Canada Aiming at Improving Cybersecurity of Federally Regulated Industries Through Bill C-26

Canada recently started looking at a new piece of legislation that seeks to strengthen cybersecurity of businesses and organizations the activities of which fall within ambit of activities that the Federal government can directly regulate.

Interestingly, contrary to most Canadian legislation so far and that touch upon cybersecurity, the focus this time is not on whether an organization collects, uses or discloses personal information. Rather, the bill at issue would seek to cover whole swats of certain industries, whether the organizations operating therein do or do not deal with personal information. This is a new approach in Canada which may signify that the government is finally realizing we collectively need to take cybersecurity more seriously, and that it is more than an issue of personal information.

Bill C-26 proposes to impose on telecommunication providers a new regime that would force them to adopt better cybersecurity practices, with a view to better protecting Canadians who rely on their services for things like cell phone and Internet services.

More generally, the bill would also empower the Canadian government to force federally regulated businesses to clean-up their act (so to speak), cybersecurity-wise, especially when it may jeopardize national security or public safety. As you may know, in Canada, federally regulated businesses include, for example, those who deal with:

  • radio, television and telecommunications, such as Internet providers;
  • air transportation, including airlines, airports, ports, shipping, boats, as well as railways and road transportation services that cross borders;
  • banks;
  • certain energies and their transport, like pipelines, etc.

Bill C-26 would allow the Federal government to require organizations operating in those areas to take cybersecurity more seriously, in particular when public safety may be involved. For example, this may allow the government to dictate that operators of pipelines better protect and monitor their computer systems, with a view to avoiding major catastrophes that may eventually result from cyber-attacks.

In addition to eventually requiring organizations in those industries to adopt and apply cybersecurity programs and to better protect their systems, C-26 would also require the organizations at issue to report eventual cybersecurity breaches, something they currently are not generally required to do.

Bill C-26 is currently at the First Reading stage.

Canadian Government Angling to Control Content Placed Online, including UGC and Even Apps

As you may recall, since last fall, the Canadian government has been working toward getting its bill C-10 enacted. The bill aims to allow taxing streaming services such as Netflix. Though this may have been the initial impetus behind the introduction of the bill, we’re now seeing that C-10 may also go so far as to allow the regulation of content placed online, including user-generated content, computer games and apps of all kinds. Yes, Canada seems to have decided to shed its laissez-faire attitude toward what’s placed on the Internet.

Indeed, it would now seem that the Liberal government may be trying to broaden bill C-10 so as to grant the CRTC additional powers to regulate whatever is placed online, including (the latest twist in this little legislative soap opera), apps—yes, you read this right: apps. This story is being disseminated by Michael Geist, further to a statement seemingly made by mistake by an MP while commenting on an amendment that has yet to be formally introduced. Apparently, the government may be in the process of making changes to C-10 that would allow the CRTC to regulate not only streaming services, but also some content itself, such as apps made available on the Internet.

Though the government stated it did not intend to try and regulate computer games, it now appears C-10 may, on the contrary, end up allowing the CRTC to regulate software made available through the Internet, a prospect that has many cringing.

From a bill initially justified as a way to simply allow the taxation of streaming services (such as Netflix) in Canada (to level the playing field vs. other ways of making content available to Canadians), we’re now faced with a bill that seems to be transmogrifying into a bill meant to empower the government (through the CRTC) to control what is placed or made available by and to Canadians online. This may end up being extended and/or applied to computer games, content placed on social networks, blog posts, podcasts, etc. Hmm, so much for the CRTC’s 2000 position that it wouldn’t mess with the Internet.

Is it just me or are we faced with a slight drift in the federal government’s recent efforts to try and better control the Internet in Canada? Hmmm—to be continued, unfortunately.

Canada Opts for New Digital Services Tax

The media is reporting that Canada’s 2021 budget which was recently made public includes the idea of implementing a digital services tax (“DST”) that will be imposed on foreign businesses providing digital services to Canadians. This tax will, of course, apply to companies and services such as Netflix, Spotify and Amazon Prime, but also to other businesses that generate revenues through matching sellers with buyers online, dealing with user-generated content, advertisements through online platforms, and selling or licensing user data.

The rate of this new tax would be set at 3% of the income these businesses generate from digital services provided to Canadians. This, the Canadian government believes, will allow Canada to obtain its fair share of the revenues being generated from streaming and online services, which are often provided to Canadians by foreign (usually American) companies.

This new tax will come into effect on January 1, 2022, and is expected to bring in about 500 million dollars per year for the Canadian government. With figures like these, one has to admit it may be hard to resist for a country like Canada.