the industry, to provide advice to parliamentarians when they review legislation, not just privacy legislation, but other legislation, I’m regularly in parliamentary committee giving advice. For example, when new legislation is introduced, new cybersecurity measures are proposed. So, does this have an impact on privacy? If yes, there is. I’ll raise it then.
You mentioned the federal/provincial aspect, so in fact, my mandate comes from two federal laws, the Privacy Act, which manages privacy in the public context, i.e. government and public institutions, and the Personal Information Protection and Electronic Documents Act in the private sector, which regulates private companies. This is a unique aspect of privacy. This is another distinction from my former world of equality and non-discrimination, where, in the context of equality, each province has its own commission, and the federal commission’s mandate is really limited to everything federal, i.e. the federal government and institutions and companies under federal jurisdiction. Whereas in the area of privacy, the law that regulates private industries, it’s passed under the trade power, and so the federal government has jurisdiction over the whole country to, unless the provinces have passed laws that are equivalent then, which means that, right now, I’m going to have jurisdiction over all the provinces, except Alberta, Quebec and British Columbia, who have passed laws specific to their province. So, for what’s in those provinces, it’s the provincial commissioners who will have jurisdiction, but for everything outside the provinces, and for everything in the other provinces, it’ll be me. So there are a lot of exchanges with the other privacy commissioners, again, joint investigations, joint declarations. So this cooperation is extremely important and extremely rich.
Wonderful. You spoke about the Commissioner’s role in great detail, I’m wondering if you can tell us a little bit about the OPC, the team, the people you work with, the mandate, all that.
Absolutely, I have such an amazing team at the OPC, we have about 210 employees, team members in the OPC and we have a number of sectors, so we have a sector on compliance that’s going to be responsible for receiving complaints, receiving notifications of privacy breaches, dealing with those things at the front end, trying to find resolution in concrete situations both in the public sector and in the private sector. So that’s the compliance branch and a branch that also has a lot of exchanges internationally with its counterparts because the international collaboration in investigations is essential. I mentioned joint investigations with our provincial and territorial counterparts, but we also do that with international counterparts on issues that are worldwide, and so that’s the compliance branch. We have a policy and promotion branch that’s responsible for the policy, the promotion, so the guidance, the non-binding, the non-complaints based work where we coordinate our international relationships, the issuance of guidance.
A big part of our work is not only to deal with problems after the fact but prevent them and say to industry and say to government: This is what you should do. What I, what I love the most is not to say, oh, gotcha, are you, you’re in trouble, but rather to say avoid, avoid the trouble, and get it right in the first place. So that’s our policy promotion branch includes our communication work. We have a legal sector, very important work there, of course, we’re doing work under legislation, but we’re also applying, interpreting legislation and with the proposed bill in Parliament, Bill C-27, there’s proposal for increased powers and an increased process, that is going to be more formal. So a big role for the team and corporate sector. That’s really the backbone of everything else, making sure that we have the right tools. That we have the right people, that we have the right contracting and finance and technology, technology which is of course more and more important and relevant to this space because technology has brought so many benefits, but also risks, and in particular risks to privacy.
So, speaking of the work your teams do. So, what are the main challenges facing your… what are the main challenges facing your team, your team members, whether it’s legal or complaints? Or in any case, the teams working with you right now.
Well, I’d say that, at a very high level, I want to make sure that we can deliver maximum protection and promotion of privacy for Canadians. And that’s a big challenge. You’ve probably seen it. Almost every day I’d say, I guess I could say every day, there’s news, we hear about privacy, whether it’s issues of accidental disclosure or cyber attacks or data use. So with the technology that’s increasing with these communications, with the fact that we’re still seeing uses for data in decision-making, it’s a phenomenon that’s daily still in my former life and I used to see media articles maybe every two, three months on my domain, now it’s every day two, three times a day. So what are we doing to stay on top of it? We’ve just issued a strategic plan that identifies three sectors of activity.
Firstly, optimizing everything we do to protect and promote privacy means reviewing our processes and partnerships. How can we communicate more? How can we listen more? How can we be more proactive internationally and nationally? How can we anticipate legislative changes, or the lack of them? We don’t know what’s going to happen in Parliament with certain bills. So we have to be ready for any eventuality. If there’s a new law, we have to be ready to jump on it, to have processes in place if there aren’t any. We continue to use the tools we have to maximize protection for Canadians. That’s one.
Secondly, protecting people’s privacy was identified as a major challenge. Why is that? Because young people are like everyone else, solicited and then confronted with new technology, social media, the Internet, all that, it’s part of our lives. It wasn’t part of my life when I was growing up, but it’s part of young people’s lives now. So it brings benefits, but it also brings risks, privacy risks, the fact that we’re asking young people for personal information and we can use that information afterwards, including sometimes to make decisions or to hold them accountable later on for jobs or whatever. And that’s what I said recently in Parliament: we have to protect young people in law, we have to recognize the best interests of children, we have to allow young people to be people. If we treat young people as adults, if we hold them to a level of adult accountability – because here’s what you did online and then we keep it forever, then we use, it well there’s no childhood at that point, then that’s been one of my concerns from the start. Understanding young people, equipping them, also parents so that parents, grandparents know a little, we have to be careful before putting all this information about our children online like this, but also the industry, and then we issued guidelines to the industry saying we have to be careful, we have to put privacy protections by default. We must avoid manipulating people with psychological techniques, encouraging them to disclose more than they should, so that’s a big part of our attitude. It also manifests itself concretely in complaints. I initiated a complaint against TikTok about a year ago. The investigation is ongoing. It will be completed in the next few months. But among other things, we’re looking at TikTok’s practices in relation to young people, in relation to consent, in relation to the protection of young people.
