INDU Committee Meeting

    Good afternoon, everyone.

    Welcome to meeting No. 104 of the House of Commons Standing Committee on Industry and Technology.

    Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders. Pursuant to the order of reference of Monday, April 24, 2023, the committee is resuming consideration of Bill C‑27, an act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts.

    First of all, I'd like to welcome our witnesses. At the same time, I'd like to offer our apologies for the brief delay caused by a vote in the House of Commons.

    We welcome Diane Poitras, president of the Commission d'accès à l'information du Québec. Thank you very much for being with us, Mrs. Poitras.

    We also have from the Office of the Information and Privacy Commissioner of Alberta,

Diane McLeod, information and privacy commissioner, also joining us by video conference. Thanks for being here.

    Madame McLeod is accompanied by Cara-Lynn Stelmack, assistant commissioner of case management, and Sebastian Paauwe, manager of innovation and technology engagement. Both are appearing by video conference.

    Lastly, we have Michael McEvoy, information and privacy commissioner for the Province of British Columbia.

    Thank you to the three of you for joining us today. We have until 5 p.m. Without further ado, I will cede the floor.

    I'll give you the floor, Mrs. Poitras. You have five minutes for your opening remarks.

    Thank you.

    Thank you, Mr. Chair.

    I'd like to thank all the members of the committee for inviting me to participate in this study.

    As you know, Quebec has undertaken a major reform of its privacy laws to make them more responsive to the new challenges posed by the current digital and technological environment. An Act to modernize legislative provisions of personal information, better known as Bill 25, was passed in September 2021. Its provisions have come into force or will come into force gradually over a three‑year period.

    The changes made by Bill 25 can be grouped into three categories. The first involves new obligations for provincial businesses, organizations and political parties. The second contains new rights for citizens. Lastly, the third includes new powers for the Commission d'accès à l'information du Québec.

    Among the new obligations of businesses is the addition of the principle of responsibility for the personal information they hold. It implies that each company has a privacy officer and that it establishes governance policies and practices. When a confidentiality incident occurs, businesses are also subject to new obligations, which are similar to those found in Bill C‑27.

    Bill 25 also introduces enhanced transparency obligations about what companies do with personal information.

    To give citizens greater control over their information, new consent requirements are provided, such as for obtaining express consent when the information is sensitive. To be valid, the consent must also meet certain conditions, be requested in simple and clear terms, for each of the purposes pursued and separately from any other information.

    The legislation also provides for measures to prevent privacy breaches, such as the requirement to conduct a privacy impact assessment at the design of products or technological systems that involve personal information. This type of screening must also be carried out before personal information is shared outside Quebec to ensure that it is adequately protected.

    If an organization collects personal information by offering a product or a technology service, the privacy parameters must, by default, be addressed to those who provide the highest level of protection.

    The act also provides a framework for the collection and use of particularly sensitive information and certain situations with a higher potential for intrusion, such as profiling, geolocation, biometrics, and information about minors.

    New rights for individuals include the right to be forgotten, the right to portability of information and certain rights when a fully automated decision is made about a person by an AI system.

    Finally, the commission is being given new powers. It's the organization responsible for overseeing the enforcement of laws relating to access to documents and the protection of personal information, and for promoting those rights in Quebec. It has had order‑making powers since its inception. It may also, on the authorization of a judge, initiate a criminal prosecution for an offence under the acts it is responsible for overseeing.

    Bill 25 significantly increased the amount of penalties that can be imposed and lengthened the time frame for such prosecutions.

    The commission now also has the authority to impose administrative monetary penalties of up to several million dollars. It can adopt guidelines, and it has enhanced investigative powers.

    Bill C‑27 has similar objectives to those that motivated the reform in Quebec. For businesses, the consistency of the rules in the various jurisdictions in which they operate helps to reduce their regulatory burden.

    The adoption of similar and interoperable rules facilitates the essential work of collaboration between the various control authorities across the country, but also internationally. At the end of the day, it also respects people's fundamental rights and increases their confidence in the digital economy and in the use of new technologies such as artificial intelligence, which promotes responsible innovation.

    In closing, I would like to point out that a collective, non‑partisan, transparent and inclusive reflection on the framework for artificial intelligence has taken place in recent months in Quebec. More than 200 experts, including the commission, looked at six topics, and a call for public contributions complemented that thinking. The preliminary direction of this work was discussed at a public forum last month.

    Recommendations on regulating artificial intelligence will be submitted to the Government of Quebec by the end of the year.

    Thank you. I look forward to your questions.

    Thank you very much, Mrs. Poitras.

     Madam McLeod, the floor is yours.

     Good afternoon. I would first like to thank the committee for inviting us here today as witnesses to your proceedings on Bill C-27.

    This bill is an important step in modernizing Canada’s private sector privacy law. It would support responsible innovation and development of innovative technologies while adequately protecting privacy rights.

    Innovation is occurring in all sectors. These activities benefit Canadians, but there are also risks. This law would play a key role in establishing a foundation of trust amongst Canadians, which would foster the growth of our digital economy.

    Alberta's Personal Information Protection Act, PIPA, has been declared substantially similar to the Personal Information Protection and Electronic Documents Act, PIPEDA. The objective of PIPA is essentially the same as that of PIPEDA, and both acts are consent-driven with certain exceptions. Given these similarities, I will not go through PIPA in detail. Instead, I will focus on an aspect of PIPA that may be of interest as you consider the Consumer Privacy Protection Act portion of Bill C-27, and that is specifically our order-making power.

    Most reviews and complaints, about 85%, are settled by our informal case resolution team. If settlement fails, the commissioner may conduct an inquiry, a quasi-judicial process, which involves formal submissions to an adjudicator, who then issues an order to remedy any non-compliance.

    Our informal case resolution team operates separately from our adjudication team. When a file moves to inquiry, our adjudicators conduct a de novo hearing. They do not have access to what occurred in mediation. Orders are final, binding and not appealable, but they are subject to judicial review by the Alberta Court of King’s Bench.

    The majority of our orders are complied with. We have sought a court order to enforce compliance in only a few cases.

    This structure brings finality to allegations of non-compliance in a cost-effective, predictive and relatively timely manner. Finality serves several purposes. It creates certainty around the interpretation of PIPA, which serves the interests of both organizations and individuals. It encourages settlement. Because our services are free, our office is fully independent from government, and the majority of our orders are complied with. This reduces the time it takes to remedy non-compliance.

    PIPA is scheduled for review by our Standing Committee on Resource Stewardship likely to begin in early in 2024.

    Given this, we’ve been paying close attention to what is happening with Bill C-27, specifically the CPPA, as it may influence amendments to PIPA due to PIPA's substantially similar status. We are also considering the impact of Bill C-27 on Albertans when their personal information flows across borders.

    In the CPPA, there are positive new privacy protections for Canadians. There is the right to request disposal of personal information, also known as the right to be forgotten; rights regarding the use of automated decision-making systems; and rights regarding data portability. Other improvements include clarification of service providers' role and accountability, administrative monetary penalties to deter non-compliance, proactive auditing, better protection for minors, and the inclusion of privacy as a fundamental right, as well as proposed amendments on the special interests of minors.

