Canada’s proposed new data privacy rules tackle biometric bias and illegal training data


New data privacy bill tabled as part of the Bill C-27 aims to tighten restrictions around the collection of private data and includes legislation to limit uses of artificial intelligence in the private sector, but not for law enforcement.

Introduced in response to its predecessor, Bill C-11 (2020), the new bill includes clearer delineations between “anonymized” information, which can be traced back to an individual, and “anonymized” information. who cannot. It also proposes the Artificial Intelligence and Data Act, to establish standard requirements for the design, development and use of AI systems, including biometrics, in commerce and commerce, and penalties for those who use the technology illegally.

Specifically, the bill requires the development of measures to “identify, assess, and mitigate the risk of harm or biased output” that could result from the use of an AI system, an operating company in facial recognition and related fields, and the appointment of a new AI and data commissioner to oversee compliance.

However, there are exceptions. The Act will not apply to activities, services or products under the direction or control of the Minister of National Defence, the Director of the Canadian Security Intelligence Service, the Head of the Communications Security Establishment or “any other person in charge of a federal or provincial department or agency and who is prescribed by regulation”.

The Canadian Civil Liberties Union and Canada’s outgoing privacy commissioner, Daniel Therrien, criticized Bill C-11, saying it offered inadequate data privacy protections and weakened actually some existing protections. They called for tougher measures on facial recognition technology, following revelations that Clearview AI counted the Royal Canadian Mounted Police among customers using its biometrics platform.

A report by the Privacy Commissioner released in February 2021 determined that under PIPEDA, Clearview had “collected, used and disclosed the personal information of individuals in Canada for improper purposes, which cannot be appropriated by consent”.

The bill includes rules against the use of systems developed with illegally obtained personal information, an apparent reference to Clearview’s biometric training database of images pulled from the web.

Speaking at a press conference, Innovation Minister Francois-Philippe Champagne called the C-27 “one of the strictest frameworks you can find among G7 countries” in matters of confidentiality. The bill, officially called the Digital Charter Implementation Act, includes the Artificial Intelligence and Data Act, the Consumer Privacy Act and the Privacy Court Act. Personal Information and Data, which sets out guidelines for creating a panel of three to six tribunal members to oversee hearings.

Other provisions include new protections for the personal information of minors, the requirement that consent be obtained in plain language that an average reader “would reasonably be expected to understand” and allows individuals to request that their data be permanently deleted. if they withdraw their consent.

Article topics

AI | bias | biometric data | biometric identifiers | biometrics | Canada | data collection | data privacy | data storage | legislation | regulation

Previous Indonesia in the top market will reach $16.38 billion by
Next iOS 16 - Apple just solved the most annoying thing about the internet