And finally, the third aspect of our strategic priorities is technology: keeping abreast of it, ensuring that our laws, processes and institutions are capable of coping with this lightning innovation, the technology that we ourselves are capable of using, but in a responsible, ethical way. So, once again, we’re going to use the laws we have. I’ve initiated a complaint against Open AI and ChatGPT to check whether they comply with Personal Information Protection and Electronic Documents Act, our current law. I’ve made recommendations to Parliament to modernize the law so that it’s better equipped to deal with this. And we’ve also issued international principles on artificial intelligence, and on the whole issue of what’s known as “data scrapping”, i.e. going onto sites and taking information. So that’s them, those are the fields of activity. There’s a lot to do. The international aspect is always present, and with my G7 colleagues, we meet every year to discuss these issues, as well as the question of data transfer between States. This will continue to be an important issue.
Just a small question of clarification, when you say I initiated a complaint, you initiated a complaint in what instance? What kind of instance are we talking about?
In fact, I’ve initiated proceedings myself at the commission, I’m going to investigate and then I’m going to decide following that investigation, so the law allows either for individuals to file complaints with me, at which point we’ll investigate and make a decision. But I can also initiate these complaints or investigations, and that doesn’t mean that I’ve decided in advance that the complaint will be upheld. It simply means that, under the law, I have grounds for initiating it. And these grounds can come from all sorts of things, from what we see in the environment, from what we see as development. And then it’s a tool that allows us to go back to Canadians and say, well, either there’s been a violation and here’s what should be done to correct it, or there isn’t, but you’re reassured that it’s been verified, and I think that’s part of what we owe Canadians, so that it’s not on their shoulders to do this research and verification.
Thank you, earlier in the conversation you mentioned jurisdiction and jurisdictional issues and my if students are here, I talk about the borderless nature of cyber law ad nauseam – the international aspects but also of course within the federation, I’m wondering if you can say a bit about the role of provincial regulators and how they fit into this tapestry.
Absolutely. And so, we have federal, provincial, territorial commissioners. We have very close relationships together. I have jurisdiction over the country as a whole, except in provinces that have adopted substantially similar legislation. I mentioned Quebec, Alberta, BC, but even in those provinces if data crosses borders, then those aspects would fall under my jurisdiction. So, so what we do to deal with this, to deal with this jurisdictional issue and sometimes I suppose gray areas is we work together, we work together to issue guidance together. We’ve issued a resolution on protecting children’s privacy, we issued resolution on digital identification, setting out our expectations, we issue a resolution on ethical and responsible use of AI, saying based on our collective legal principles here some of the things that we want to see. We issued one on employee privacy and very relevant in the context of return to the workplace. And what kind of monitoring can you do? What are the things that you need to bear in mind? So that’s on them the promotion aspect, but even on compliant. So, we, we will do some joint investigations on cases, we did one with respect to Tim Horton’s a few years ago, which found that the app was taking too much information then was necessary and more than what was consented to.
So, there were joint recommendations there that were made in that context. The current investigation on TikTok, the current investigation on Open AI, these are joint investigations. And so, we’re working together. We feel that this is better for Canadians, that it’s better for industry as well. Because then the organization just respond to once to those regulators. We can do that as well internationally. And I think this is a theme that we find in the privacy world: working together sometimes takes longer, but we go further and so, so we’re going to continue that.
Excellent, thank you.
So we have a group of students here with us from the University of Ottawa’s Faculty of Law, and we’re going to get into the chapter of employment opportunities in the field of privacy protection in Canada, perhaps starting with your organization for students who are going to finish their bachelor’s degree, eventually take the bar, maybe even become notaries – are there any employment opportunities with you, and if so, what are they?
Yes, that’s right. And it’s interesting because I remember when I was at university, we used to say, there are so many job prospects for lawyers, whether in the pure legal field, but even if you go outside the legal field. Then you go into other areas like management, leadership, technology. I think there are a lot of job prospects in this field. At my organization, we have a legal department, so that’s the classic legal work where lawyers can give legal advice, make representations, draft solutions, all that. So, all that exists. But even in the field of policy, complaints, compliance, and integrated management, lawyers can make a career, bringing their legal knowledge to leadership roles. We see it in the Commission, we see it in government in general in the civil service. There are many directors, directors-general and assistant deputy ministers who are lawyers. They didn’t necessarily have a legal role at the time, but this knowledge always helps them. So that’s for the Commission. But there are plenty of opportunities beyond the police station too.
And so just a clarification, so working in the legal department – first of all, how many of you are there? A big department? Does it have internships, internship opportunities for students, do you offer the possibility of bar internships or is it more afterwards when people have their bar who may be interested in the…
We have a legal department, about twenty people more or less. And we hire interns or lawyers sometimes. It’s not as regular as some of the larger organizations. But I’d encourage students to contact us if you’re interested in privacy. We also have lawyers or students on a part-time basis. So, I’d say proactively contact us if you’re interested.
Thank you, and I always tell me students this is the time to be interested in cyber law and privacy law. I wonder if you could elaborate a bit, outside the OPC, what kind of what sort of opportunities you see for students, law students in privacy law?