    However, we have some concerns regarding a few provisions. We are concerned about individuals' loss of control over their personal information resulting from new authorities in section 18 regarding business activities and legitimate interests. We are concerned about how the provisions on de-identification and anonymization would be used, and whether more controls would be required to mitigate potential risks to individuals. We are concerned about whether the inclusion of the tribunal as an appeal body to the Privacy Commissioner's orders would impact our ability to conduct joint investigations.

    In addition, there are areas in the bill that could be enhanced. Stronger protections for children, such as those provided for in California and the United Kingdom, could be built in, as could requiring the use of privacy impact assessments in specific circumstances where there are higher risks, and requiring increased rights for the use of automated decision-making systems, and expanding the definition of sensitive information to mitigate the risks of harm that may flow from the processing of certain kinds of personal information.

    I thank you for your time. I look forward to further discussion.

     Thank you very much, Madam McLeod.

    Mr. McEvoy, the floor is yours.

     Thank you, Chair and members of the committee.

    I'd first like to acknowledge that I'm presenting to you today from the traditional territories of the Lekwungen-speaking people of the Songhees and the Esquimalt first nations.

    Given my brief time this afternoon, I want to focus my comments on the practical matter of how the privacy rights of Canadians ought to be considered and, where events dictate, enforced.

    A common theme of these proceedings is the need to harmonize, to the greatest extent possible, the substantive privacy rights of Canadians across federal and provincial jurisdictions. The principle of harmony or substantial similarity should also apply to the processes that determine and enforce privacy rights.

    Why is this so important? Data most often knows no borders. Many significant privacy rights cases impact citizens across the country.

    It is therefore incumbent upon us, as privacy regulators with oversight over the private sector in Alberta, British Columbia, Quebec and Canada, to act, to the greatest extent permitted by law, in a coordinated manner. This ensures that concerned individuals are addressed in a consistent way and that affected businesses are not queried by overlapping demands. In short, coordination builds the trust of Canadians in our privacy oversight system.

    The coordinated actions I speak about will be enhanced considerably if the avenues for processing and enforcing those privacy rights are as consistent as the law permits across jurisdictions. In concrete terms, this means the federal Privacy Commissioner should certainly be granted order-making powers, which the three provincial authorities now have, and which Bill C-27 recommends.

    I would go a step further. The proposed federal order-making powers should be reviewable in the same manner as that applicable to provincial authorities. That is to say that the federal Privacy Commissioner's powers should be directly subject to review by the courts. That has proven to be more than sufficient to protect the rights of all parties at a provincial level. Bill C-27's proposal to add a layer of administrative bureaucracy in between the commissioner's orders and the court review adds an unnecessary level of expense and time to distance Canadians further from the ultimate disposition of their privacy concerns.

    The same considerations of federal and provincial harmonization should be applied to the matter of administrative monetary penalties. Quebec—as my colleague has just pointed out—is the first jurisdiction in Canada to authorize the regulator to administer such penalties where circumstances warrant. I have called for British Columbia's government to do the same.

    The authority to levy fines—a last resort for regulators—protects the rights of Canadians and the vast majority of businesses from bad actors. It is critical that privacy regulators are able to ensure that when fines are necessary for multi-jurisdictional violations, they are levied in a coordinated, proportionate and non-overlapping way.

    That is simply not possible under Bill C-27, which strips power away from the federal Privacy Commissioner to levy fines, and instead puts it in the hands of a third party that would not be in a position to coordinate matters with other authorities. This again creates federal-provincial asymmetries, which in no way benefit Canadians. It bears repeating that if a party is concerned about an imposed fine, a direct referral to the court system is more than adequate to ensure administrative oversight of the system.

    In summary, while Bill C-27 goes some ways to strengthen the privacy rights of Canadians, the bill must be improved to ensure that those rights can be fairly, effectively and economically adjudicated and enforced.

    Along with my colleagues, of course, I welcome any questions you may have.

    Thank you very much to all three of you.

    To begin the discussion, I now give the floor to Mr. Généreux for six minutes.

    Thank you, Mr. Chair.

    Thank you to all the witnesses for being with us today.

    Mrs. Poitras, I'm delighted to meet you. First of all, I would like to congratulate the Government of Quebec and your organization for the work that has been done. Since we began our study of Bill C‑27, many have cited the Quebec legislation as a model. So I commend you for that.

    From what I understood earlier, you are currently holding consultations on the six themes you mentioned.

    Before the bill was passed, were consultations held in Quebec?

    Yes, specific consultations were held by a commission of the National Assembly of Quebec. A number of stakeholders, both private sector representatives and citizens' representatives, were able to express their views. The Commission d'accès à l'information du Québec, of course, took part in those consultations.

    The consultations I just mentioned, which are the most recent, focused on how to frame AI.

    There was a process that led to the adoption of the bill in Quebec, which unfortunately was not the case here. You were able to compare Bill C‑27 to what was passed in Quebec. We hear a lot about what will be a priority in the bill, for example, with regard to justice and law enforcement.

    What is your analysis of the situation? I ask because I just heard Ms. McLeod express some reservations about certain aspects of Bill C‑27. Do you have some as well?

    I certainly share my colleagues' concerns about the interoperability of the act in a context where the obligations would not be exactly the same. The fact that similar protection applies across the country is important for Canadian citizens, but also for businesses. They can operate in Quebec, but a number of them can do so across the country.

    The fact that the process can be very costly is a concern we've heard very often in Quebec. At the time, under Bill C‑11, there was concern about the harmonization of the rules. Without harmonization, companies feared that they would have to comply with two sets of rules, and operating would become very expensive.

    I don't know if that answers your question.

    Yes, thank you.

    I'm an entrepreneur myself. Since I'm not in my business full time, I don't know whether I have to comply with rules or whether my compliance is adequate. I think we train people in my business. After all, I'm in the communications business.

    Are we talking about a minimum number of employees? How is it determined in Quebec that companies have to comply with certain rules?

    My questions are still about what Bill C‑27 does and doesn't include.

    In terms of businesses that are subject to the Quebec legislation, it's any business that engages in organized economic activity and that, as part of that business, collects, uses, discloses, holds or retains personal information in Quebec. So it's quite broad. It covers commercial enterprises, but also non‑profit organizations, or NPOs. Regardless of their size, these companies are all subject to it.

    If I understood correctly, part of your question was whether we had any concerns about interoperability. There are a couple of things I have concerns about. Among other things, there are important distinctions in the regimes applicable to anonymized data and de‑identified information. I could tell you more about that.

    There are also the administrative monetary penalties that can be imposed and the scope of those penalties, as well as the lack of certain preventive measures for the use of technology. I'm thinking in particular of the fact that no provision is made for privacy impact assessments or profiling measures.

    What are the most important recommendations you would make to amend Bill C‑27 to allow for interoperability across all provinces? I know that there are also reserves in British Columbia. I'm sure that my colleagues will ask Ms. McLeod or Mr. McEvoy questions about this.

