data collection Archives - IPOsgoode /osgoode/iposgoode/tag/data-collection/ An Authoritive Leader in IP Thu, 23 Oct 2025 15:36:43 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Identifying the implications of Big Tech and digital personal data for competition policy /osgoode/iposgoode/2025/03/17/identifying-the-implications-of-big-tech-and-digital-personal-data-for-competition-policy/ Mon, 17 Mar 2025 05:09:43 +0000 /osgoode/iposgoode/?p=41068 Our paper demonstrates the growing awareness among policymakers of the important effects of Big Tech and personal data collection on competition and market power.

The post Identifying the implications of Big Tech and digital personal data for competition policy appeared first on IPOsgoode.

]]>

By 'Damola Adediji

Image of author 'Damola Adedeji

and worldwide have continued to express deep concerns about Big Tech firms and their extensive collection of personal digital data, which affects how markets operate and compete. In a I coauthored with Professor Kean Birch of 91ŃÇÉ«, we dove into these policy materials, using to explore recurring themes in across various regions. Published by the , our work also sheds light on how the collection of personal data is portrayed in the latest review of competition laws, policies, and regulations, and the implications for evolving competition policy

Why Competition Policy Matters

Big Tech firms are powerful political-economic actors within the economy, especially when it comes to the mass collection and use of digital personal data. As , in a data-driven digital economy, they can therefore shape and dominate markets by structurally and strategically undermining competition through their constructed platforms—data-driven ecosystems that appear separate from the market. This capacity gives Big Tech firms structural and techno-economic power over their competitors, making it more important than ever for competition law to step up its game. Through a thematic policy analysis, our research reveals a series of key issues that policymakers around the world are identifying as important structural and techno-economic implications of Big Tech for competition.

Structural and Techno-economic Dimensions of Big Tech’s Market Power

A significant part of Big Tech firms’ market power lies in economies of scale, which can create tough barriers for new competitors to break through. For example, as points out, the high costs needed to start a business can be a genuine hurdle for newcomers, while established companies can handle regulatory costs much more comfortably. Additionally, the costs involved in switching from one provider to another can make users hesitant to change. As highlighted by , the digital economy has sped up the impact of these economies of scale, in part because personal data complicates how we understand market definitions in competition policy. The basic assumptions that guide competition policy often use price theory to define markets and identify anti-competitive behaviour. These competition frameworks therefore struggle to address situations involving seemingly ‘free’ goods (like search engines) or the trade of these free goods and services for personal data. , ).

Meanwhile, the techno-economic side of the power held by these Big Tech firms includes both the strategic and responsive growth of relationships involving technology and political-economics. This growth is aimed at connecting a range of stakeholders, including governments, businesses, users, and academia, with the infrastructures and platforms created by Big Tech.

Structural Implications of Big Tech for Competition

Scholars such as have highlighted the significance of the network effect as a key structural implication of Big Tech for competition policy. These companies have established themselves as intermediaries in building multi-sided market platforms. Network effects result from how the number of users in a network (e.g., social media platforms, search engines) increases the usefulness of the network to its users, thereby raising its attractiveness for new users. Consequently, as the noted in 2020, network effects lead to a self-reinforcing cycle in which users migrate to the fastest-growing network. With this network effect, Big Tech companies are amassing a startling amount of data, providing them with an enormous competitive advantage, creating barriers to rivals entering or thriving in relevant markets, and allowing the incumbent digital platform providers to expand into adjacent markets.

The second structural effect is connected to but distinct from the first: investments made by Big Tech firms mean they can scale up with lower-than-usual costs. As the UK's 2019  put it, ‘Both the scale and the data that the platforms possess on consumers make it hard for other players, including publishers, to compete.’ Economies of scale have provided significant benefits for Big Tech firms as they have grown quickly to dominate their markets. This is clearly becoming a cause for concern amongst policymakers worldwide (as seen in, e.g., , , , OECD 2022). The main negative effect of such economies of scale is the loss of market contestability: there are significant barriers to entry into digital markets because Big Tech incumbents benefit from first-mover technology advantages; there are also significant disparities in market information; and then there are disparities in the capacity to adjust prices because incumbents benefit from greater information (e.g., data collection) and higher processing capacity (e.g., computing infrastructure). 

The third structural issue identified in our paper is the gatekeeping role of these Big Tech companies in our societies and economies. Policymakers have thus noted that a few digital gatekeepers hold the keys to the crucial digital infrastructure that impacts our everyday lives—whether it's staying in touch with friends, finding job opportunities, or accessing information. Gatekeepers can control access to the users and their data, which can hold significant value for other firms wishing to connect with consumers. The fact that this vital digital infrastructure, including personal data, is largely provided by Big Tech, makes it tough for startups and competitors to enter the market.

Techno-economic implications of Big Tech for competition

The first techno-economic issue we identify is the capacity of Big Tech to enter adjacent markets through data collection. As the  pointed out in 2019, ‘The extensive amount of data available to Google and Facebook provide these platforms with a competitive advantage and assist with entry into related markets.’ Data-driven business models enable Big Tech to enter adjacent markets through the modular extension of technical standards and terms and conditions (e.g., APIs, SDKs, plugins).

The second techno-economic issue concerns the spread of market power through the creation of digital ecosystems as ‘walled gardens.’ An ecosystem is more than a platform: it is the configuration of technical devices, applications and software, platforms, users and developers, payment systems, terms and conditions, and other legal rights and claims and standards (see: Autoriteit Consument & Markt, 2019). As explained by the , through this ecosystem, end-users get locked in, reducing the opportunity for competition, even when products and services (e.g., Gmail, Facebook) are notionally ‘free.’

The third techno-economic issue follows the second: Big Tech reinforces its market power by creating ‘enclaves’ in which they govern economic activities. These enclaves are distinct from markets; they sit inside wider markets, , but gatekeepers can also establish the internal ‘rules of the game’ and control market information. Policymakers have highlighted various relevant business strategies and practices—including the setting of defaults, cross-selling, and self-preferencing—that reduce competition within these techno-economic enclaves.

Challenges of digital personal data for competition and competition policy

The mass collection and use of personal data by Big Tech therefore has structural and techno-economic implications for competition policy—implications with which policymakers around the world are now grappling.

