Publication
Published October 30, 2023
The Digital Charter Implementation Act, 2022 (Bill C-27) continues its progress through Parliament, having reached the Committee on Industry and Technology (INDU) after passing its second reading in the House of Commons on April 24, 2023. More recently, on October 3, 2023, the Minister of Innovation, Science and Industry (Minister) provided a series of proposed amendments to Bill C-27 (C-27 Amendments), to be reviewed and considered by INDU.
If Bill C-27 passes, it will result in the enactment of three new statutes: (a) the Consumer Privacy Protection Act (CPPA), which will replace the current federal privacy legislation, the Personal Information Protection and Electronic Documents Act or PIPEDA; (b) the Personal Information and Data Protection Tribunal Act (PIDPTA), which will establish an adjudicative tribunal; and (c) the Artificial Intelligence and Data Act (AIDA), which will govern the responsible deployment of Artificial Intelligence (AI) technologies in Canada.
Canada is among the first jurisdictions to propose legislation governing AI. The European Union is also working on AI legislation[1] (EU AI Act) and the United States is working on regulating AI, although currently through a Presidential Executive Order rather than legislation.[2] AIDA is a novel piece of legislation which, if enacted, will impose significant obligations on organizations and individuals using and creating AI systems, including what it refers to as "high-impact systems". This article gives a brief overview of AIDA, with a focus on the C-27 Amendments that would amend AIDA.
Last Fall, BD&P provided an article commenting on Bill C-27's potential impact on Alberta's provincial privacy legislation (here). This article will be the first in a series of articles explaining each new proposed statute within Bill C-27, as well as the C-27 Amendments affecting those proposed statutes.
AIDA, as proposed, will cover most aspects of AI development and use in the course of international or interprovincial trade and commerce. The regulated activities are broad and include designing, developing or making available AI systems, or the system's operations, or making available human data for the use of AI systems.[3]
Some of the key features of AIDA can be described through the following proposed requirements:
A massive implication of AIDA for businesses relates to the significant proposed fines for violators. Non-compliance with the key obligations imposed on persons responsible with respect to regulated activities[9] could amount to a fine of up to $10 million or 3% of the entity's gross global revenues, whichever is greater.[10] Fines would increase to either the greater of $20 million or 4% of the entity's gross global revenues, or the greater of $25 million or 5% of the entity's gross global revenues[11] if the organization commits certain offences under AIDA.[12]
In the current draft of AIDA, certain obligations are not clear. For example, it is not clear what constitutes a "high-impact system", yet the statute would require each entity to determine for itself if any of its systems would be considered a high-impact system. The proposed C-27 Amendments provide much-needed clarity, respecting high-impact systems and otherwise, by:
Perhaps one of the most illuminating of the C-27 Amendments is the proposed classification of "high-impact systems" which can be described as systems that deal with health or safety.
The proposed list includes seven areas of high impact:[13]
While the C-27 Amendments have only recently been introduced and are still being considered, monitoring their progress will be important to help Canadian companies—particularly in the technology sector—understand what new AI governance measures they will need to implement in the near future.
Stay tuned for future updates on Bill C-27 and the C-27 Amendments. If you have any questions about the proposed amendments, please reach out to any member of our Intellectual Property group.
[1] https://www.europarl.europa.eu/news/en/headlines/society/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence
[2] https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/
[3] AIDA s. 5(1)
[4] AIDA ss. 7, 10(1)
[5] AIDA ss. 8-9
[6] AIDA ss. 11(1),11(2)
[7] AIDA s. 12, Under AIDA s. 5(1), “harm” is defined as (a) physical or psychological harm to an individual; (b) damage to an individual’s property; or (c) economic loss to an individual
[8] AIDA ss. 5, 6
[9] AIDA ss. 6-12
[10] AIDA s. 30
[11] AIDA s. 40
[12] AIDA ss. 38, 39
[13] MinisterOfInnovationScienceAndIndustry-2023-10-03-e.pdf (ourcommons.ca)