    We're trying to see how the bill can be improved so that it's interoperable across the country and so that everyone can easily implement it. This is a concern that has been expressed by all the stakeholders and witnesses who have appeared before the committee.

    Thank you for the question.

    Commissioner Dufresne made some excellent recommendations around harmonization and so on.

    As for anonymized and de‑identified information, I know that many stakeholders have told you that the definition of anonymization was very restrictive in Bill C‑27. In Quebec, following discussions and exchanges with stakeholders, parliamentarians included some flexibility in the legislation. According to Quebec law, information is anonymized “if it is, at all times, reasonably foreseeable … [for] the person to be identified directly or indirectly”.

    However, they were concerned that this might open up too big a loophole. At the same time, it was stipulated that government regulations could impose terms and criteria on how anonymization is done.

    De‑identification is also an important issue because of the potential for the use of de‑identified information. Bill C‑27 provides that, at times, de‑identified information is no longer personal information, which means that protection for that information is lost. That is a concern.

    My colleague Mr. McEvoy did a good job of presenting the concern about administrative monetary penalties, but also the scope of the penalties. The situations in which the federal commissioner can recommend to the tribunal the imposition of administrative monetary penalties are very limited in Bill C‑27.

    Thank you very much.

    Thank you, Mr. Généreux.

    Mr. Van Bynen, you have the floor.

     Thank you, Mr. Chair.

    It's great to see that we're having all of the privacy commissioners from different jurisdictions. If there's anything that we know about data these days, it's that it tends to migrate across borders, not just provincially, but internationally.

    My first question is to each of the three attendants here. Clause 9, on the Consumer Privacy Protection Act, would require that each organization subject to the act would maintain a privacy management program that includes the policies, practices and procedures that it has in place to meet obligations under the act.

    I'll start with Madam Poitras.

    Are provincial organizations already required to develop a privacy management program? How is that monitored?

    Bill 25 provides for this obligation, which has been in effect since last September. It's not called

privacy management programs.

    It's called an obligation to adopt governance policies and practices, but it amounts to the same thing. The content corresponds to what we see at the federal level or in British Columbia. Those two levels of government have the same type of obligation.

    In your opinion, is that too onerous on some organizations?

    I'm sorry, but I didn't understand the question.

    In your opinion, is that too onerous on some organizations? We had some discussions earlier about what size of organization all of these rules should apply to.

    In fact, this is the basis for developing a culture of privacy. It can be adapted throughout the company or the types of personal information that need to be dealt with.

    Since its inception as a start‑up company, Clearview AI, a very small company, has used a significant amount of sensitive personal information. This is also the case for other companies of a similar nature. So the obligation isn't adjusted based on the size of the business. It can be adjusted based on the use or sensitivity of the information to be processed.

    Yes, I would just second what Commissioner Poitras has said. In British Columbia, we have a similar provision that requires organizations to develop and follow policies and practices that ensure they are consistent with our legal framework.

    We describe that requirement and obligation as being scalable. We wouldn't expect, obviously, the same thing of a mom-and-pop corner store as we would from a significant corporation with thousands of employees. These things would be scaled.

    That's not to say, by the way, that smaller entities, nowadays, couldn't handle vast amounts of information, and very sensitive information, so our expectations, obviously, would be higher.

    However, the obligations are scalable. All companies, now, need to be thinking about these issues, because Canadians—customers, patients, all kinds of people—are concerned about how their data is handled, and trust, on the part of those individuals in companies and others who they deal with, is fundamental to, I think, any business.

     I'll ask the same question of Ms. McLeod.

     I think that my colleagues have covered it quite well.

     Several years ago, the federal privacy commissioner in Alberta developed a “building blocks for privacy management” program, which we have referred to since its inception. I think it was 2015.

    There are requirements in PIPEDA. There are certain aspects of privacy management programs that are codified within the legislation; you were required to have policies and procedures, and you need to have a contact person.

     As you look at modernized privacy laws across jurisdictions, privacy management programs are becoming a standard. They are becoming a standard, in my view, because they are needed to protect the information that is flowing through the data systems in industry.

    You're right; it needs to be scalable. It also has to be recognized that, as we move ahead with the digital economy—and it's not slowing down, it's only increasing—novel technologies are going to be used by businesses of all sizes.

     As my colleague Commissioner McEvoy said, trust is the foundation of a successful digital economy. It's necessary that this infrastructure be there in order to facilitate the use of these technologies going forward.

    I've talked about the ability to levy fines, some substantial fines. To my way of thinking, when you think of some of these multinational organizations, the fine in itself could simply be considered a cost of doing business.

     Are there any additional remedies that you would say a privacy commissioner should have, for example, to disgorge the data that was assembled or to discontinue production?

     I think you're quite right. In some instances, it would be seen as a licence to continue doing what companies are doing.

     I think the most effective remedy that the government can provide in legislation for its regulator is order-making power. The three of us here today have the power to say to a company or an organization, "Stop doing what you're doing", which is a far more effective remedy in some instances where that action or conduct on the part of an organization may be harming a Quebecer, a British Columbian, Albertans or Canadians. That remedy is the most effective.

    I know that Bill C-27 would put that order-making authority in the hands of the commissioner, which is a very positive step. As we've indicated, if there's going to be any appeal, that should be directly to the courts, as we have faced them over the years as a means of oversight over what we do.

    Thank you.

    Mr. Lemire, the floor is yours.

    Thank you, Mr. Chair.

    Thank you, Mrs. Poitras, for your comments this afternoon.

    I would also like to highlight the innovation and rigour shown by the Government of Quebec in this area.

    Although the minister assures in his letter that the Quebec law will prevail in Quebec, concerns have nevertheless been expressed to this committee, particularly by Jim Balsillie. For example, it has been raised that, if Bill C‑27 sets standards that are lower than those in Quebec's Bill 25, that could hinder innovation and jeopardize investments in the Quebec economy.

    With that in mind, how do you assess the potential consequences of Bill C‑27 on Quebec's economic landscape, particularly in terms of innovation and investment?

    Thank you for the question.

    This goes a little bit to what we were discussing, that is, the issue of interoperability. As I was saying, a company may have to comply with two sets of rules. The two acts may apply at the same time in certain situations. It's happening right now, and I understand that it will happen in the future as well.

    There will be situations where a business will have to comply with both the rules of Bill 25 and the rules of a future bill resulting from Bill C‑27, if it's passed. It can certainly be difficult to comply with two sets of rules if the rules aren't similar. In addition, human beings being what they are, there may be a tendency to want to comply with the least restrictive rule.

    It's also important to be able to monitor, control and collaborate in our respective actions across Canada.

    That said, the scope of the Quebec legislation is quite broad. A business that carries on business and that, in the course of its economic activities, collects, holds, uses, discloses and retains personal information must comply with Quebec law.

    What provisions should be included in Bill C‑27 to bring it closer to the standards established by Quebec's Bill 25?

    How can we be more interoperable? As you said, it would be to the advantage of entrepreneurs, since there would be less bureaucracy, among other things.