A key consideration in these policy materials is the techno-economic dimension of data-driven leverage. Policymakers repeatedly observe that Big Tech enjoys a competitive edge, primarily because of its vast personal data reserves and its ability to limit other companies' access to this valuable information. Although any digital firm can gather personal data, having substantial data holdings boosts innovation potential and offers a notable business advantage. This concern has been underscored by the.

Already concentrated digital markets are likely to concentrate further without concerted action to change competition policy. Our paper demonstrates the growing awareness among policymakers of the important effects of Big Tech and personal data collection on competition and market power. Of course, there's also a looming concern that the winner-takes-all dynamics fuelled by data control could influence the future development of important technologies like artificial intelligence, which significantly depend on large training datasets.

'Damola Adediji is a Visiting Researcher with IP Osgoode and a Doctoral Candidate with the Centre for Law, Technology & Society at the University of Ottawa.

The post Identifying the implications of Big Tech and digital personal data for competition policy appeared first on IPOsgoode.

]]>
A 24/7 Police Line-up: Clearview AI, the RCMP, and Privacy Laws /osgoode/iposgoode/2021/07/16/a-24-7-police-line-up-clearview-ai-the-rcmp-and-privacy-laws/ Fri, 16 Jul 2021 16:00:00 +0000 https://www.iposgoode.ca/?p=37851 The post A 24/7 Police Line-up: Clearview AI, the RCMP, and Privacy Laws appeared first on IPOsgoode.

]]>
Security cameras

Photo Credit: ()

Natalie BravoNatalie Bravo is anÌęIPilogueÌęWriter and a 2L JD Candidate atÌęOsgoodeÌęHall Law School.Ìę

Ìę

(FRT) is an increasingly popular and controversial tool used by public authorities and commercial institutions. FRT increases surveillance methods for investigative or security work. FRT easily collects vast quantities of biometric information with minimal cost or effort. Sensitive identity-based data is particularly valuable.

These databases and data collection methods are not without risk. Reports of and Canadian privacy law violations weaken the argument for implementing FRT. On June 10, 2021, issued a on FRT and -related surveillance as it pertains to the Canadian public. The special report specifically investigates the RCMP’s use of Clearview AI (with FRT), pursuant to section .

What is Clearview?

(“Clearview”) is an American-based entity that has amassed a wide catalogue of facial images with associated location information. Users with Clearview accounts can access the images for matching purposes. In October 2019, the RCMP confirmed that it . The OPC subsequently received a complaint under the . Clearview also has their

Canadian Legislation

The OPC investigation and report engages the Privacy Act, specifically : “No personal information shall be collected by a government institution unless it relates directly to an operating program or activity of the institution.”

Further, applies to “private-sector organizations across Canada that collect, use or disclose personal information in the course of a .” Commercial activity is defined by law as “any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.”

, , and have their own privacy laws that may apply instead of PIPEDA. Most organizations within these provinces rely on provincial privacy laws, except for “,” or “ (FWUBs) such as banks, telecommunications and transportation companies,” .

2020 Investigation into Clearview

On February 21, 2020, the OPC, along with privacy authorities in , , and (“the Offices”), began investigating Clearview, their FRT database, and database disclosures pursuant to . Clearview’s collection practice was found to contravene privacy laws in all investigating jurisdictions. This investigation provided much of the backdrop for the subsequent RCMP investigation. As outlined in the , the Offices set out to identify whether Clearview:

  1. “obtained requisite consent to collect, use and disclose personal information; and
  2. collected, used and disclosed personal information for an appropriate purpose.”

The Commission d'accĂšs Ă  l'information (CAI) also sought to determine if Clearview had:

  • “reported the creation of a database of biometric characteristics or measurements.”

The OPC’s February 2021 report of Clearview’s facial recognition tool identified .

“C±ô±đČč°ù±čŸ±±đ·É:

  1. “scrapes” images of faces and associated data from publicly accessible online sources (including social media), and stores that information in its database;
  2. creates biometric identifiers in the form of numerical representations for each image;
  • allows users to upload an image, which is then assessed against those biometric identifiers and matched to images in its database; and
  1. provides a list of results, containing all matching images and metadata. If a user clicks on any of these results, they are directed to the original source page of the image.”

The OPC found that Clearview’s database contains over , including pictures of Canadian faces (including children) collected without their knowledge or consent. Clearview allows law authorities and commercial entities to match people to online images within their database. The OPC found that the large image database “The OPC stated that police authorities can “essentially” subject billions of people Ìęto a non-consensual .

The OPC concluded that Clearview’s operations harm Canadians as they may detriment individuals whose photos are used without their explicit and informed consent. The method in which images were scraped from web pages was also found to be “”, among other Clearview activities.

The OPC provided three recommendations for Clearview to better comply with federal and provincial privacy laws: cease offering its facial recognition tool to clients in Canada; (ii) cease the collection, use and disclosure of images and biometric facial arrays collected from individuals in Canada; and (iii) delete images and biometric facial arrays collected from individuals in Canada in its possession.”

, noting that they had withdrawn from Canada during the investigation, and did not commit to the recommendations. Clearview also suggested that the OPC should suspend the investigation and not publish the report.

RCMP Investigation in the Special Report:

As Clearview was clearly found to contravene privacy laws, the RCMP’s use of Clearview technology was also the Privacy Act’s collection policies.

Curiously, ; that was false and concerned the OPC. According to , the RCMP made hundreds of search requests through the database on at least 19 accounts. The OPC assessed the RCMP’s They found that the RCMP failed to properly ensure that their use of Clearview technology complied with the Privacy Act. Further, the RCMP did not report any system implemented to “ Clearview’s data. This represented a serious lack of care regarding the sensitive information collected. Ultimately, the OPC recommended “ within a year to handle (any) novel collections of data.

The RCMP that they violated section 4 of the Privacy Act. In fact, they argued that under the Act, they do not have a duty to ensure legal compliance of private third parties like Clearview. However, they did agree to OPC’s recommendations in an effort to improve operations.

Soon after the OPC launched their RCMP investigation, the RCMP internally worked to some of the issues. They restricted their use of Clearview and started the “National Technology Onboarding Program” to look into how novel investigative techniques comply with the Privacy Act and the . As of July 2020, Clearview stopped offering its services to Canada, and the RCMP stopped using it altogether.