Certainly, and it’s interesting because I’ve been very fortunate in my career where I’ve been able to be a jurist and have fascinating experiences as a jurist, but also to become a senior leader, and now I’m essentially the CEO of my organization, and employer, I am a decision maker. And so, the role, the legal background and knowledge helps me in all of those things. But the privacy legal background, I would say goes even further. And I was recently very happy to see in surveys about what should you do if you want to become a CEO. I think the article was “So you want to become a CEO, what you should do?” And there was the typical things: learn about leadership, learn about negotiation, if you want to be in private sector, perhaps learn about the business trends and so on. But it also said now, learn about privacy and be conversant in privacy and cyber. And now I would argue probably the need to update that to say AI and these types of things. So, these are skills and knowledge that are useful and sought after at the highest level.
And this is in the private sector and in the public sector. I’ve had discussions with senior leaders, both private and public, who have said to me almost everything that we do has a potential impact, if not an actual impact on personal information. And so the reality is omnipresent. The role of my office is accordingly very important. But everywhere in industry, everywhere in government, there is a role for privacy experts, privacy champions, and it’s a role that I absolutely value. In fact, one of the first things I said to the industry representatives and the public sector chief privacy officers and VPs in the field, and also the head legal counsel on privacy. I said to them that I saw them, and I still see them as privacy champions, privacy ambassadors.
So, it’s not only from the outside, it’s not only within the regulator that you can promote privacy. You can promote privacy and protect privacy from the inside. And there’s a different type of influence, and it’s an important influence if you’re on the inside and you’re able to tell your client or your organization: I’m committed, I know what we need to achieve here, but we can achieve it with privacy and we should achieve it with privacy and that’s when I was appointed privacy commissioner, the first thing I said to the to the Senate and the House, who had to confirm me, I shared with them by the three pillars of my vision for privacy. And they’re still the same. And there was one: privacy is a fundamental right. We have to treat it as such. We have to recognize as such, and I’m very happy to see that my recommendation in this respect has been adopted by the committee studying C-27 that is going to be adding that specific reference to them to the law. The second element was that privacy supports the public interest and innovation and Canada’s competitiveness. And the third was that protecting privacy generates trust and generates Canadians trust in their institutions, public institutions. So, I think that’s always been near and dear to my heart. And also, their trust in in the market and in the economy and participating in that. So, so those things are fundamentally important. And as internal privacy changes organization, that message is very important that you don’t have to choose between. Privacy is not an obstacle. Privacy will actually help you. And I’ve heard this in so many spheres. So it’s not a zero sum game, it’s not a trade off.
So, you’ve talked a little bit about the importance of legal work in the private sector for the protection of personal information and privacy, but maybe you’re talking about certain roles from the point of view of future employment for the students who are here with us, what kind of character, what kind of character do you have to deal with in private industry? Then who are the people who have a responsibility, who are committed to privacy.
In fact, there’s the traditional role where someone can become a lawyer in a law firm, then become the expert for the sector, there are big law firms, big law firms have their privacy sector and again with artificial intelligence it’s either going to join that sector or become a related branch, but there’s a lot of work on that. Then when we see the new laws, the new requirements and all this interoperability between jurisdictions, not only in Canada, but internationally, then practitioners need to understand federal law, provincial law, in Quebec, Alberta, British Columbia, but also Europe, GDPR, the United States, which is starting to move a little more with a national privacy bill, but also many jurisdictions in the States, the role of the FTC. So, it’s all law, its commercial law, its international law, so it’s extremely interesting. And within the organizations themselves, there’s the role of chief privacy officer, and this is evolving, and this is often someone, who will be a lawyer and who will be the person internally, that is responsible for managing and complying with obligations. It’s a role that’s important and difficult because they must understand the obligations but also ensure their organization can deliver the goods. Ultimately, it’s a bit like internal corporate litigation.
I’ve experienced it, you’ve experienced it too. It’s a big challenge because it’s easier to be in private practice in your law firm, giving advice and then being very detached from the client. But when you’re working with the client, you do it while respecting your ethical obligations, but you also must do it in such a way that you are perceived as being a member of the team. So, these are big challenges, and these roles are also evolving with the issue of technology and artificial intelligence, even sometimes the name of the title is going to change, Chief privacy and ethics officer, we’re talking about ethical concepts now. What I find very positive about privacy is that it’s not just a coldly regulatory aspect, it’s fundamental for the treatment of people. And artificial intelligence, I think, also raises a lot of questions about this. So, whether it’s traditional, legal, whether it’s privacy leadership, and as I mentioned, whatever the role, leadership roles, you’re going to get advice on these issues, it’s complex and if you have knowledge of the field, it’s going to be beneficial.
Certainly, and we are seeing the emergence of obligations to appoint artificial intelligence officers. You’ve given us so much and such a rich view of what young lawyers can do in privacy. I’m wondering if you have any additional guidance of what future lawyers, so current students might do to get involved in privacy.
Sure. Well, I think stay, stay open minded and stay curious. I remember when I was sworn into the Quebec bar the batonnier made a speech at the time, and I won’t tell you what year that was, but the speech was to the effect that technology was going to be more and more important. And I remember sitting there thinking, well, why is he talking to us about technology? This is this is a law class, and we just finished this very traditional degree. But he was absolutely right. And it’s been accelerating even more.
So this openness to learning about new things, technology, but not just technology itself, but also everything that comes with that, psychology, learning about psychology. A lot of what we see in the privacy world is about nudging techniques, deceptive patterns. So understanding how psychology works. How can we be influenced? I have found this to be hugely useful for me when I look at patterns. And I said, well this is problematic. You know why it’s problematic? Because you’re using psychological knowledge to influence me and making a choice that’s not a good choice for me, so stop doing that.