    I'm concerned about all the provisions of Bill C‑27 dealing with anonymized and de‑identified information, particularly with regard to interoperability. There's also the issue of administrative monetary penalties and the scope of those penalties that could be imposed under the bill.

    In addition, there's the absence of certain preventive measures for the use of technology. Before implementing an application or technology, an important preventive measure is to conduct assessments in advance to ensure that it complies with the law and does not constitute an inappropriate intrusion into privacy.

    The commissioner also recommended measures against profiling or, at the very least, more transparency, so that people know they have a right to refuse. These are elements that are in the Quebec legislation for these new technologies. I think Bill C‑27 could be improved in that regard.

    In your opening remarks, you alluded to the new powers of the commission, and I'm not sure if those were human rights. As I understand it, the act provides funding for the promotion of rights, as well as binding powers.

    Do you think that Bill C‑27 could have a similar mechanism to protect Canadians from the disclosure of their personal information and to raise awareness with them?

    Our organization, the Commission d'accès à l'information du Québec, has a mission to promote the rights of access to documents and the protection of personal information. I think that all my colleagues across Canada feel it's their duty to do so, even if it isn't written in their respective legislation.

    It might be a good idea to add that aspect to the bill. What is very important is that the commissioner be able to have the necessary funds to promote those rights, because informing citizens of their rights and businesses of their obligations is a means of prevention.

    Thank you.

    Earlier, you referred to a summit on artificial intelligence that was recently held in Quebec.

    Can you tell us more about that? I know that the recommendations will soon follow, but what was the context, who was invited and what were the objectives?

    The Government of Quebec has mandated the Conseil de l'innovation du Québec to conduct collective reflection and advise it on how to regulate artificial intelligence. Among the questions is whether it should be regulated and, if so, how it should be done.

    As I mentioned, the Conseil de l'innovation du Québec has put together expert groups on six topics. There have been workshops to draw conclusions on each of them. One of them, which the commission was involved in, was the AI governance framework. Then there was a call for public contributions. The public as a whole could submit their comments.

    There was a public forum recently, on November 2, I believe. The objective was to test the preliminary findings and recommendations of each of the expert groups and to receive feedback in order to improve them. By the end of the year, a report prepared by the Conseil de l'innovation du Québec must be submitted to the Government of Quebec on the framework for artificial intelligence.

    Mr. Chair, could you ensure that the committee will have access to those recommendations when they are made public by the Government of Quebec?

    Sure.

    Thank you, Mr. Lemire.

     MP Johns, the floor is yours.

    It's great to be joining the industry committee today. I've worked with a few of you—Mr. McDonald and Mr. Vis—on protecting wild salmon. It's always good to come to the industry committee.

    I do sit on the government operations committee, so I'm going to focus on things that are related to Crown corporations in government. as the evaluation and analysis of this bill has progressed, the question about whether the government and Crown corporations should be included in the scope of the act has been raised.

    Could you maybe provide your thoughts on whether the government and Crown corporations should be included? We know that Canada Post was guilty of breaking privacy laws, using personal information from delivered envelopes for a marketing program. This was according to the federal privacy watchdog. Maybe you could speak to that or could connect to that.

    Mr. McEvoy, perhaps you could start.

     On the point of the public sector being covered, in British Columbia, the public sector is covered. That's everything from the Crown corporations, which you talked about, to school boards, municipalities—all the functions, basically, of the public sector.

    The British Columbia government recently made changes to our Freedom of Information and Protection of Privacy Act that require public bodies now to produce privacy management programs, the thing that we just talked about in the private sector. We believe that's a very positive development. It means that every single public body in the province has to focus on what personal information they have about all of us and how they're going to deal with it if things go wrong—what the emergency plan is in place. As well, in the public sector now, there's mandatory breach notification; when breaches happen, individuals are notified.

    Of course, in the public sector, it's not a consent-based model. We, as citizens, really don't have much of a choice, in most cases, about giving over our information to public bodies to get the services that we require. Therefore, it's very important that the law carefully authorize that collection and that it be regulated. We certainly believe that, in British Columbia, it is done in a very effective way.

    Do you want to add to that, Ms. McLeod?

    Thank you, yes.

    We here in Alberta have three privacy laws, actually. We have the private sector privacy law that covers everything except for aspects of our non-profit sector. We have our public sector privacy law that operates similar to what Mr. McEvoy just explained, and we also have the health information law that governs the health sector in our province.

    We here in Alberta are looking at harmonizing our own laws as we are looking at advancing our digital economy here and using technology to innovate. We're looking not only in Alberta but also, of course, at Bill C-27 as we consider what the landscape needs to look like.

    As the bill is, federal political parties are not included in this bill.

    Do you think that political parties should be subject to the provisions of this bill?

    Maybe I could start on that one, if I may.

    It happens that British Columbia.... It is not the only jurisdiction—because there's some application of the law in Quebec, which Ms. Poitras can talk about—but essentially, the full application of our Personal Information Protection Act applies to political parties, and we've utilized that aspect of the law to review political parties in this province and to collect, use and disclose information about voters, which we think is really important.

    The short answer to your question is that, yes, in my view the federal law should apply to federal political parties. The basic reason is that it will enhance the trust between voters and all of our parties and the candidates seeking information from citizens. Citizens will know that, when they exchanges views with their political parties and communicate their views or whatever information they give over, this information is going to be properly dealt with. They will also know that, if there is an issue, there's going to be an independent oversight authority that can basically adjudicate any disputes.

    That can do nothing but enhance the trust that Canadians will have in federal political parties, in my view.

    Ms. Poitras, I'll go to you.

    With the Biden administration's recent executive order on AI regulation, what is your perspective on how AI regulation has been approached in Canada versus the United States?

    I think it's possible to adopt a number of approaches to an AI framework. However, a consensus is emerging—in Quebec at least—that artificial intelligence must be regulated and that, as we have seen so far, self‑regulation has its limits. Quebec's position, or the position of the Commission d'accès à l'information du Québec—I can speak more to the commission's position—is that we must at least have framework legislation with principles.

    In Quebec, we had considered developing an approach to the issue of artificial intelligence. A few years ago, in Quebec, we adopted the Montreal declaration, which is a declaration of principles on the responsible use and development of artificial intelligence, but it is on a voluntary basis. We saw that this had its limits, and the expert panel on which I was a member recognized that, from now on, more stringent frameworks and obligations are needed to ensure the responsible and prudent development of artificial intelligence.

     Thank you, MP Johns.

    If members allow me, I'll just take two minutes to ask a question because I'd like to do a bit of mileage on MP Johns' questions.

    Regarding political parties, Mr. McEvoy, I understand there is a case in British Columbia where political parties, the NDP, Liberals and the Conservatives, are fighting your office so as not to be covered under PIPA. The Bloc for some reason is not contesting that, I guess they don't garner much information in B.C., understandably.

    My question is mainly for Mrs. Poitras and Ms. McLeod.

    In Quebec and Alberta, what provisions require political parties to comply with privacy and personal information protection rules?

