Innovation, Science and Industry minister François-Philippe Champagne and Justice minister David Lametti introduced the ‘Digital Charter Implementation Act, 2022′ on June 16th to strengthen Canada’s privacy laws, create new rules around artificial intelligence (AI) and more.
The act includes three proposals. First, the proposed Consumer Privacy Protection Act (CPPA) aims to protect Canadians’ privacy by establishing clear rules around how organizations can handle personal information.
Second, the proposed Personal Information and Data Protection Tribunal Act will create a new tribunal to enforce the CPPA.
Finally, the proposed Artificial Intelligence and Data Act (AIDA) will introduce new rules around the development and deployment of AI systems.
The CPPA will help bring Canadian privacy law in line with international partners
In a press release, the government described some of the goals of the CPPA, which will ultimately replace the Personal Information Protection and Electronic Documents Act (PIPEDA) once passed. It’s worth noting that a previous version of the Digital Charter introduced in 2020 was considered a “step back” by Privacy Commissioner Daniel Therrien.
The CPPA will increase control and transparency around how organizations handle Canadians’ personal information. For example, it will require companies provide plain-language information about how they use Canadians’ data so that Canadians can give meaningful consent.
Additionally, the act will give Canadians the freedom to securely move information from one organization to another.
A major focus of the CPPA includes protections for minors, such as limiting the ability of organizations to collect information on minors. The act aims to hold organizations that handle the information of minors to a higher standard. Another part of this focus will be ensuring that Canadians can request that their information be disposed of when it’s no longer needed (parents will be able to make these requests on behalf of minors).
Along with this, the CPPA will enable broad, order-making powers for the Privacy Commissioner of Canada. These powers include the ability to make a company stop collecting data or using personal information.
Finally, the CPPA will establish fines for organizations that fail to comply. Fines can total up to five percent of global revenue or $25 million, whichever is greater, for the most serious offences.
Canada will get an AI and Data Commissioner
One of the main benefits AIDA will introduce will be a new AI and Data Commissioner. That commissioner will support the Minister of Innovation, Science, and Industry in fulfilling the responsibilities of the act. For example, that includes monitoring company compliance, ordering third-party audits, and sharing information with other regulators and enforcers.
AIDA aims to protect Canadians from potential AI harms through the establishment of rules to ensure developing and deploying “high-impact AI systems” mitigates harm and bias. Further, AIDA will outline clear criminal prohibitions and penalties around the use of unlawfully obtained data in AI development, reckless deployment of AI that can pose serious harm, and fraudulent intent to cause substantial economic loss through AI deployment.
The Canadian government has posted details about the Digital Charter Implementation Act on the Innovation, Science, and Economic Development (ISED) website, including text and visual summaries of the bill. You can find that here. Moreover, the full text of the bill will become available later today here, although it’s disappointing the bill was not made available sooner.
You can find the full proposed bill here.
Image credit: Shutterstock
