Digital technologies are being adopted across all sectors and are transforming businesses. While this can free workers from mundane tasks, improve efficiency, and open the door for innovation, there are growing concerns about the risks of these technologies.
To address this, Canada has introduced the Digital Charter Implementation Act (Bill C-27), which proposes three acts that have been described as a holistic package of legislation for trust and privacy: the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence & Data Act (AIDA). This blog summarises all three Acts, focusing on AIDA and its implications for AI risk management.
One of the major contributions of the Consumer Privacy Act (CPA) is the protections it proposed for minors regarding collecting and processing their personal information, similar to California’s Age Appropriate Design Code Act.
While the CPA’s requirements are not as comprehensive as the EU’s GDPR, which is currently the global gold standard for privacy regulation, the legislation would have important implications for Canadians if passed, including:
Penalties for non-compliance could be up to 5% of global revenue or CA$25 million, whichever is greater. There are also penalties of up to 3% of global revenue or CA$10 million for other violations.
This act would establish the Personal Information & Data Protection Tribunal, which would review ongoing recommendations by the Privacy Commissioner of Canada. In addition, this tribunal would focus on looking at the Commissioner's administrative penalty recommendations.
If the AIDA is passed, this will entail significant governance and transparency requirements for the businesses that use or develop AI in Canada. For example:
While the meaning of high-impact systems has yet to be defined in the Act, in the interim, the Algorithmic Impact Assessment tool, developed by the Government of Canada for use by state agencies in their procurement and use of AI, can be used as a guide to understanding Canada’s approach to regulating AI more widely.
Canada’s trio of laws follows from its Directive on Automated Decision-Making, which focuses on risk management concerning the federal government’s use of AI & decision making.
In addition, a recent report presented to the House of Commons corroborates Canada’s commitment to AI regulation from privacy and security verticals. This report looks at facial recognition technology and AI, focusing on the regulation and implications of the potential banning of such technologies.
If passed, businesses that develop AI for the collection and procession of personal information and those that use these tools could have to answer to federal transparency and privacy protection expectations.
The packages of legislation could also apply pertinently to businesses that use biometric and facial recognition technology, who use AI in any consumer information collection capacity, as well as to the design stage of AI in how human activities are being used to develop these systems.
There are speculations that the AIDA is unlikely to pass but is instead a skeletal placeholder until the formal passing of the EU AI Act, which is anticipated to become the global standard. However, the AIDA would set a precedent for provinces and territories across Canada to introduce and potentially enact legislation towards regulating AI across different verticals, as seen in the US.
Taking steps early is the best way to get ahead of this and other global AI regulations. At Holistic AI, our software platform combined by a team of AI experts who, informed by relevant policy, can help you manage the risks of your AI. Schedule a demo to find out more about how we can help you embrace your AI with confidence.
DISCLAIMER: This blog article is for informational purposes only. This blog article is not intended to, and does not, provide legal advice or a legal opinion. It is not a do-it-yourself guide to resolving legal issues or handling litigation. This blog article is not a substitute for experienced legal counsel and does not provide legal advice regarding any situation or employer.
Schedule a call with one of our experts