In light of this , the OPC published the “” (“the Draft”) to provide provincial, regional, federal, and municipal police agencies with more detailed privacy compliance information. The guide offers a with various related guidance, and data management related to , , , , , and more.

The OPC also offers up-to-date information on the accuracy of FRT and algorithms, emphasizing the . In the same way, the guide underlines “.” In other words, agencies should only collect and retain what is necessary, rather than cast a wide net. The is a rather thorough document with many references to specific case law and related authority. It demonstrates the importance of privacy in Canadian society and the seriousness in which Canadian officials deal with consent, surveillance, and novel technology. FRT may evolve into a useful tool, but until it meets the recommendations of the OPC, the RCMP will need some constructive and careful effort to use FRT again.

The post A 24/7 Police Line-up: Clearview AI, the RCMP, and Privacy Laws appeared first on IPOsgoode.

]]>
Contact-Tracing Apps in a Post-Lockdown World: Tech Giants Attempt to Address Privacy Concerns in New Proposal /osgoode/iposgoode/2020/05/27/contact-tracing-apps-in-a-post-lockdown-world-tech-giants-attempt-to-address-privacy-concerns-in-new-proposal/ Wed, 27 May 2020 17:44:22 +0000 https://www.iposgoode.ca/?p=35529 The post Contact-Tracing Apps in a Post-Lockdown World: Tech Giants Attempt to Address Privacy Concerns in New Proposal appeared first on IPOsgoode.

]]>
As countries roll out their plans to ease physical distancing measures, a safe return to ‘normal’ life where individuals previously occupied crowded spaces appears to need a bit of help from technology. have unveiled plans for digital tracking models that rely on self-reporting in order to limit the spread of future outbreaks. The use of contact-tracing tools however has received pushback from privacy experts as well as the public at large for being too invasive or leading to the creation of a In a press briefing, when asked about data gathering and privacy issues surrounding contact-tracing apps that finding a ‘balance’ between efficient data collection and Canadians’ right to privacy is “extremely important”.

Although any form of digital model that relies on data collection is going to have privacy drawbacks, it is important for app developers to understand the extent to which users are willing to compromise their privacy for the sake of safety and security. Contact-tracing apps have been in slowing the spread of COVID-19 in numerous East Asian countries. The to the implementation of contact-tracing models is the fact that they rely on voluntary participation of individuals who have tested positive for the virus. Examples of successful implementation of smartphone apps for the purposes of containment of COVID-19 outbreaks in Singapore and South Korea show that for these models to be effective, must be willing to participate. With ever-increasing skepticism of the public towards any form of mass data collection following recent scandals such as , convincing the public to opt in to a database where their daily contacts may be stored by private or public entities is undoubtedly going to be difficult.

To help address existing concerns regarding the anonymity of participants, a is attempting to strike a balance between efficacy and privacy-preservation in a newly proposed contact-tracing app. To gather data, the app is mainly going to use the on participants’ smartphones. When two participants come in contact with each other, the Bluetooth signals from their phones will perform a . The app will then keep an individualized record of the participants’ encounters under an anonymous ID and in a case where a user voluntarily discloses that they have tested positive for the virus, the app will inform all of the individuals whom the user had encountered . By using Bluetooth and not revealing the identity of participants, this joint innovation is attempting to move away from the invasive approach of and provides more privacy for its users. Additionally, the Apple-Google digital tool information gathering by passing stored data from one personal device to another as opposed to sending data to local or federal authorities.

Although widespread testing and public cooperation are going to be crucial in preventing future outbreaks, skepticism towards any form of data collection from a privacy standpoint is reasonable. The efficacy of a contact-tracing model is ultimately going to depend on the public’s trust in the program and the joint proposal by Google and Apple is a good attempt at addressing privacy concerns regarding identity disclosure and data collection by the government.

Written by Bonnie Hassanzadeh, IPilogue editor and Clinic Fellow at Osgoode Innovation Clinic.

The post Contact-Tracing Apps in a Post-Lockdown World: Tech Giants Attempt to Address Privacy Concerns in New Proposal appeared first on IPOsgoode.

]]>
Sidewalk Labs Withdraws from Quayside Development Project /osgoode/iposgoode/2020/05/21/sidewalk-labs-withdraws-from-quayside-development-project/ Thu, 21 May 2020 20:07:44 +0000 https://www.iposgoode.ca/?p=35493 The post Sidewalk Labs Withdraws from Quayside Development Project appeared first on IPOsgoode.

]]>
On May 7th, 2020, Sidewalk Labs announced that it is withdrawing from the controversial Quayside development project, putting an end to years of planning and debate in Toronto. Was the move truly motivated by the economic instability the world faces because of COVID-19, or was it simply time for the company to remove itself from a project that was becoming too burdensome?

What is Sidewalk Labs?

Sidewalk Labs is a company run by Alphabet, Google’s parent company. In 2017, Waterfront Toronto launched a request for proposals to develop the Quayside area, and Sidewalk Labs was announced as the successful applicant that same year. Since then, there have been a number of plans and amendments submitted by Sidewalk Labs, and a number of public consultations and setbacks to the project, which will be discussed later in this blog. You can find a full timeline of the project .

Sidewalk Labs states that its is to improve urban life on many levels, including sustainability and mobility, by developing cutting-edge technology and design. Many of the anticipated improvements in urban life are reliant on heavy surveillance and data collection, including virtually all aspects of resident and visitor behaviour.

Pulling out of the Project

On May 7th, 2020, Sidewalk Labs that it was withdrawing from the planned development project due to worldwide economic uncertainty and uncertainty in the Toronto real estate market. In terms of moving forward, CEO Daniel Doctoroff stated that he believes the companies that have already been launched or funded in preparation for the Quayside will still be useful tools for solving many modern-day urban problems. For example, , a robotic furniture company, provides innovative solutions to cramped condo living. A team of architects designed , which are more environmentally friendly than steel and concrete building materials. Theoretically, either of these technologies, as well as the others that were funded or devised by Sidewalk Labs, could be applied in other urban areas, or even in Toronto.