So knowing those tools is helpful. Having an open mind about other areas of the law is also beneficial, it is also good time to encourage law students that way, because even in our world of privacy, which is so broad, we work more and more with other regulators. Last year with the Competition Bureau and the CRTC Chair, we created Canadian Digital Regulators forum, so it’s a forum bringing together the key digital space regulators. Because we recognize that there’s some aspects, which is not going to be just a privacy aspect, it’s not going to be just a competition aspect, it’s not going to be just a broadcasting aspect. And more, more so there’s even a risk that one is pitted against the other. So we didn’t want that, I didn’t want anybody to say: well protecting privacy is going to harm competition in Canada or is going to harm broadcasting policy in Canada. So, we said no, these are our tradeoffs, but we need to work together so that we’re informed. And artificial intelligence is a perfect example there because it touches privacy, competition, copyright. The Copyright Board has reached out to us and now is an observer in that body. I’m I’m going to be the chair of the forum this year looking forward to working even more closely with my colleagues, we’re working internationally. So beyond privacy, huge aspects, so that capacity to say, well, I’m understanding this field, but I’m also able to grapple with these concepts. And that makes you not only a better lawyer, but a better decision maker and an arguably a better citizen. So, and this is something that we’re going to have to grapple with as a society.
I think you’ve given us a good overview of all the organizations that are, that oversee, if you like, a bit of the digital world we live in, and then there are still other job opportunities for someone interested in the question of artificial intelligence or the broader question of law in the digital world. So, before we move on to the issues at stake, the more specific issues, do you have any final big tips for these students who are with us in terms of their background and their interest in AI-related issues. And it’s particular because we have students who are interested in AI as part of this course here but issues in the digital world in general.
But I think that being well-informed, having a good grasp of the law, having a good grasp of the environment in which we operate, I think that these have always been assets for lawyers. We don’t give legal advice in a vacuum, so we have to ask ourselves, what is the impact of my advice? Whether you’re in private practice or in-house, when clients receive an opinion, if the opinion is so theoretical that you get the impression that the lawyer is protecting himself, not protecting us as decision-makers, or that the lawyer doesn’t really have in mind the very real pressures that the organization has, the legal advice is less useful.
So I think it’s important to develop this aspect, to say that we have a solid command of the law, but we’re also pragmatic, we’re practical, we understand the implications, we understand the realities. So it’s that curiosity, that open mind. Then, when you choose a field of law. In my opinion, you should choose because you’re interested in the field, the industry or the environment. Let me give you an example, I was interested in fundamental rights, I was interested in public law, institutions. So I read up on how our institutions work. If I had an issue that affected such and such an industry, well, to know that industry. And when it comes to privacy, you have to understand the technology, you have to understand the overlap between sectors. We haven’t talked so much about privacy breaches and cybersecurity, so these are other partnership opportunities. Another recent area of interest is democracy. I made a statement at the end of last year on privacy as a fundamental right, but also as a support for other fundamental rights, notably democratic rights. So we’re seeing this, we’re having discussions right now about political parties. What should their privacy obligations be? At the moment, in Canada, they are much less than for private companies, much less than for the government. That’s something to think about, and there’s a bill before Parliament on the subject, as well as debates in the provinces. So we can see that privacy, really, affects all aspects. So my advice would be to keep an open mind, and be informed. It’s a good time to take an interest in privacy, because the field is really booming.
And that’s the perfect segue into our next topic, which is hot issues. And I think you’ve really set the table perfectly for the following question which is, what would you say are the more pressing or challenging issues for Canadians today in privacy law but also beyond the all the related matters that you’ve mentioned.
Right. Well, I think that the pressing issues for Canadians is that we’re living in a world that’s more and more complex, more and more interconnected. Technology is bringing great innovation and great supports, but it’s also raising risks and challenges. The OECD published a report on AI last year where they talked about at the top… they were, they were pulling the G7 ministers about the top benefits and the top risks of AI. Top benefits that were talked about productivity they were talking about communication, innovation. But in terms of risks, they were talking about disinformation, deepfakes, copyright breaches, privacy breaches.
So, we see this, this tension that is this real or potential tension between usefulness and an impact. And so, this is really part of what we are grappling with, is making sure that our laws are updated. So, we’re spending a lot of time advising parliamentarians on modernizing the privacy law for the private sector. I then want to see modernization of public sector privacy law, we need to make sure that those two are up to date and we, that those two are working together because we’re seeing more and more the government subcontract or contract to private sector companies, those public private partnerships. This is a good thing, but it raises questions when, like Canada, you have different legal standards between private sector and public sector. So, a lot of our work has been in this space making sure that when the government is using companies that it’s accountable for what’s happening, it’s accountable for the company’s compliance with their legal obligation.
And indeed, this year the Supreme Court of Canada issued a decision and King v. Bykovets where the court reiterated the importance of privacy, found that IP addresses and this type gave rise to a reasonable expectation of privacy, RCMP would need to warrants for that, but really made a strong statement about how privacy is so linked to our freedom as citizens and is indeed essential to a free and democratic society. Of course, things that I’ve been saying and absolutely agree with, but also talked about how the fact that Canadians not only are entitled to their privacy, but they don’t have to stay away from the Internet to have their privacy. They’re entitled to participate in this new digital marketplace. Which is replaced the old marketplace, you know, one of the first articles on privacy 1890, an article about the right to privacy by Warren and Brandeis and they were talking about how do you fit privacy under the legal regime, and it’s not quite defamation, that its not quite property is not quite tort. And they described it as the right to be to be left alone. But one of the examples they gave, which I found fascinating says, well, the rock collector is entitled to get the rocks delivered to their, their house in the village and not have the whole village know what rocks they’re buying and that if we can see now with technology very real issue.