    Could you give us an overview of that subject for the benefit of the committee members?

    Perhaps I can answer the question first.

    This is something new in Bill 25. The provisions are first set out in the Election Act, meaning that Quebec's Election Act provides that provincial political parties and independent members must comply with the provisions set out in the Act respecting the protection of personal information in the private sector, unless there are specific provisions set out in the Election Act.

    There are a few. For example, there's no obligation to destroy personal information. In addition, we don't have the right to have access to personal information and to request that it be corrected when it is held by political parties. As you can imagine, the commission would have preferred that to be the case, because one of the best ways to assure citizens that their rights are respected and to know what political parties or other entities have on them and what they do with that information is to promote the exercise of the right of access.

    Essentially, most of the obligations applicable to businesses under the private sector Privacy Act apply, except the ones I mentioned. However, there's a limit to what political parties can use and communicate. The information has to be collected for electoral purposes.

    Thank you.

    Ms. McLeod, I'll ask you the same question.

    In Alberta, the political parties are expressly excluded from the application of our private sector privacy law, PIPA. I don't know off the top of my head whether or not there are privacy provisions in election acts; there usually are.

    We are looking at this as part of our recommendations for our PIPA review, and we will be recommending that political parties be subject to the Personal Information Protection Act, so I'll have occasion at that point to look at our Election Act and see what controls are in there.

    Thank you very much.

    Sorry, Chair, perhaps for a point of clarification, I should note that in British Columbia there is no doubt that the Personal Information Protection Act applies to B.C.'s provincial political parties. A ruling of our office held that federal political parties operating in British Columbia were also covered by the legislation. That is the point that is now in dispute before the courts, just to be clear, just that aspect.

    Yes, understood. Thank you very much.

    I'll now get back to our regular programming.

    Mr. Vis, the floor is yours.

    Thank you, Mr. Chair. Thank you to the witnesses today.

    Mr. McEvoy, just touching upon the current court case involving federal political parties, is your office pursuing oversight over federal political parties because the Liberal Party used artificial intelligence to identify possible participants in their nomination and candidate selection processes?

    First, I should say, that obviously I have to be very careful in terms of what I say about this case because it is before the courts now.

    I would say that the case was initiated because of complaints that we received from individuals who were seeking information. I'm just trying to recall off the top of my head; it may have been multiple political parties seeking certain information, and they didn't receive that, and so therefore they complained to our office, and that's what we were looking at.

    Then the initial issue was simply whether my office had jurisdiction with respect to federal political parties operating in British Columbia. The answer to that question by my office was yes, and again that matter is before the court and so beyond that, I really don't want to comment about it.

     That's fair. Thank you.

    The Artificial Intelligence and Data Act, AIDA, seeks to establish a framework by which we will further regulate, at the federal level, artificial intelligence.

    I noticed that, in your recommendations to the Province of B.C., you said there should be public guiding principles of AI in British Columbia.

    I believe it states:

    What I am reading there suggests the Province of British Columbia has adopted a model similar to that of the United States, where they received a public order that all government departments automatically begin ensuring they are ready to handle the challenges posed by artificial intelligence.

    Is that a correct assessment?

    My understanding right now is that the British Columbia government is reviewing the principles by which it will deal with issues of artificial intelligence.

    I should say that, on the regulation side of things, I have, along with the ombudsperson in British Columbia—as you note—set out some guidance that we think should apply. We also strongly support the federal Privacy Commissioner Philippe Dufresne's proposals to ensure that, where high-impact, significant matters of AI are being undertaken, they be subject to privacy impact assessments. They're the same kinds of provisions that, in our view, the British Columbia government should be using.

    We will be consulting with the British Columbia government as they develop their principles and guidelines as to how AI will be deployed in the province.

    Thank you.

    We've had some discussion here at this committee regarding what a high-impact system would actually be.

    In your words, how would you define “high-impact”?

    That's not terminology we have used in British Columbia.

    Any time you're looking at a system that attempts to, first of all, gather large amounts of data used to predict or profile people and involved in making decisions about people.... I'm not sure how you scale that. To me, anything involved in using data to make those kinds of decisions about people impacts them. There is a right to notification where those systems are in place. There should be a right to object.

    These are the concerns that I know Commissioner Dufresne has raised publicly and with the committee. We are very supportive of the recommendations he is making and the amendments he believes should be brought to bear on the federal legislation front.

    In the 2022-23 annual report of the Office of the Information and Privacy Commissioner, you highlight the importance of modernizing British Columbia's Personal Information Protection Act, which has not been updated since it came into force in 2003.

    What do you think are the most important elements of a modernized Personal Information Protection Act? Could any of your recommendations to modernize it apply to Bill C-27 and, if so, which ones?

    Let me start with one area where British Columbia, in my view, is behind. It is behind federally. That is on the issue of mandatory breach notification. There is no obligation on private sector companies in this province to report to my office when there is a breach that would cause a real risk of significant harm. Most importantly, there is no obligation on those companies to report it to individuals who are affected. This is something that needs to be changed.

    There is a raft of other very good provisions that exist in other legislation, including Quebec's. I'm thinking of Commissioner Poitras' ability to oversee biometrics in the province, which is a burgeoning area and one that impacts people significantly. Facial recognition technology...all those kinds of things, where there is an obligation in Quebec to report the implementation of those kinds of programs. I think that is something British Columbia ought to be looking at.

    The automated decision-making processes included in Bill C-27 should be, I think, incorporated in British Columbia, as well. However, I would urge British Columbia's government to go a step further than what is in Bill C-27. Again, Commissioner Dufresne has already alluded to what he believes—and we completely support this—are improvements to those provisions.

     Mr. Vis, I'm sorry, but you are way over time.

    We'll go to Mr. Sorbara.

    Thank you, Chair, and thank you to our witnesses for being here virtually. We hope everyone is doing well in their respective areas of the country.

    I wish first to speak to Michael. Greetings to beautiful British Columbia, my birth province and home province for many years. I'll be out there to see my family, my folks, over the holidays.

    You did make a comment, and I do wish you could start off on it in terms of order-making powers or order-making ability.

    Each of you has a very important role, I would say, in today's world of innovation, technology and data. Data is the new oil of the 21st century.

    Could you comment on that order-making ability?

    It is a very important part, and just one part of the tool box that we have as regulators. Commissioner McLeod and Commissioner Poitras have talked about our role as educators, because that's kind of where things begin. Almost all organizations that we encounter want to do the right thing, and so part of our responsibility is to ensure that they understand their legal obligations, and once understood, businesses comply. That deals with lots of the issues that might otherwise have to be dealt with.

    Where organizations simply choose to ignore the law is not in a very large number of cases. We have, as part of our tool box, a compliance order-making authority, which simply, in many cases, means that we can order an organization to stop doing what is illegal, in effect, to bring them into compliance with the law. That can ultimately be enforced in the court system. Again, it's an effective, important tool, I think, for all regulators, not just in the privacy field, but for regulatory authorities right across the board that want to ensure that the public is protected in so many ways.