Meanwhile, in his on the matter, Waterfront Toronto’s Board Chair Stephen Diamond explained that while this is not the outcome the city had hoped for, he maintains that Quayside still presents a wonderful opportunity for any partner organization to explore innovative solutions to urban problems.

One has to wonder if Alphabet used the economic and societal upheaval caused by COVID-19 as an excuse to pull out of a project that was already mired with controversy and setbacks.

Controversy and Setbacks

Privacy Concerns

One of the major hurdles that Sidewalk Labs faced was privacy. In late 2018, former Privacy Commissioner Ann Cavoukian as a privacy consultant for Sidewalk Labs. She specifically advocated for stripping data of all personally identifiable details because in a smart city like Sidewalk Labs, there would be no way for individuals to provide consent to the collection of personal information, especially in public areas. When she learned that Sidewalk Labs would not mandate data de-identification, she felt she had to resign.

Then, in 2019, the Canadian Civil Liberties Association (CCLA) filed a of Waterfront Toronto’s approval of Sidewalk Labs’ design plan. The CCLA sought a declaration under of the Charter of Rights and Freedoms (Charter) that Waterfront Toronto violated, or was going to violate, Canadians’ personal and collective privacy rights under ss., , and of the Charter. The Notice of Application for Judicial Review cites concerns with Waterfront Toronto’s inexperience with data governance structures, as well as violations of the in the collection and use of individuals’ personal information.

Indigenous Consultations

Sidewalk Labs held a one-day Indigenous consultation session in 2018, which resulted in 14 recommendations. None of these recommendations were incorporated into the design plan. of Alphabet’s approach say that references to Indigenous perspectives are scattered throughout Sidewalk Labs’ plans and website, but that meaningful Indigenous involvement or presence in the proposed community is non-existent.

Conclusion

Regardless of whether Alphabet was motivated by the economic uncertainties of today, or whether it was already looking for an excuse to withdraw from the project due to multiple setbacks and unexpected pushback from the community, Toronto will have to sit back and watch as another city adopts this urban experiment.

Written by Rachel Marcus, IPilogue Contributing Editor. Rachel is going into her third year at Osgoode Hall Law School, and she is also an IP Innovation Clinic Fellow.

The post Sidewalk Labs Withdraws from Quayside Development Project appeared first on IPOsgoode.

]]>
ICYMI: Highlights from Part 2 of IP Osgoode's Bracing for Impact AI Conference Series /osgoode/iposgoode/2019/04/08/icymi-highlights-from-part-2-of-ip-osgoodes-bracing-for-impact-ai-conference-series/ Mon, 08 Apr 2019 19:41:28 +0000 https://www.iposgoode.ca/?p=3332   On March 21, 2019, we had the pleasure of attending IP Ogsoode'sÌęBracing for Impact conference series held at the Toronto Reference Library. This year’s conference theme was data governance, with a focus on novel legal issues with respect to two key sectors - health/science and smart cities. Professor D’Agostino’s opening remarks touched on the […]

The post ICYMI: Highlights from Part 2 of IP Osgoode's Bracing for Impact AI Conference Series appeared first on IPOsgoode.

]]>
 

On March 21, 2019, we had the pleasure of attending IP Ogsoode'sÌę conference series held at the Toronto Reference Library. This year’s conference theme was data governance, with a focus on novel legal issues with respect to two key sectors - health/science and smart cities. Professor D’Agostino’s opening remarks touched on the legal and ethical dimensions of data governance, given the large amount of activity over the last year in the AI space.Ìę The day was broken down into five panel discussions, with a luncheon keynote by Professor Kang Lee from the University of Toronto.

Why is Data so Important to the Development of AI?

The first discussion focused on the impact of data quantity and quality which determine AI capability. Jonathan PenneyÌę(Assistant Professor of Law; Director, Law & Technology Institute, Schulich School of Law, Dalhousie University) provided three instances where data was more important than the AI systems themselves: in advancing AI, in addressing bias and discriminatory practices in existing systems, and in AI accountability and transparency to understand decision making. Notably, Alexander Wissner-Gross examined the last 30 years of AI development, and found that the recent advances were largely due to the availability of large data sets. In 2011, IBM Watson Jeopardy Champion used data from 8.6 million Wikipedia articles and in 2014, GoogleNet object classification used 1.5 million images on ImageNet to train its AI system. Carole PiovesanÌę(Partner & Co-Founder, INQ Data Law) Ìęechoed the importance of data to AI systems, and touched upon the two growing debates regarding data exchange and privacy.Ìę The crux of the privacy debate focuses on the trade-off between privacy as a quasi-constitutional value versus the importance of innovation and the need for data to produce public goods. She called upon the audience to think about what a fair exchange in today’s data marketplace means to them.Ìę Finally, the shifting policy led by the EU's adoption of the General Data Protection Regulation (GDPR) was discussed. In Canada, current regulations still focus mainly on consent. Both speakers acknowledged that we should be moving towards establishing standards as very few people actually enforce their rights.

Intellectual Property at a Crossroad

Three key ideas came out of the second panel discussion, namely, the issue of whether AI systems and programs are eligible for copyright or patent protection under current statutes, the international implications and developments, and the importance of AI in collaboration. Dave Green (Assistant General Counsel, IP Law & Policy, Microsoft)Ìęshared Microsoft’s perspective on AI’s role in enabling machine intelligence to simulate or augment elements of human thinking. Two copyright issues that come into play with AI are defining “Works of Authorship” and identifying whether specific types of “copying” are enough to create liability, both of which have been complicated by the use of computer programs and factual materials. Internationally, the requirement that humans be the authors of creative works is found in the constitutions of US, Hong Kong, India, New Zealand, in the UK and other countries. As technology and AI advances, do we want to continue to insist upon the requirement that authors of creative works be humans? If we don’t, what does that say about downstream issues such as intent, infringement, and liability? In regards to international approaches to data mining - should there be a fair dealing exception, particularly when you look at addressing the issue of bias? The WIPO recently established a new division that focuses purely on AI, which will be especially important given the spike in AI patenting activity that has occurred over the past several years. Shlomit Yanisky-Ravid (Faculty Member and Lecturer, ONO Academic Law School and Fordham Law School) challenged the audience with the Turing Test, proving that it is often difficult to identify between works created by AI or a human being.