We’re seeing lots of questions where privacy comes up in the context of other legal regimes. I mentioned electoral rights, political parties, I can mention broadcasting rights where we had C-11 that was going to require streamers to promote Canadian content and so that gave rise to privacy questions. We have cyber security measures that would require organizations to communicate information to the government. In the last budget, we had discussions about banking and preventing money laundering. And so, these aspects raise privacy issues. Online harms, a big issue: how do you protect children? How do you make sure that the content that children have access to doesn’t harm them? That raises question of age verification. And does that harm privacy or does that help privacy?
So, there’s a real need to work in these areas so that we can make sure that it’s not a the expense of another and we can see how much privacy law even our old laws have to offer in solving new problems. So, I’ve mentioned privacy law exists and it’s going to be applied to AI, but even in the context of. Cyber security, which we’re seeing more and more, we’re seeing something, call it even cyber warfare. Privacy principles talk about safeguarding the information that you have talked about retaining it no longer than you need it. These things are absolutely relevant and useful in dealing with cyber-attacks because if you have good safeguards, you’re better off protecting it against a cyber-attack. If you have good retention policies, you have less information that’s susceptible to attacks. So, using those those laws to tackle new problems. I issued a decision this year about Halo, formerly MindGeek, the owner of the Pornhub website, and we found that in cases of revenge porn or what I like to call image-based abuse, current privacy laws provides protection, it provides obligations to those platforms. Making sure that they don’t post online, intimate images without the consent of everyone directly who is on those those images. And so that’s something that there’s new proposed legislation in the House of Commons on online harms which specifically tackle that, and that is a positive step, but, there are already laws that are there and that help and my job is going to be to apply them and we’re going to do that.
And in the last, in the last months, in the last year and a half, we’ve been hearing a lot about AI, and it’s crept into people’s daily lives, so the course they’re taking today specifically looks at AI. So what are the major privacy issues facing Canadians today, in this context where AI is taking on more and more importance and is always present in one form or another, but today it’s even more obvious. So, what are the very practical concerns there that Canadians need to keep in mind when dealing with systems that are ubiquitous, now with artificial intelligence.
Well, what we’re seeing with artificial intelligence is, and I invite people to look at our statement on this, we’ve made, I’ve made several statements on artificial intelligence. The first was with my G7 colleagues, where we reiterated the fact that current laws apply to artificial intelligence. So there’s no legal vacuum. There are several proposals for new laws in Canada, and Europe has just adopted some. But in the meantime, there are already laws: privacy, human rights, all that, it applies. The challenge of artificial intelligence is that it’s built on the basis of information, sometimes personal information, and this generates subsequent decisions. So what we look at in our analyses and surveys is whether this information is processed in compliance with the law. Is consent obtained in the right way? Are the principles for handling this information appropriate?
So I’d say it’s both in the construction of the intelligence itself, but also in the use, so what comes out of it. And then we can see all sorts of concerns, including looking in the media at issues of false identity, manipulation or taking on someone’s voice and then, consciously or unconsciously. And then there’s the representation of someone else’s personal information without their consent. So there are a lot of questions about that. And my role, and the role of my colleagues internationally, and in Canada, is going to be to continue to put forward the principles and our expectations in relation to this. And if need be, to use the law in the context of an investigation.
Because it’s not, it’s a little bit, if I may say so, it’s a little bit the, it’s a problem that’s broader than, obviously the protection of privacy, it concerns some of the other agencies and lots of other regulators and other laws there obviously. So you’re a portion because there’s generative, is extremely complex. Firstly, undoubtedly in the quality…
Exactly. And that’s one of the reasons we created the Digital Regulators Forum, to say, it’s not just a question of privacy, but of copyright, it’s a question of competition law, but of human rights. The federal bill on artificial intelligence, which is part of the modernization of the Privacy Act, proposes to give the Minister of Industry a coordinating role in all matters relating to artificial intelligence. In particular, they’re talking about decisions that could be tainted by bias and discrimination, and all that. So, these are things where human rights commissions have a certain role to play, privacy has a role to play, and the State has a role to play. And that’s the challenge of our times now, to make sure that we regulate things properly without preventing innovation. And then we gave, we gave the example of, cars, then the invention of cars so that we could make cars that go very fast, we had to invent brakes. So, the brakes, it’s the regulations, it’s the beacon, they don’t prevent innovation, they enable it and that’s what we’re going to continue to do in the context of AI and who knows, with other technologies that will continue.
I think you made a crucial point about the fact that we do have laws, many laws of all sorts that are relevant, very often people seem to think we’re in a legal void, but but we’re not. And that said, I’m wondering if you could none the less mention a few of the challenges that you see in terms of enforcement of the current framework and maybe specifically given your role.
Sure. Well, an obvious one is that a big difference between the law in Canada federally and internationally is that I do not have order making powers vis-a-vis companies. So, I can make recommendations, and those recommendations are quite impactful. Organizations, certainly organizations in Canada, they pay attention to these recommendations. They don’t want to have negative findings and that there’s a reputational harm in that for sure. I issued a decision in a case involving Home Depot when Home Depot was offering an e-mail receipt or a printed receipt and if you chose the e-mail receipt it would share your info with Facebook without your knowledge or consent. So, I found that that was a breach of the law and I recommended that they either stop using that tool or that they provide an explicit opt in consent of Canadians and the organization agreed and stopped using it.
