The Office of the Privacy Commissioner of Canada (the OPC) yesterday outlined recommendations for regulating the use of artificial intelligence, including a rights-based approach.
The recommendations include creating a right for a meaningful explanation of automated decisions, and a right of subjects to contest these decisions. It also wants to require organisations to design AI systems from their conception in a way that protects privacy. The OPC is also suggesting it receives powers to issue binding orders and financial penalties to ensure compliance.
The OPC is recommending exceptions to consent for the use of personal information for research and statistical purposes, compatible purposes, and legitimate commercial interests purposes.
An OPC spokesperson said: “AI offers the potential to help address some of today’s most pressing issues. However, uses of AI that are based on individuals’ personal information can have serious consequences for privacy. AI models have the capability to analyze, infer and predict aspects of behaviour and interests.
“AI systems can use such insights to make automated decisions about people, including whether they get a job offer, qualify for a loan, pay a higher insurance premium, or are suspected of unlawful behaviour. Such decisions have a real impact on lives, and raise concerns about how they are reached, as well as issues of fairness, accuracy, bias, and discrimination.”
The recommendations follow a public consultation on proposed changes to the Personal Information Protection and Electronic Documents Act.
At-a-glance: The OPC recommendations
- allow personal information to be used for new purposes towards responsible AI innovation and for societal benefits
- authorize these uses within a rights based framework that would entrench privacy as a human right and a necessary element for the exercise of other fundamental rights
- create a right to meaningful explanation for automated decisions and a right to contest those decisions to ensure they are made fairly and accurately
- strengthen accountability by requiring a demonstration of privacy compliance upon request by the regulator
- empower the OPC to issue binding orders and proportional financial penalties to incentivize compliance with the law
- require organizations to design AI systems from their conception in a way that protects privacy and human rights