    Ms. McLeod, can you comment on that as well, please, briefly?

    Yes, I can. I worked for a number of years in a jurisdiction where I did not have order-making powers, and it was fraught with challenges when bodies would refuse recommendations, and the only recourse was for the public to go to court, and of course that was unlikely to happen.

    It's important from that aspect as well. It protects the public. It gives the commissioner the ability to require an organization to come into compliance with the legislation when they otherwise refuse to. As I indicated in my opening remarks, the majority of our cases—85% of them—are settled by informal means. Referring to what Commissioner McEvoy said, most of the organizations either don't understand their obligations or misinterpret the law, and we can settle that quite easily through our informal case resolution process.

    The orders are really the last resort, if you will, to bring an organization into compliance when they otherwise might not be, if there's recommendation power.

    Thank you.

    Can I get the last comment from Diane, please?

    I agree with my colleagues. This is a power that encourages compliance. If a business doesn't wish to comply, it knows that, at the end of the day, it can be ordered to take the necessary steps to comply. I think it creates an incentive for businesses to comply, and it makes it easier for authorities to do that monitoring.

    Our powers are quite broad. In Quebec, we can order any measure to ensure compliance. We can ask a party to destroy personal information or to stop a practice. This power is an important lever to dissuade businesses from taking the path of non-compliance and encourage their compliance.

    Thank you.

    I have just a quick follow-up question. In terms of Canada being a fiscal federation, sometimes the provinces lead before the federal government, and vice versa. In terms of the consumer privacy protection act, Bill C-27, if I'm understanding this right—and please correct me if I'm not—do you think it's important to allow provinces a reasonable transition period? Why or why not?

    I can go back to Michael on that.

     I guess the answer would be, “it depends”. I think you're quite right to say that, in many instances, the provinces have been ahead of the federal government. I think an order-making power is one. The federal government brought in legislation first on the privacy front, before British Columbia, but when British Columbia brought its in, it actually advanced the case and brought in order-making authority.

    I think every case will be different, but an area, again, where I would say we're behind in British Columbia would be on mandatory breach notification. Frankly, I don't think that would take a considerable amount of time in advance. It would take a little bit of time just for organizations to be made aware and also for the regulator time to get set up, because that, obviously, will increase the demand at our office. I don't think there's any precise science about it; it could be a matter of months.

    A lot of these things, of course, are well known in the business community already, and businesses are already having to comply, for example, in Quebec, or across the rest of the country or if they're doing business in Europe. These are standards and benchmarks that have been pretty well established, and again, I don't think they're going to come as a great surprise, once, hopefully, the federal government raises its game here.

    Thank you very much.

    Mr. Lemire, you now have the floor for two and a half minutes.

    Thank you, Mr. Chair.

    Mrs. Poitras, the former Privacy Commissioner, Mr. Therrien, told us that the federal commissioner and the provincial commissioners collaborated on various topics when it came to investigations of non-compliance.

    Do you think lower standards, such as those set out in Bill C‑27, could hinder the investigations and co‑operation of privacy commissioners, if the federal legislation doesn't establish the same standards as those set out in Quebec's Bill 25?

    There definitely needs to be harmonization. My colleague Michael McEvoy mentioned this in his opening remarks. So there are obligations. For the most part, right now there are slight nuances in the terminology in the application of the laws, but we can work well together if the rules, at first glance, are general.

    There must also be a harmonization of powers, such as the power to issue orders and the power to impose administrative monetary penalties. They are an incentive because they ensure that a company can quickly put an end to the default. If they are subsequently imposed by a court, that could undermine our co‑operation, which, I must point out, is excellent at the moment.

    Thank you.

    On another note, you mentioned earlier that, when it comes to artificial intelligence, you were in favour of adopting high standards, which you think would be preferable to a voluntary code of conduct. We know that this last option is the one chosen by Canada, as confirmed by Minister François-Philippe Champagne a few months ago. This is a trend that is increasingly strong in other countries around the world when it comes to legislation.

    Are you concerned that Canada will end up letting things slide and will be content with voluntary measures?

    Do you think that Canada should impose higher standards and that such standards should be adopted by a group of countries?

    In Quebec, the Montreal declaration was a kind of voluntary code. I think that this is a step in the right direction and that it's normal to go through this. It takes a long time to find the right balance and to pass legislation.

    A lot of concerns have been raised about certain applications of artificial intelligence, but that's not always the case. Indeed, there are a lot of advantages to using AI. I think that, collectively, we're at a point where we need to impose binding rules or even ban certain unacceptable systems that go against the democratic values and principles that we as a society have set for ourselves.

    Thank you for being with us today.

    Thank you, Mr. Lemire.

    Mr. Masse, you now have the floor.

     Thank you, Mr. Chair.

    My apologies to Mr. Vis. It was me who created the commotion. I was excited to be back at industry here, and I have a loud voice, as people know, and I appreciate my colleague.

    I want to say, Mr. McEvoy, that your privacy laws in the past as well as civil liberties coming out of British Columbia have been very solid over the years. I'm just wondering at this point in time, would you have a recommendation on whether we only do part of the bill right now, the privacy component, and then work on the AI stuff later on?

    There are a lot of witnesses who have come here saying that we should scrap the whole process, and some are saying that we should just get on with it. We're getting a lot of mixed messages, so I'm wondering this.

    I made a motion with the NDP that split the bill into two segments of voting in the House of Commons. I understand why the minister put them together. There is logic for that, but at the same time, there's a good case for the bill to be a bit different.

    If we were to walk away with this, with just the privacy component, do you have any comments on whether that is important enough to meet the test of mettle to do that and get that done right away, or should we still continue to bundle up and maybe not get to the privacy stuff, because we may not be able to get the whole bill done?

    Far be it for me, as an impartial officer of the legislature of British Columbia, to be giving you political advice about how things should proceed.

    What I would say in general terms is that the bill represents an advance for the privacy rights of Canadians. Is it perfect? No. I think Commissioner Dufresne has articulately expressed this view that there are improvements that need to be made, but there are advances here, and it's important to acknowledge those. We would hope that those would move forward. Again, we are trying to be helpful here today to make suggestions to you as to how that can be further improved.

    We talked about the AI front, notification provisions and PIAs being associated with the high-impact mechanisms of AI, but it's also about things like protection for children's rights. Again, we would support the federal commissioner in his bid to have them strengthened.

     In general terms, these are an advance, and that I think needs to be acknowledged.

    If political parties were included in the federal bill, would that mean that you'd have to look at coordinating with the provincial side?

    I understand some of the reasons there's an opposition to the federal one applying, as you could have different standards across different provinces on privacy that make it difficult.

     What would happen with regard to substantiating...? I guess it would have to be at least equivalent to B.C.'s. Is that the position of what the expectation would be on the federal one if we included political parties?

    The thing is, if political parties are encompassed within federal legislation, that would then provide a mechanism for Canadians to take whatever concerns or complaints they might have presumably to the federal Privacy Commissioner for adjudication. Again, and I can't express this strongly enough, that would substantially enhance the confidence and trust that Canadians have in having that dialogue with their parties. It is so important, at a time when democracy is so fragile, for that trust be strengthened. That can only be held through including political parties within the federal privacy legislation.