Catherine Lacavera (Director of IP, Litigation and Employment, Google Inc.) shared her belief that the existing patent and copyright systems are robust enough to deal with changes we are seeing in AI, though the regulatory and social impact front of AI are changing at a fast pace. In this regard, it is important to balance social benefit with the potential for abuse and the importance of building diverse data sets and incorporating privacy and affordability in our design principles going forward. Maya Medeiros (Partner, Norton Rose Fullbright Canada LLP) stressed the importance of using IP rights to facilitate multi-party collaborations to protect AI innovation and incentivize collaborative behaviour. Furthermore, she raised the issues of fair dealing in data mining and the use of different types of IP rights to protect different aspects of works being generated.

Resolving Data Barriers

The third panelÌę focused on the tools required to access data and facilitates the development of AI.

Momin Malik (Data Science Postdoctoral Fellow, Berkman Klein Center for Internet & Society at Harvard University) discussed how AI is beneficial in certain contexts, such as for predicting behaviour. However, the data that is valuable for AI is often limited by access to copyright protected materials.Ìę For example, in the development of Google's information retrieval system, the company faced many copyright issues.Ìę However, they were able to successfully navigate the copyright challenges by entering into agreements with publishers to create , and ultimately make data more accessible to the public.

Paul Gagnon (Legal Counsel, Element AI)Ìęcontemplated whether sui generis legislation is the way forward. Europe, for example, relied on the existing concept of fair dealing as an exemption for data mining. However, this exemption is limited as it only applies to researchers and not commercial institutions. Having open data and accessible data are two distinct concepts. Accessibility does not necessitate that you can use the data. Uses may be restricted by specific purposes, such as “for academic use only”.

Dave Green concluded the panel discussion by contemplating whether copyright could “make nice with AI”. AI does not copy for the purpose of replicating the work or infringing on the underlying value of expression, but rather it can unlock different insights than “Works of Authorship”. This is the difference between the use of a photo as a work, for aesthetic purposes or factual reporting, and the use of a photo as data.Ìę Green looked at examples of how different jurisdictions are making copyright safe for AI and machine learning, such as the fair use exception in Israel. Democratizing the right to learn and research is essential to this field and it remains to be seen how other jurisdictions may embrace this fact.

Luncheon Keynote: Affective Artificial Intelligence & Law: Opportunities, Applications, and Challenges

Kang Lee (Professor and Tier 1 CRC Chair in developmental neuroscience, University of Toronto) amazed the audience with aÌęshowcase of his connected health venture, .Ìę Dr. Lee's interdisciplinary invention brings together research from neuroscience, psychology, physiology, and deep learning to produce AI that can detect, measure, and analyze human affect through physiological cues. The ℱ mobile application turns smart devices into a personal health tool that individuals can use to manage stress and get updates on their personal health. It uses (TOIℱ), which uses video to recognize facial blood flow imaging from the human face. This image is then processed by ℱ, which is the AI that can detect and measure different human emotions. Dr. Lee’s work is significant as it demonstrates how AI can improve the health and science fields to give patients more control over their health care.

Big Data, Health & Science

The fourth panel discussion focused on the unique AI and data issues in the health and science sectors. James Elder (Professor, Lassonde School of Engineering; 91ŃÇÉ« Research Chair in Human and Computer Vision, 91ŃÇÉ«) discussed potential uses for converting raw data into 2D images and subsequently converting these images into 3D models. 3D modelling with real data has applications for road and pedestrian traffic. The technology may also address some privacy concerns since his 3D virtualization technology turns the 2D images into avatars, which has the effect of anonymizing visual appearances. There are many opportunities for visual AI to help improve daily processes.

Victor Garcia (Managing Director & CEO, ABCLive Corporation)Ìędiscussed how big data can transform the health sciences. Data helps to improve the way companies in this sector do business. Clinical, insurance claims, pharmaceutical, research and development, patient behaviour, and lifestyle data can all contribute a plethora of knowledge to the health sector. These can improve process efficiencies and make hospital resources available sooner to new patients. For example, Humber River Hospital used data analytics to improve their health care services and increase efficiency by 40%.

Ian Stedman (PhD Candidate, Osgoode Hall Law School; Fellow in AI Law & Ethics at SickKids’ Centre for Computational Medicine)ÌęhighlightedÌęSickKid's move to integrate AI into their practice with the development of a task force to examine how data governance and policies, infrastructure, AI solutions, and ethics interacted before implementing new AI tools.Ìę Stedman stressed that data source and quality are essential because in the health sector, it is essential to ask all the right questions to make accurate conclusions and diagnoses. With clinical studies, it is much easier to access data since there is a research plan, which includes the research purpose, the targeted population, and the results the researcher hopes to observe. However, with the data that AI relies on, in order to unlock its potential value, researchers study data to find patterns. Therefore, it is difficult to ask for secondary use disclosure before the research is conducted when the researcher may not know what they are looking for. The takeaway is that regardless of the industry, harmonization and collaboration are key. There is opportunity to put data together from different sources to discover the potential of new clinical decision making tools.

What Makes a Smart City?

In Toronto, and internationally, data privacy issues have come to the forefront of public discussion due to the development of smart cities. Given the proposed Sidewalk Toronto, the collection, storage, and use of data has led to a heated debate about data governance. The Mayor of Barrie, Jeff Lehman, discussed the project which calls upon start-ups and small organizations to develop new technologies that use data to address civic challenges. Instead of putting out a traditional municipal tender, the cities released a Request for Solutions and invited responses from the public to provide a cohesive opportunity for collaboration. In response to the issue of data localization in the Sidewalk Toronto debate, Mayor Lehman believes that consent is possible, but that the data must reside in Canada to ensure that the national government can set the rules around the data being collected. Finally, Mayor Lehman advocated for the use of Privacy Impact Assessments to evaluate the impact of new technology on privacy.

Neetika Sathe (Vice President, Advanced Planning, Alectra Inc.)Ìęadvocated for the importance of data policies regarding smart cities to be worked on at every level of government to develop a national data strategy. Furthermore, Sathe introduced the audience to some of Alectra’s projects and the data collection challenges associated with each. These projects included (end-to-end integrated EV workplace charging pilot project), the (which collects smart meter data), and the (which uses a private blockchain network that limits access to data).

