Canadian privacy watchdog publishes recommendations on regulating use of AI

The Office of the Privacy Commissioner of Canada (the OPC) yesterday outlined recommendations for regulating the use of artificial intelligence, including a rights-based approach.

The recommendations include creating a right for a meaningful explanation of automated decisions, and a right of subjects to contest these decisions. It also wants to require organisations to design AI systems from their conception in a way that protects privacy. The OPC is also suggesting it receives powers to issue binding orders and financial penalties to ensure compliance.

The OPC is recommending exceptions to consent for the use of personal information for research and statistical purposes, compatible purposes, and legitimate commercial interests purposes.

An OPC spokesperson said: “AI offers the potential to help address some of today’s most pressing issues. However, uses of AI that are based on individuals’ personal information can have serious consequences for privacy. AI models have the capability to analyze, infer and predict aspects of behaviour and interests.

“AI systems can use such insights to make automated decisions about people, including whether they get a job offer, qualify for a loan, pay a higher insurance premium, or are suspected of unlawful behaviour. Such decisions have a real impact on lives, and raise concerns about how they are reached, as well as issues of fairness, accuracy, bias, and discrimination.”

The recommendations follow a public consultation on proposed changes to the Personal Information Protection and Electronic Documents Act.

At-a-glance: The OPC recommendations

  • allow personal information to be used for new purposes towards responsible AI innovation and for societal benefits
  • authorize these uses within a rights based framework that would entrench privacy as a human right and a necessary element for the exercise of other fundamental rights
  • create a right to meaningful explanation for automated decisions and a right to contest those decisions to ensure they are made fairly and accurately
  • strengthen accountability by requiring a demonstration of privacy compliance upon request by the regulator
  • empower the OPC to issue binding orders and proportional financial penalties to incentivize compliance with the law
  • require organizations to design AI systems from their conception in a way that protects privacy and human rights



Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.