    Thank you very much, Mr. Masse.

    I'd like to thank the three witnesses who appeared today.

    Mr. McEvoy, Mrs. Poitras and Ms. McLeod, thank you for taking the time to come and speak to us this afternoon for what is probably—at least I hope—the last meeting of the committee in 2023. We really appreciate it.

    You are free to leave the meeting, if you wish. I have two quick motions for the committee's approval.

    Committee members, I just have two quick motions for the adoption of committee budgets. I would like us to approve them together.

    The first motion is as follows:

     “That, in relation to the committee's study of the recent investigation reports on Sustainable Development Technology Canada, the proposed budget in the amount of $7,250 be adopted.”

    Do I have unanimous consent?

    (Motion agreed to)

    The Chair: Finally, the second motion is:

    Do I have unanimous consent?

    (Motion agreed to)

    Thank you very much.

    Without further ado, I will suspend the meeting for about five minutes so that we can prepare for the second part of our meeting.

    The meeting is suspended.

    Colleagues, we will now resume the meeting.

    Pursuant to the motion adopted on November 7, the committee is resuming its study on the recent investigations and reports on Sustainable Development Technology Canada. For your information, today is the fourth and final hour of this study, as set out in the motion.

    I would now like to welcome our witness, Annette Verschuren, who is joining us by videoconference.

    Thank you very much for being with us this evening, Ms. Verschuren. You have five minutes for your opening remarks.

     Thank you, Mr. Chair.

    Good afternoon, honourable members.

    My first role out of university was as a development officer in Cape Breton. I focused on creating new opportunities as the mining industry in the region shut down. I brought this same focus to my role as CEO of Home Depot, where we successfully created 20,000 new jobs nationwide.

    I am now focused on helping to realize the potential of the clean-tech economy in Canada. This passion led me to found NRStor. I am proud that we are the co-developer of the Oneida battery storage project, with the Six Nations of the Grand River. Together, we are creating the largest battery energy storage project in Canada and one of the largest in North America by an indigenous-led project.

    In 2017, NRStor received $2.1 million in funding from SDTC for its Goderich project, a partnership with Hydrostor. This was the first commercialization of long-duration compressed air energy storage in the world. Two years later, in 2019, I was approached to serve as SDTC's chair. I informed the minister, the deputy minister and the Ethics Commissioner that I was the CEO of NRStor and that the project had received SDTC funding in 2017. I accepted the appointment after completing my full disclosure and conflict-of-interest review.

    Let's be clear. My direct involvement in the clean-tech industry was precisely what Parliament intended when it created SDTC in 2002. Section 11 of the founding act of SDTC requires board members to be people with direct knowledge of sustainable development technologies.

    As a public member of numerous boards since I was 38, I am extremely familiar with conflict-of-interest policies. I recused myself from the discussion and vote regarding 14 companies when there were real or perceived conflicts of interest. I had no direct or indirect investment in any companies funded by SDTC, other than NRStor, during four and a half years there.

    Not only did Parliament want people with expertise on SDTC's board, but its choice to enshrine this in its founding act has worked. The board and its sector expertise have helped make the right investment choices.

    On the recent Global Cleantech 100 list, there are 12 Canadian companies, and 10 of the 12 received funding from SDTC. We are punching above our weight. I believe the success of the projects SDTC has funded demonstrate that the board, under my leadership, has done a lot that is right.

    I resigned as chair of SDTC's board on December 1, not because I have done anything wrong but because I believe the organization's work is too important to be compromised by the distraction that these allegations have caused. Board processes can and should be reviewed and updated from time to time. Renewal and improvement are both good things, and we did this routinely at SDTC.

    Now, think back to the early days of COVID-19. The World Health Organization had declared a global pandemic. The borders were closed. We were terrified of the impact on the clean-tech sector. The young organizations in our portfolio needed our help to survive. If they did not, the incredible talents and know-how vital to Canada's future would be lost.

    Under the COVID-19 emergency payments, no company received preferential or different treatment from any other company in SDTC's portfolio. This emergency funding was entirely different from the initial approval of individual projects. These projects had already received funding—in NRStor's case, since 2017, two years before I joined the SDTC board.

    As a board, we received legal guidance that granting the envelope of emergency funding to already approved projects meant no individual board member was in conflict of interest. The legal advice is recorded in the board minutes.

     In approving emergency funding to all 126 companies in the portfolio, the board did not consider or discuss any companies individually. We did not even have a list of the recipients when the vote was taken. We acted in good faith.

     Our entire focus was on the well-being of the portfolio companies during an unprecedented global crisis. At that time, we were lauded for taking proactive measures to help secure these companies' future, including a thank you letter from the minister.

    To be clear, the $217,000 NRStor received as a COVID payment from SDTC was directly invested in the Goderich project, a limited partnership distinct from NRStor itself. These monies are accounted for as part of the project, and the expenditures were verified by audited statements prepared by PwC. No money went to me or my salary.

     In fact, I did not receive a salary from NRStor in 2020. This is the true nature of Canadian start-up culture.

    I truly believe in the potential of the clean-tech sector to create jobs and transform our economy. This is what drives me.

    Thank you. I'm happy to take your questions.

    Thank you very much, Madam Verschuren.

    We'll start the conversation with MP Perkins for six minutes.

    Thank you, Chair.

    Ms. Verschuren, you were hand-picked by the Prime Minister, as I think as you said in your opening remarks, to do this job. Is that correct?

    I was asked by the minister of ISED at the time.

     On June 9, 2022, the Annette Verschuren Centre was granted $2 million from ACOA and an additional $2.5 million from NGen. NGen is an industry department-funded organization that got $177 million from ISED. That's $4.2 million that the Annette Verschuren Centre received on that date. Is that correct?

    The Verschuren Centre is named after my parents, Tony and Annie Verschuren—

    It's called the Annette Verschuren Centre—

    Let me—

    I'm sorry, it's called the Annette Verschuren Centre, and I didn't ask you the history of it. I asked you if it got that grant.

    It's not called the Annette Verschuren Centre. It's called the Verschuren Centre. That Verschuren Centre is a not-for-profit organization that has created an amazing number of jobs in Cape Breton—

    Are you denying that they got the grant?

    Mr. Perkins, just let—

    I asked the question, and I have limited time, and she's ragging the puck.

    I'm certainly not ragging—

    Yes, you are. Answer the question, please.

    I have a point of order, Chair. We have the witness here, and we would like for everybody to have a cordial conversation and make sure we're not harassing anybody.

    Yes, I agree.

    Mr. Perkins, I'll just ask you to let the witness answer. We can have robust but respectful conversations.

    You've known me for some time now as chair of INDU. I'm somewhat lenient on time, and I can be liberal if witnesses take longer to respond. I can be mindful of that. I would just appreciate that we have a respectful conversation.

    The Verschuren Centre got $4.2 million on June 9, 2022.