Natasha Tusikov (Assistant Professor, Dept. Social Science, 91ŃÇÉ«; The City Institute at 91ŃÇÉ«)Ìęchallenged the audience to think about who should own, control and govern data related to smart cities.Ìę Prof. Tusikov discussed the issue of conflicting public and private authority, raising her concern that Waterfront Toronto is not an expert in IP, but in land development. As an example of regulating the governance of smart cities, Barcelona developed a manifesto outlining the importance of technological sovereignty and maintaining digital rights.

To close the panel discussion, John Weigelt (National Technology Officer, Microsoft Canada Inc.)Ìę spoke about the importance of solidifying the participants involved in developing a smart city and the business model we want to create. If employed correctly, AI will solve societal challenges. Municipalities and companies that can thoughtfully clarify their approach to AI first will prosper the most from its benefits.

The conference encouraged thought-provoking discussion about data governance and its implications on health and smart cities. We hope that the discussion about data collection and what we value as society continues beyond this event. Thoughtful and inclusive discussion will allow us to collectively brace for impact as AI technology continues to advance.

 

Written by Lauren Chan and Summer Lewis. Lauren Chan is an IPilogue editor and a business student at the University of Guelph, and Summer Lewis is an IPilogue editor and a JD candidate at Osgoode Hall Law School.

 

The post ICYMI: Highlights from Part 2 of IP Osgoode's Bracing for Impact AI Conference Series appeared first on IPOsgoode.

]]>
Tech, Tykes and Teens (or: How I Learned to Stop Worrying and Love GAFA) /osgoode/iposgoode/2019/04/05/tech-tykes-and-teens-or-how-i-learned-to-stop-worrying-and-love-gafa/ Fri, 05 Apr 2019 15:24:05 +0000 https://www.iposgoode.ca/?p=3318 As the 2020 Presidential Primary begins to gather steam south of the border, US Senator Elizabeth Warren’s plan to break up big tech (Google, Amazon, and Facebook – she followed up later with a plan for Apple), has once again brought tech regulation into the political realm. But the real crux of the problem, the […]

The post Tech, Tykes and Teens (or: How I Learned to Stop Worrying and Love GAFA) appeared first on IPOsgoode.

]]>
As the 2020 Presidential Primary begins to gather steam south of the border, (Google, Amazon, and Facebook – she with a plan for Apple), has once again brought tech regulation into the political realm.

But the real crux of the problem, the source of tech companies’ economic and social clout, is papered over in only one sentence. It seems likely that’s not because Senator Warren’s team doesn’t care about the issue, but because when it comes to controlling how people consent to data collection, there don’t seem to be any easy answers. That’s especially apparent when it comes to how individuals, corporations, and governments have dealt with data coming from the most plugged in, yet also one of the most vulnerable segments of society – minors.

Ìę

The Law on Privacy and Minors

In the US, online collection of personal data for children is primarily governed by the Federal , or COPPA, which is enforced by the Federal Trade Commission (FTC). Under the law, it is illegal to collect the data of children under the age of 13 without parental permission. Given the costs of complying with that kind of consent requirement, many companies simply take the position of disallowing children under 13 from using their platforms altogether.

Canada’s federal system, on the other hand, has led to a more complicated overlay of laws. , the Canadian Federal privacy law, has no specific provisions regarding consent of minors. Under their , the Office of the Privacy Commissioner of Canada (OPC), which administers PIPEDA, generally considers anyone under the age of 13 incapable of giving consent. However, when it comes to , Alberta, British Columbia, and Quebec stick to a strict case-by-case model, rather than any blanket age restriction.

This means that, on the Canadian Federal standard, parental consent is required for collecting online information from children under the age of 13. In the case-by-case model, a child must be able to understand “the nature and consequences of the exercise of the right or power in question”. The case-by-case model also applies federally to children over the age of 13.

Two issues come to mind: are the laws on the books actually working? And furthermore, does anyone understand the nature and consequences of how they are exercising their privacy rights, let alone children?

Ìę

Recent Cases: Where the Law Applies and Where it Runs Out

For a look at how child consent enforcement works in practice, let’s again turn to the United States. On February 27th, 2019, ByteDance, the parent company of TikTok (formerly Musical.ly) . The civil penalty, which is the largest ever for a violation of this kind, was administered because it was found that TikTok had been facilitating the uploads and private messages of children under the age of 13. In fact, a found that 1 in 4 children had connected with a stranger through apps like TikTok, and 1 in 20 had been asked to strip by a stranger during a live stream. While the company has moved to stop users under 13 from uploading videos as a result of the fine, .

, though in this case it was targeting users age 13-35. Participants were secretly paid up to $20 per month to install a “Facebook Research” app, with the goal of collecting vast amounts of data from users’ phones. The app demanded root access to the device it was installed on, giving it virtually complete access to the device’s data: photos and videos, web searches, private messages and texts, and location monitoring – all of which Facebook could collect continuously, regardless of encryption. that participation was consent-based, and that of the less than 5 percent of users under the age of 18, all were required to provide parental consent forms. It has since discontinued the program.

It’s not clear what the long-term effect of the TikTok FTC fine will be. That is to say, it’s not obvious that cost of policing 500 million users is outweighed by a $5.7 million fine . Instead, the way things are today, it seems entirely possible that serious harm to children is an externality of an anonymous (and extremely profitable) internet.

On the other hand, while Facebook’s behaviour might be considered by some to be unsavoury, the question becomes whether there is anything that can be done about it (especially since, unlike the TikTok example, it was not unlawful conduct). What is clear, however, is that ‘consent’ is a nebulous idea, and one not easily grasped by parents, let alone children.

Ìę

Is ‘Parental Consent’ Meaningful?

For the sake of argument, let’s set aside the thornier issue of how feasible enforcing informed consent actually is. Instead, the core issue is whether individuals are informed enough to consent in the first place.

Parents often underestimate just how influential the way they handle their children’s data can be. . Information as innocuous as sharing birthdays online can have devastating consequences for a child; , storing data while waiting for children to turn 18, then making credit card and loan applications in the child’s name.

‘Smart toys’ in the home are a problem in and of themselves. These devices are targets for hackers because they are Bluetooth and internet compatible with few safety mechanisms built-in (smart speakers have a similar problem, especially ones marketed to children). But despite concerns and breaches, .