So, the recommendation power is important, but there will be some cases where an organization will not agree. And my recent decision vis-a-vis MindGeek, Pornhub, the organization did not agree with my recommendation. I’m hoping they will reconsider, but so far, they have not agreed. And so that’s that’s a gap with not having this order making powers. Also, there is no possibilities for the issuance of fines under the Canadian legislation other than in Quebec. And that’s also an issue because organizations have such incredibly high financial incentives, in some cases, to use data, to use personal information that, without the risk of a fine at the end of the day, it becomes even more difficult for people on the inside of those organizations to convince decision makers to do the right thing. And so, I wanted the ability to issue orders and to have fines, not because I want to use those tools but because just the existence of those tools will focus the mind of decision makers and in those cases where they’re necessary, they’ll be there, they’ll be used. So those are examples.
Other aspects in terms of AI, Canadians don’t often understand really how that works, how are these decisions made? Was there a human involved or was it all technology? So I’ve recommended that there be in modernized legislation, the right to an explanation: algorithmic transparency. There is a proposal for that in the bill, I’ve recommended it go further and it’d be available in all cases for Canadians, at least for now, given that there’s uncertainty about AI. Privacy impact assessment, proactive requirement for organizations to do an assessment to identify the privacy risks, to put forward mitigation measures to limit those risks. That should be a legal requirement. It’s not. For the public sector, organizations have to do that under Treasury Board policy, but it’s just a policy. I want it to be in the law again so that this be done and that this be done before measures are put in place, not after. So those are some of the AI specific improvements that we want to see and there are a number of them. In the in C-27 talking about organizations developing privacy management programs and so on, we need to continue to work on on data transfers between jurisdictions and also I’ve recommended that I be able to cooperate more fully with other regulators. One of the particularities now is that I can do a joint investigation with the Federal Trade Commission in the US, and we have, but I could not do a joint investigation with the Competition Bureau in Canada because the law only allows me to cooperate on policy and guidance matters. So that’s an example of where we can, we can improve our legal regime.
So thank you. So, before moving on to questions from the students, I’d just like you to tell us a little bit about the efforts you’re making, but which can be made in general by various institutions to promote or at least raise public awareness of these issues we’ve been discussing today.
But thank you, in fact, we’re actually doing it now. So I really appreciate what… the platform you’re giving me, and this… the fact of conveying, and presenting this, I think you must look for opportunities everywhere. The University of Ottawa is one of them, whether it’s a privacy center or a cyberlaw center, or any of those things. And that’s part of what we’re going to try to do at our office too, by working with youth groups, industry, government, civil society and universities. We need to communicate and popularize this. We’re in a very technical field, the law is technical, and so is technology. And I think we need to try and explain it in a simple way so that people understand one of the challenges we see in the field. Then people talked about fatigue, consent or exhaustion. The clauses are very complex, even for lawyers, and sometimes we make the choices difficult. Personally, I’d like to see consent for banners, cookies and all that, for consent cookies, to offer the choice of rejecting everything from the outset. Right now, we offer the choice to accept everything from the start, and then it takes two or three clicks to go and get the other choices.
I think we need to popularize this, give concrete examples, say “Look, you’re putting pictures of your kids up there without really knowing what the site’s parameters are. Well, the photo will be taken, it will be taken by good or bad participants.”
We issued a statement with international colleagues on the issue of what we call in English, “data scraping”, fetching images from the web without consent. In this statement, we set out our expectations of social media companies, saying: “You must treat this with caution, you must protect this information”. In some cases, this can be an invasion of privacy. And we also gave advice to citizens. But we said it’s not up to citizens to protect themselves in the first place, it’s, we’re not delegating this obligation to citizens because too often I find that in society, tasks are delegated to us, everyone’s busy, everyone’s got limited time, so people need to be a little more informed about techniques and all that. But we mustn’t take responsibility away from industry or governments.
Well thank you, thank you for answering the questions, myself and Professor Eltis. Thank you. So now we’re going to move on to the stage where we’ve asked the students to prepare questions. So what we’re going to do is I’m actually going to give my “hot seat” to a student who’s interested in asking you a question, we’re going to bring the, a little microphone here. So if you’re interested, just raise your hand and you can come and chat with the Commissioner here. So let’s get started. That takes my microphone.
So a student interested in asking the first question, don’t hesitate, break… come… get up, come here in front, don’t be shy. Ah yes, come, come, come, come. So I’ll ask you to introduce yourself, maybe say what stage you’re at in school and then ask the question… and in the language of your choice.
So hello my name is Rebecca Berchand, I’m a PDC student, 2nd year. You mentioned the Tiktok app so I just wanted to ask, do you think in the future there’s a possibility that this app like, would be cancelled under the influence of even like, in America, I’ve heard like several things in relation to that, then I just wanted to, I was just curious…
Well, it’s, of course, being developed in the U.S., it’s being debated. In Canada, the government has decided to ban it from government platforms, government tools, because of national security concerns. So that’s going on. For my part, I’m currently investigating the privacy aspects. Does it sufficiently protect the information of Canadians, does it sufficiently protect the information of young people? And does it comply with the law? And I intend to complete this investigation shortly and make our conclusions public at that time. Then we’ll see. But you’re right to say that there’s a lot of discussion going on about these issues, with regards to matters of privacy but also in matters of security.
