Tag Archives: legislation

Canadian Privacy Commissioner Unimpressed with Bill C-11 as it Currently Stands

Posted on by

The Canadian Privacy Commissioner recently voiced serious concerns with Bill C-11, a piece of legislation meant  to replace the Canadian law relating to  personal information. Though it is meant to upgrade Canadian legislation, Commissioner Therrien believes the revised law would actually lessen the protection of personal information for Canadians.

As you may remember, the Canadian Parliament tabled new bill called C-11, back in September, meant to overhaul our the Canadian personal information protection statute. This bill is currently being studied, including as changes which may be required before it should become law.

Mr. Therrien recently spoke about this bill at an online conference put together by the Option Consommateurs, where he gave us his take on C-11, namely that this bill falls short of adequately protecting Canadians.

For one thing, the Canadian Commissioner says the new law should make it harder for businesses to use obscure or vague language, when requesting consent from individuals, but it does not. Even under the new statute, businesses could continue to ask for consent using language that is unclear or not specific enough. According to him, Bill C-11 would lower the standard to apply to consents from individuals.

Not too surprisingly, the Commissioner also disagrees with the Legislator’s decision to create a new system whereby penalties would be heard by a new administrative tribunal, as opposed to the office of the Privacy Commissioner of Canada. He believes this new structure will only result in process that is even more cumbersome in cases of violation of the privacy protection statute.

The Commissioner also reiterated that he believes Canada should be enshrine the individuals’ rights to the protection of their personal information, for example in Constitution-like documents meant to confer on that right a charter-like protection. Sadly enough, Canada has yet to protect the righto to the protection of personal to that extent. According to the Canadian commissioner, this weakens what Canadians can expect in terms of protection from the law.

European Law Makers Targeting AI

Posted on by

The media are reporting this week that Europe’s Parliament tabled legislation yesterday proposing to impose a legal framework to the use of artificial intelligence (“AI”) by businesses. The announcement introduces yet another bill that innovates far beyond what most (if not all) other jurisdictions are currently doing, in this case to regulate AI, which is somewhat akin to Europe’s adoption of the GDPR, on the privacy side, two years ago.

This time around, the proposed legislation seeks to constrain what businesses may do with AI by dividing such systems in 4 categories, based on the level of risk that any such system may carry for the rights and safety of individuals. Even though we can all agree that AI brings with it a great potential to increase efficiency, it also involves substantial risk, in particular as regards violating the rights of individuals, including as to privacy but also as to their security, human rights, etc. Because of these risks, the new European statute proposes a framework meant to curb potential abuses by imposing rules, limits and prohibitions on the worst kinds of AI systems, with a view to avoiding a nightmare scenario in which citizens’ existence comes to be ruled through AI systems that individuals can no longer really control or understand.

In short, Europe wants its citizens to retain confidence in AI, which it proposes doing by imposing a framework over the use of those types of systems. For example, the proposed regulation would prohibit the use of AI systems by organizations which represent an “Unacceptable risk,” while allowing but restricting those that represent a “High risk,” and imposing limited rules and restrictions over those systems that represent merely a “Limited risk” or a “Minimal risk.”

To give you an idea, according to the announcement: “AI systems considered a clear threat to the safety, livelihoods and rights of people [i.e. “Unacceptable risk”] will be banned. This includes AI systems or applications that manipulate human behaviour to circumvent users’ free will (e.g., toys using voice assistance encouraging dangerous behaviour of minors) and systems that allow ‘social scoring’ by governments.”

The proposal would then constrain “High-risk” AI systems, namely “AI technology used in:

Critical infrastructures (e.g., transport), that could put the life and health of citizens at risk;

Educational or vocational training, that may determine the access to education and professional course of someone’s life (e.g., scoring of exams);

Safety components of products (e.g., AI application in robot-assisted surgery);

Employment, worker’s management and access to self-employment (e.g., CV-sorting software for recruitment procedures);

Essential private and public services (e.g., credit scoring denying citizens opportunity to obtain a loan);

Law enforcement that may interfere with people’s fundamental rights (e.g., evaluation of the reliability of evidence);

Migration, asylum and border control management (e.g., verification of authenticity of travel documents);

Administration of justice and democratic processes (e.g., applying the law to a concrete set of facts).”

Again according to the proposal, “High-risk AI systems will be subject to strict obligations before they can be put on the market:

Adequate risk assessment and mitigation systems;

High quality of the datasets feeding the system to minimize risks and discriminatory outcomes;

Logging of activity to ensure traceability of results;

Detailed documentation providing all information necessary on the system and its purpose for authorities to assess its compliance;

Clear and adequate information to the user;

Appropriate human oversight measures to minimize risk;

High level of robustness, security and accuracy.”

Though I am not aware of any similar legislative initiative in Canada at the moment, I think we can safely assume something like this will creep up here as well at some point. As with the GDPR initiative (as to privacy), it is more than likely Europe’s new proposed legislation is going to be imported abroad eventually, including in Canada, to a certain degree.

If you’re curious, this draft legal framework includes 85 articles spread over something like 50 pages—yeah, light reading for the beach this summer, if you see what I mean.