None of this is meant to assign any ill-intent to parents, who have a hard-enough time raising their kids without worrying about hacked toys or policing their own social media presence to protect their children. Whether through ignorance or by choice, though, parents have demonstrated that they are not all that better than their kids when it comes to handling data. But is there any better way to structure the system?

Ìę

How DO We Handle Collection of Online Information?

Given all the problems, one might think we should just ban collection of minors’ data altogether, regardless of parental consent. Unfortunately, there are several problems with this kind of thinking.

First of all, there is the practical issue of whether it would even be possible without fundamentally reworking the anonymity of the internet (who wants to sign up for an online account by handing over government ID?). The fact that companies have effectively treated their platforms as 13+ without much success, speaks to the difficulty of implementing any kind of platform-directed user vetting.

Secondly, it would still be difficult to prevent the collection of inferred data, such as what users search and view online, because consent is not directly needed for that kind of data collection.

Lastly, there are the economic implications. Online marketing and data-driven e-commerce are obviously massive fields, but it bears emphasizing just how massive – in 2018, the top six companies in the world by market capitalization were all tech-based (in order: Apple, Amazon, Alphabet, Microsoft, Facebook and Alibaba). Moving the internet to the speed of bureaucracy would therefore undoubtedly have knock-on effects to the global economy.

So should the alternative be, as per the OPC’s guidelines for teens, consent requiring an understanding of “the nature and consequences of the exercise of the right or power in question”? As should be clear by now, that does not seem to be a workable standard, given that even adults have a tough time keeping up with all the implications of the digital economy.

Ìę

The Broader Problem with Privacy in the Digital Age

Returning to Senator Warren’s plan, one can see that, notwithstanding the financial merits or demerits of breaking up big tech, we aren’t really at the point as a society of having an informed discussion as to the trade-offs and moral decisions we must make if we want to continue life in an interconnected world.

Breaking up tech companies won’t address the question of who has access to private information (child or adult) and what they’re doing with it. It’s more of a sui generis problem, where the domination of an economic field by an oligopoly (the reason why some call for breaking up the banks) is fundamentally intertwined with an inability to have a broad, meaningful conversation, thanks to a lack public knowledge (similar to how inadequate civic education affects our ability to engage in political discourse). When you factor in concerns about cyberwarfare and election meddling, the ‘big-tech’ debate simultaneously hits at all the core themes of our current world: nationalism versus globalism, social reform versus retrenchment, and wealth inequality.

The question of the global digital economy is thus as much a distillation of the political, economic, and social narrative of the early 21st century as the Cold War was of the later 20th century. In that spirit, it may be prudent to take some lessons from Dr. Strangelove, which perhaps best captured the intractability and seeming futility presented by the nuclear age. What I’m left with is the uncomfortable realization that I myself don’t fully understand the implications of my consent and privacy in the digital world; but short of unplugging, it looks like we will keep riding this bomb and hope our choices work out in the end. Is it crazy? Perhaps. But it’s not unprecedented. After all, it only takes one letter to go from MAD to ad.

Ìę

Written by Peter Werhun. Peter is an IPilogue Editor and JD Candidate at Osgoode Hall Law School

The post Tech, Tykes and Teens (or: How I Learned to Stop Worrying and Love GAFA) appeared first on IPOsgoode.

]]>
The Dark Side of Wearable Technology /osgoode/iposgoode/2019/03/07/the-dark-side-of-wearable-technology/ Thu, 07 Mar 2019 16:08:42 +0000 https://www.iposgoode.ca/?p=3250 In an earlier post, I discussed how wearables are becoming prominent in modern life, with Toronto being a notable hotspot for technology development and related interest. From a legal perspective, there are two main concerns with wearable technology: privacy and product liability. This instalment in the Toronto Wearables Series will focus on the former. The […]

The post The Dark Side of Wearable Technology appeared first on IPOsgoode.

]]>
In an , I discussed how wearables are becoming prominent in modern life, with Toronto being a notable hotspot for technology development and related interest. From a legal perspective, there are two main concerns with wearable technology: privacy and product liability. This instalment in the Toronto Wearables Series will focus on the former.

The with smart clothing is that the articles are constantly collecting, transmitting, and storing data, which means that they have information that is often considered personal, private, sensitive, or confidential. This makes smart clothing’s data mining abilities extremely strong. This is compounded by the fact that this information can easily be posted on social media networks, making it available to not only “friends” of the user, but possibly also to unknown or untrusted parties. Furthermore, wearables are able to collect information discreetly, otherwise known as data mining, which results in the users not actually knowing what data is being collected. ÌęThis often means that users underestimate their privacy risks. In fact, a recent study showed that there is “a significant gap between reported concerns and actual users’ behaviors, reinforcing that users often sacrifice their privacy in exchange of benefits.” Put simply, the non-invasive biomedical, biochemical, and physical measurements of wearables have invasive implications for a user’s privacy. However, given the novelty of smart clothing, the extent of the impacts of these privacy concerns has not yet been fully understood. It is for this reason that empirical studies are necessary.

The same study collected a variety of online comments from users of wearables. Based on the consumer feedback, the study concluded that the primary privacy concerns are linked to the type of personal data that a given wearable device collects, stores, processes and shares. For example, there is a lower level of concern regarding smart accessories that are seen as a gadget (e.g. Fitbits), versus smart clothing that covers a large part of the body. Furthermore, embedded sensors, such as cameras and microphones, pick up data about the user and even people nearby, often without their awareness or consent. The nature of this data is frequently personal and confidential, which implicates privacy issues, especially with respect to surveillance. Other functions of wearables, such as heart rate monitors, glucometers, and activity trackers, can also be intrusive.

Interestingly, even though users perceived wrist-mounted devices as a non-invasive accessory from a privacy perspective, the study found a high associated risk. Indeed, there have been findings of an increased feeling of safety and confidence due to the user’s dependence on this type of wearable to track both biomedical data as well as daily movements that assist the user, such as the user’s location when in an unknown area. The ability to track location seems appropriate because of the convenience of having GSP at the ready. However, the communication of a user’s location information, without the control of the user, poses a substantial threat because once location is sensed and stored, it can then be shared online, in real time, through live social media feeds. Yet, given an appearance that is akin to a watch or a bracelet, wearables’ presence is often unnoticed, which means that the underlying privacy risk is not seen as a concern on a daily basis. Rather, a user more acutely senses its convenience benefits. This is in stark contrast with the more common smartphone, with which the user has a more conscious interaction.

