Dan Fournier is a freelance investigative journalist in Quebec, Canada. This column is an abridged version of his original Substack article. You can read the full version here.

As Bill C-11 just recently passed the first reading in the Senate, Canadians have yet another bill to worry about regarding online privacy, namely Bill C-27.

An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act contains a lot to worry about.

While numerous concerns regarding the bill have been pointed out by others such as Bryan Short at Openmedia.org, the main focus here pertains to the exceptions explicitly stated in the act that would enable private companies to share and possibly abuse sensitive personal information of Canadians.

Section 39 of the bill clearly outlines how organizations can share our personal information without our knowledge or consent for “socially beneficial purposes.”

This could prove troublesome. For instance, let’s suppose an entity has our personal medical information, like our vaccination status. There’s nothing that would prevent them from sharing that with multiple parties, despite it being a clear violation of the Privacy Act.

Next, your personal information could easily be shared with an organization mandated by a government institution for a “socially beneficial purpose.” Looking at the bill’s definition of this term, we can see that it’s broad in scope since it encompasses “any other prescribed purpose” which essentially means carte blanche – ripe for all kinds of abuses.

Furthermore, another allowable purpose includes for “improvement of infrastructure.” Supposing that this could include the upcoming infrastructure used in the implementation of a Central Bank Digital Currency, our identity and sensitive financial information could be used to verify transactions such as purchases we make, to whom, and for what purpose. These could easily be shared with taxation agencies and private entities including those interested in tracking our financial moves, such as advertisers.

In addition, our purchases could also be scrutinized and verified in the name of “the protection of the environment”. Moreover, with the recent controversy of tracking our carbon footprints, what is to say they won’t set limits of what we can buy or how far we can travel based on whether or not we have reached our designated carbon limit?

Notably, there is no mention whatsoever about the collection of people’s biometric information. This is an astounding fact given that biometric data is becoming increasingly used to identify us online. Bill C-27 provides next to zero protection regarding the use or abuse of this type of data that is central to our personal identity.

Who introduced Bill C-27?

Trudeau-appointed François-Philippe Champagne, current Minister of Innovation, Science and Industry is the bill’s sponsor.

Champagne was designated a “young global leader” by the World Economic Forum (WEF) and still figures among its featured people.

While being tied to the WEF doesn’t necessarily signify mischievous intentions by the Canadian politician, it does, however, raise some concerns with regards to the motivations behind introducing Bill C-27.

There are currently thousands of companies that are poised to gain access to Canadians’ personal information if this bill eventually becomes law. A lot of the data being tracked and used by them include people’s online and spending habits, personal preferences, and financial transactions. As people spend an increasing amount of time online and surrender personal details to access various services, they are exponentially vulnerable to abuse.

Bill C-27 opens a real Pandora’s Box when it comes to the wanton dissemination of sensitive private information of Canadians.

The bigger question that remains, though, is how much opposition will the bill face by members of the opposition in Parliament and by ordinary Canadians who value their right to privacy?