    I don't know the exact number, but it's not a contribution. Yes, it was in 2010 when that was established, and Peter MacKay was there to open up—

    Isn't that great.

    On September 5, 2023, the Verschuren Centre got another $1million from ACOA. Is that correct?

    I'm not sure, but I'm sure that.... Look, it is an organization that's really supported because it's doing tremendous—

    It seems to be supported enormously by the Liberal government.

    On September 19, they got another $3.1 million from the Industry Department. Is that correct? That's a total of $8.3 million in one year. Is that an accurate total?

    I would say, about that the money that the Verschuren Centre got, that the first tranches were under the leadership of Stephen Harper, and these more recent tranches are under the leadership of the existing government today, yes.

    That's $8.3 million plus another $1.4 million from DFO in May 2022.

    That's a total of almost $10 million in about a year and a half, so I want to ask you this question. When the SDTC investment committee considered your proposal, or the proposal from the Verschuren Centre, for another $2.2 million in 2022, did you think that was a conflict of interest?

    I'll tell you, I declared that as a conflict of interest, absolutely, right up front. The way it works, every time there's a project that comes forth, the members of the board of directors declare conflicts. They don't receive the material that is given in the board books, and they recuse themselves from the meeting. They do not get involved in any of the decision-making processes. That's how the decision works.

    I'll just remind you that you're under oath, and we had a whistle-blower here last night.

    Did you send any communication before the investment committee asking the status of that project of management?

    Honestly, I don't recall.

    That's convenient.

    Let me help refresh your memory. I have an email from the VP of investments that says, in fact, that this project was fast-tracked going forward. The testimony from the whistle-blower last night was that he will provide us with emails showing that it was fast-tracked, which was highly unusual.

    Are you not aware that that was fast-tracked, or are you saying that you don't recall ever making representations on behalf of the centre?

     Because this was a conflict, I would have limited my discussions on any of this.

     Well, apparently it didn't stop it from going through the process and coming forward and having to go all the way to the investment committee.

    In addition to that, after it was rejected because of your conflict of interest, are you aware that the staff was told to find other financing for your centre?

    No, I'm not aware of....

    Number one, I think the process worked, right?

     Well, let me refresh your memory. The minutes of the project review committee from SDTC, I see right here, where it was rejected, said that SDTC will shift its efforts to discussions with other potential funding sources with the hope that the diligence conducted today can be transferred. Then the centre received almost $10 million after that. It seems like it pays pretty well to be a well-connected Liberal who got employed out of this.

     Now, Andrée-Lise Méthot also got almost $40 million for things that she had an investment in, then got shifted to the Infrastructure Bank, and sat on the investment committee there, that gave your business $170 million.

    Isn't that correct?

    Look, we're entrepreneurs. We are investing in the future of our country. We are—

    If everything's dependent on government money.

    It's not. Every $1 spent by SDTC creates $7. It's an amazing, successful organization.

    I'm going to repeat—

    It's been successful at getting money off it.

    Mr. Perkins, your time is up.

    I'll just give a couple of seconds to the witness to respond.

    I just would like to say, look, many of us are in the clean-tech sector. This is a tough sector. It is not easy to develop projects like we are developing. Andrée-Lise Méthot is a maverick. She really understands. She's someone I have a lot of respect for. She has invested aggressively and really built companies in Canada that create jobs and that are part of the future of the growth of our economy.

    We need companies in the clean-tech sector. Ten of the 12 companies in the global list of companies are Canadian companies, one of which, by the way, is—

    Thank you, Madam Verschuren.

    I'll now yield the floor to MP Sorbara for six minutes.

    Thank you, Chair, and good afternoon to Ms. Verschuren.

    Annette, just going over everything, my understanding is that you served from 2019 until the end of 2023. Is that correct?

    No. It was until December 1. One thing I really wanted to do was the management response and action plan. I wanted to be able to complete that as the chair of SDTC and hand it over to the ISED officials and [Inaudible—Editor] that together.

    Okay.

    I also want to get it on the record that you have served in different capacities in your lifetime. You served on the national science and technology committee for Prime Minister Mulroney. You were on the North American Competitiveness Council for Prime Minister Harper. You also served for—God bless him and rest his soul—former finance minister Jim Flaherty as an economic adviser during the economic crisis in 2008-09.

    Is that not correct?

    That is correct.

    All three of them?

    Ms. Annette Verschuren: Yes, all three of them.

    Mr. Francesco Sorbara: Well, first of all, I wish to say thank you for your service to all governments that have been in power, obviously, built upon your experience and history within the business community.

    Secondly, I wish to also put on the record that with regard to your history of donations, my understanding is that you supported Jean Charest, a Conservative leadership candidate, in last year's campaign.

    Is that correct?

    Ms. Annette Verschuren: That's correct.

    Mr. Francesco Sorbara: I also understand—the profile is public—that you donated the maximum amount to his campaign.

     Yes, I did. I vote for and support individuals who I think can make a great contribution. I'm non-partisan. If you take a look at my record, I think I vote broadly.

    There are still some Progressive Conservatives around. There might be more around and it doesn't seem like they're welcome in some parties these days.

    Some hon. members: Oh, oh!

    Mr. Francesco Sorbara: I think we just heard some chirping from the backbenches, the real backbenches, about not welcoming Progressive Conservatives in the Conservative Party, but nonetheless, we'll continue on.

     The next thing is that obviously if any other MP has donations to make to other individuals that does not make them an insider.

    Moving from there, you've been around business for a long time and recusing yourself from decisions. How do you feel about that when you were with SDTC in terms of recusing yourself from decisions, which may not have been viewed at the time as having a conflict of interest or a potential conflict of interest or anything to that extent, but which with hindsight you may have excused yourself and the same decision would have been made...?

    Look, I understand business. I've been on boards for almost 30 years. I take responsibility and governance very seriously. I am a chair of a governance committee of a major company in Canada. I understand [Technical difficulty—Editor]

    It appears that we have lost the witness. We will try to figure out the reason. I will suspend the meeting until we get hold of Madam Verschuren.

    The meeting is suspended.

     Colleagues, the meeting is back in session. Given the hour and the limited resources that we have for this meeting tonight.... It appears that the witness had technical difficulties and has not been able to reconnect with the committee. Hence, the witness will be reinvited this Thursday.

    Mr. Lemire, you have the floor.

    Thank you, Mr. Chair.

    Could I have some clarification on how the invitation will be made? Personally, I wouldn't want to see this study drag on for a long time, especially in the current context.

    Are we talking about an invitation or a formal notice to come back to testify next Thursday?

    To my knowledge, there was no reluctance on the part of Ms. Verschuren to come and testify. We didn't need to summon her, because she has made herself available to testify today. From what I understood, there were technical difficulties.

    At this point, I don't see the need to summon her. She'll be invited to join us again next Thursday. I know the clerk will deal with that today.

    Okay, I understand.

    Thank you.

    In that case, I will close the discussion.

    If I have members consent I will adjourn this meeting, and see you on Thursday.

    The meeting is adjourned.