In fact, integration is of smart clothing, which allows users to synchronize their clothing with their phones for the sake of convenience. From a privacy perspective, however, this means that all of the implications associated with smartphones are then added to the list of concerns regarding smart clothing. For example, more technologically-advanced smart clothing inventions could have access to a user’s photos, contacts, bank information, and applications, making all of the data, in addition to the collected biometrics, vulnerable to being shared publicly. Another notable example is that embedded speech recognition applications in both smartphones and smart clothing allow the convenience of hands-free interaction. However, the heightened sensitivity that is needed to be able to pick up on such demands means that even when a user is not alone, a potentially confidential conversation between the user and another party can be captured and stored, once again without knowledge or consent.

The above suggests two concerning points about the privacy risk associated with smart clothing. First, users are already anxious about a host of privacy issues, but the (perhaps more noticeable) benefits offered by these devices causes them to become more willing to sacrifice their privacy. Second, even though users have articulated some concerns, these are often misdirected or underestimated. This means that users do not know precisely what to worry about, and are therefore ill-equipped to protect themselves. Indeed, new applications, such as facial recognition software embedded in smart technologies offer such a profound sense of convenience and marketable novelty that consumers willingly allow a device to repeatedly capture and store every inch of their face. This misplaced sense of trust in smart technologies, and particularly smart clothing, presents a significant barrier to technological advancement, as users’ engagement is difficult to predict.

This is the second post in the Toronto Wearables Series by Saba Samanian regarding wearable technology and its IP and privacy law implications.Ìę Saba was recently appointed the Toronto Ambassador for and seeks to do her part in fostering the wearables community in Toronto.

 

Written by Saba Samanian, IPilogue Editor and JD Candidate at Osgoode Hall Law School.

The post The Dark Side of Wearable Technology appeared first on IPOsgoode.

]]>
The Tech Law Ultimatum: Consent or Exile? /osgoode/iposgoode/2018/11/16/the-tech-law-ultimatum-consent-or-exile/ Fri, 16 Nov 2018 16:43:32 +0000 https://www.iposgoode.ca/?p=2797 Living in the twenty-first century comes with the need to manage expectations. While we live in a modern age with a variety of technological advancements, we may not be as innovative as we previously imagined. After decades of television shows like The Jetsons, some may even be inclined to ask, “Where’s my jetpack?”Ìę Professor DaithĂ­ […]

The post The Tech Law Ultimatum: Consent or Exile? appeared first on IPOsgoode.

]]>
Living in the twenty-first century comes with the need to manage expectations. While we live in a modern age with a variety of technological advancements, we may not be as innovative as we previously imagined. After decades of television shows like The Jetsons, some may even be inclined to ask, “Where’s my jetpack?”Ìę Professor , during his at Osgoode Hall Law School this fall term, recently spoke about the challenging relationship between technological innovation and the law. Prof. Mac SĂ­thigh addressed the technological advancements we have made and what is still on the inventive (and legal drafting) table in his “Help! MyÌęJetpackÌęis an Algorithm: Smart Cities, Sharing Economies, and Law in the Face of Disruption”.

Professor Mac Síthigh drew on Sadiq Khan’s, the Mayor of London, this year and stressed the important role the law has in relation to technological and social development. At SXSW, Khan explained that the law plays a balancing role in mitigating the potentially negative impact of disruption while allowing society to evolve.

The concept of “smart cities” is something that highlights how the law is performing in the face of twenty-first century “disruption”. Professor Mac Síthigh linked the smart city concept to the sharing economy, which he defined as a situation that deals with transforming under-utilized assets in a manner that makes them more accessible to a community. This could lead to a reduced need for individual ownership of these resources.

Citing a recent , Professor Mac Síthigh explored how the collection of data in these cities unveils new legal tensions. For example, Alphabet’s Sidewalk Labs is reimagining Toronto’s eastern waterfront area, . This variation of a smart city will use sensors to measure garbage disposal, recycling, noise, and pollution. The increased presence of cameras can even collect data to help improve the flow of traffic. While the project promises some of the twenty-first century innovations many have been waiting for, it also reveals how some of the risks of such technologies are underexplored.

There is an inherent trade off in collecting data to help cities become more efficient and green. Residents will be giving up their privacy rights for the good of society. There is no way to live off the grid in this type of environment, which means that if individuals want to be excluded from data collection, they would likely reside outside of this community. Is full consent or exile the only choice in the age of smart cities?

Currently, different Canadian laws may apply depending on which entity is collecting the data, thus presenting different methods of action for residents.

  1. If there is a commercial technology company collecting the data, the (PIPEDA) applies to these processes.
  2. When this data is collected, accessed, or used by federal government institutions, the applies.

Both of these acts regulate how personal information can be shared and this may be applicable to data collected through smart cities.

Research from the (CIPPIC) reveals one of the weaknesses of the law in their current forms. Where information is not “personal”, it can be freely shared with third parties. In order for data to be non-personal, technology companies would be required to strip the data of personal identifiers. So, the data on garbage disposal, for example, cannot be linked to any addresses, names, photographs, and so on in order for the information to be sharable. Another caveat in sharing personal information is that individuals can choose to protect their information through confidentiality terms in a contract. This means that there could be a great onus on the residents in smart cities to find ways to protect their information if they truly wish for their data to remain private.

As Professor Mac Síthigh’s talk makes clear, smart cities and the concept of a sharing economy are not new forms of technology, rather they are new processes that rely on data in novel ways. In the same way that technology companies have rethought data collection, it is necessary for lawyers and policy makers to rethink how the law applies to this newest iteration of technology. It requires a careful balance of the existing laws that seem applicable to smart cities, such as privacy laws, in addition to new provisions that give consumers more opportunities to protect and take control of their data without completely excluding them from the innovation process.

 

Summer Lewis is an IPilogue Editor and a JD candidate at Osgoode Hall Law School.

The post The Tech Law Ultimatum: Consent or Exile? appeared first on IPOsgoode.

]]>