Then do you have any advice on how we students or even Canadians can reduce any risk vis-à-vis this application?
Well, when we render our decision, that’s when there would be concrete recommendations that would be made both potentially to the organization and potentially to Canadians. I did this, for example, in the Home Depot decision. I said, look, I encourage Canadians to always ask why you want my information. So if I’m asked, I want your e-mail address, why do you want that? What are you going to do with that? Whether it’s Tiktok or any social media, I would encourage people to look at what the privacy settings are, what, what am I being asked to consent to here? And when we say things like we’re going to use the information to improve our services, well, what does that mean? And above all, who do we want to share this information with?
Thank you.
Perfect, is there another student… who has a question. Don’t hesitate. Yes, come, come, come, come closer. Come closer. Go ahead and sit down. It’s comfortable. It’s comfortable, yes. You don’t have to hold the mic too close; it can be just towards you like that.
Should we say our name?
Yes, introduce yourself and then you can talk about your educational background, where you are now.
I’m Lara, and I’m in the same year as Rebecca in the Canadian law program. I had a question, when it comes to adhesion contracts, we often have adhesion contracts, and then we don’t really have the choice to refuse. Is there anything we can do about that?
Well, I think that’s going to be part of… the law says that you can’t require consent as a condition of using the service unless it’s justified. So, in the new bill, what’s being proposed is that it should be even clearer, that the way consent is requested should be informed, that people should have the opportunity, that it shouldn’t be done in an inappropriate way. So that’s one of the elements we’re considering, if we look at consent, is it, is it also the element of an appropriate purpose, so that the information is used for the right purposes, so that the, even, because even with consent, if the purpose isn’t, it’s not appropriate, it becomes problematic. And that’s something I’d like to see more of in government regulation legislation. So it’s a very pertinent question, because often that’s what we see, we go and see, here’s the clause, and then we don’t have, we can’t negotiate the clause and that’s why the issue of consent, we still need to work on improving it.
Then would it be applicable to companies like I think our phones for example. It’s often admitted Apple will present us in the settings, it’ll be just like oh you can consent or update for example. Would that also apply to conditions like that?
Well, when you’re offered these choices with phones, if you choose to consent to this, well, it’s going to be treated as such, the information is going to be taken. So the options, then I’ve recommended that when it’s used by young people that by default it should be selected that it’s off, that it’s only that it’s no answer. That way, if you don’t do anything, the answer will be no. So we’re working on that. We’ve also carried out an international random check of several websites to see whether there are what we call practices that are a bit misleading in relation to this kind of choice, and we’ll be producing a report on this shortly. But certainly when you’re offered these important choices to look at them and then choose if that’s what you want. Maximum protection for privacy would certainly be my recommendation. And in a case where you’re really concerned that the choice model is very problematic and the choice is illusory, you can always contact my office and ask questions.
Excellent. Excellent question. Are there any other questions? I’ve seen other people interested…yes? That’s great. So same thing if you’d like to introduce yourself and tell us where you are in your educational journey.
So hello… I’m in my, my second year at the PDC, as are the two girls, Rebecca and Lara. My question was actually a bit specific, I was wondering if the Bureau also had any involvement in the investigations that were being conducted to investigate the, the foreign interference coming from countries like India against Sikh people in Canada.
We haven’t been involved in this issue specifically, but we did a joint investigation into Facebook, which is still before the courts as we speak, in relation to the Cambridge Analytica scandal, where they used, allowed the use of user data on Facebook, which was subsequently used essentially for manipulation during election campaigns, whether Brexit or President Trump’s election in the United States. So it’s not the same scenario specifically, but it shows an example where using privacy and not respecting privacy can have impacts elsewhere. As for the issue of foreign interference, I note that the government recently tabled a bill, Bill C70, which will provide additional protection and give more power to Canada’s intelligence agencies, and then require a public registry of what they call the foreign agent registry. If contracts are given out to influence foreign policy, then this is certainly a hot area.
Thank you. Thank you so much. Merci. Merci. Perfect, thank you…is there another question from our… yes, yes, come in. Yes, come… would you…
You can ask the question on my behalf… Yeah, yeah, yeah, I can, or maybe Karen.
I was gonna ask about international privacy and…
You don’t need that
And I wanted to understand to what extent private organizations such as charities need to disclose information of people outside Canada. For example if you’re helping a family outside of Canada and you get all their information, does this information need to be disclosed to the government or can you protect that information.
So it’s… yes, you can summarize the question.
Yes, so if you’re an international family, the student wanted to know how necessary it is to reveal the information, the private data of this family, because I understand your question.
Yes…So that, that, that raises all sorts of questions. If it’s to reveal it to the government, well the question would be, what authority does the government have to ask that question? I was talking about the recent Supreme Court decision that said, for the RCMP to obtain information from a private company about e-mail addresses or anything else, they must have reasonable grounds and a warrant. So the question is, what’s the authority? Private industries will always ask themselves before providing information, even to the government: what is the legal basis for doing this?
The bill before the House at the moment on, which would allow banks to share information between different banks if they feel it could reveal money laundering. So that’s one possibility. Charities aren’t always covered by privacy legislation, because it’s aimed at businesses and commercial organizations. But it may be, because if certain operations they carry out, for example, fundraising or things like that, it may be considered something that falls under our jurisdiction. And in my annual report last year, we reported on certain situations like that, where if we shared donor lists, for example, so that other fund-raising activities could be carried out, well that raises questions of privacy, it raises questions of consent. Have you notified people, your donors, that when they make a donation, you’re going to share their, their contact details with other organizations? Maybe they’d be comfortable with that, maybe not. So we asked you to make it more explicit.
Thank you for your time. Great, is there another question? Yes, come, come. You’re the best one to ask your question. So if you’d like to introduce yourself, and then…
Yes. So hello. My name is Shaza. I’m in my 3rd year of the Canadian law program. Then my question for you is, how can we encourage international collaboration to establish common ethical standards for artificial intelligence?
Well, I’m happy to say that this collaboration is, it exists, it’s very strong and it’s been one of the, one of the elements that I’ve discovered with great pleasure in my role over the last two years. So whether it’s at the G7 level, the G7 countries, Canada is going to meet with the, the G7 counterparts at the level of Heads of State, at the level of ministers, but also at the level of commissioners. So every year, I’m going to meet with my G7 counterparts. The first year of my mandate was in Bonn, Germany. Last year it was in Tokyo, Japan. This year, it’ll be Rome, Italy, and the following year, it’ll be here, because I’ll be the host. Canada will be hosting the G7 at that time. So a lot of discussions, a lot of collaboration. This enabled us to draw up the declaration on artificial intelligence in the context of privacy, to remind people of the existence of laws, to remind people of best practices. We’ll be continuing this work in Rome this year. There’s also the World Privacy Assembly, where all the world’s privacy commissioners meet annually to issue resolutions and recommendations, as we did this year on artificial intelligence and employee privacy.
Then there are other, even other sectors, for example Asia Pacific, so Canada is a major player in Pacific Asia with the West Coast, and so I’ve taken part in several of these meetings with this sub-group, which includes Australia, New Zealand, Mexico, Canada, Singapore, Japan and South Korea. So very active. And then there are specific issues. Of course, there’s Europe, which is very active with GDP, and Canada recently obtained adequate privacy protection status.
There are also networks in these countries that have been recognized as adequate. There’s also a network in the French-speaking world, the commissions, the privacy commissioners in the French-speaking world. So there’s a lot of work on that, and I think it’s developing even further, because we’re also doing it at the inter-regulatory level, so what we’ve done in Canada with competition, privacy and telecommunications is also being done internationally, and even among ourselves. So the regulatory authority forum we created is now linked to an equivalent forum in the UK. And so, by doing this, we are multiplying our influence but also multiplying our perspectives to make sure that we, that we are aligned.
Thank you very much. Thank you very much. Thank you for your question. Another question from the students, Doctor, yes. Come, come. There you are.
Hi, my name is Amélie, I’m a PhD candidate and I was wondering if you could come back regarding facial recognition issues on the joint investigation regarding Clearview AI and maybe these follow-ups today?
That’s right, so it was a very important investigation into whether Clearview AI, which does facial recognition, yes, but particularly by fetching data indiscriminately from the Internet. So it was an investigation with a police station and colleagues from Quebec, Alberta, British Columbia who determined, I believe, in 2021 that it was a violation of the law, that it wasn’t, not only was there no consent but it wasn’t for appropriate purposes because, essentially they were placing all Canadians and not just because it’s going outside of Canada too. But it was like putting them all under investigation, under police investigation, without a warrant, without probable cause and by a private company that was then going to sell it to the police forces. So, in a way, it obliterated all the Charter protections we have. You can’t ask to have your picture taken tomorrow morning, without reasonable cause, and then have the police have a file like that on me, but with Clearview AI you could. So we determined that it was illegal in Canada. The company has left Canada, no longer operates in Canada, but there is still data on Canadians in that database.
I mentioned that I didn’t have the authority, my office doesn’t have the authority to issue orders. My provincial colleagues do have the authority, and they’ve issued orders in relation to Clearview AI, which is still before the courts. But it shows once again, this importance between the public and the private. And the Court in the Bykovets case, the Supreme Court, it didn’t talk about that case specifically, but it did mention, and I think it’s very relevant, that technology has changed things so much that it has now added a third tier to the relationship that used to be a two-way relationship, between the State and citizens in terms of fundamental rights and the Charter. So traditionally, it was the state investigating me, whether here in Canada or in a totalitarian state where the secret police and all that, but it’s state-individual. But now, with technology, it’s State, individual, private company, private industry, and the Court explicitly says that this changes the architecture and the question a little bit, and in Clearview AI, we explicitly said that when the government uses private companies, because the RCMP subsequently used Clearview AI, the government must ensure that it has sufficient measures to confirm that the private company is complying with its obligations.
And I recently handed down a decision regarding the RCMP’s use of other software, Babel X software, which was a program that could be used to search the Internet, even private sites, even sites with restricted access. And in our investigation, we concluded that the RCMP needed to do more due diligence before using software like that, it’s not enough to say it’s available, you can buy it, it helps us do our job, we do it so it’s a, it’s an issue that continues to be topical.
The New York Times, I think, called it a perpetual lineup.
That’s right. So… thank you very much. Thanks for asking the question.
So, one last reminder for those of you. I’m going to put the microphone here and then we’re going to make a short conclusion.
So Commissioner, I’d like to thank you for your time, precious time, I imagine you’re, from what we’ve discussed today, very busy with many of the issues we’ve talked about today. So thank you very much, Karen, for moderating with me, and thank you especially to the students who joined us and had the opportunity to ask you their questions. And I hope it has given you food for thought, and inspired you to take an interest in the field of privacy protection in Canada.
Thank you all very much.
