data privacy Archives - IPOsgoode /osgoode/iposgoode/tag/data-privacy/ An Authoritive Leader in IP Thu, 11 Aug 2022 16:00:00 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Bill C-27: Canada Introduced Its First Legislation on the Development and Use of Artificial Intelligence in the Private Sector /osgoode/iposgoode/2022/08/11/bill-c-27-canada-introduced-its-first-legislation-on-the-development-and-use-of-artificial-intelligence-in-the-private-sector/ Thu, 11 Aug 2022 16:00:00 +0000 https://www.iposgoode.ca/?p=39902 The post Bill C-27: Canada Introduced Its First Legislation on the Development and Use of Artificial Intelligence in the Private Sector appeared first on IPOsgoode.

]]>

HeadshotTianchu Gao is an IPilogue Writer and a 1L JD Candidate at Osgoode Hall Law School.


On June 16, 2022, the Canadian government tabled “An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts.” The Bill aims to strengthen the privacy framework for the private sector in Canada through the enactment of three pieces of legislation—the Digital Charter Implementation Act (DICA), the Consumer Privacy Protection Act (CPPA), and the Artificial Intelligence and Data Act (AIDA).

Bill C-27 is the successor to the, the Digital Charter Implementation Act, which was introduced in November 2020. Unfortunately, it got at the Second Reading stage despite strong support from the business community. Bill C-27 is largely a re-working of Bill C-11, as a significant portion of the Digital Charter Implementation Act (DICA) and the Consumer Privacy Protection Act (CPPA) remains intact. A detailed comparison between the two bills can be found .

An entirely new section of Bill C-27 is the Artificial Intelligence and Data Act (AIDA). This section aims to regulate the development and use of artificial intelligence systems in the private sector. If AIDA is enacted, Canada would be the only jurisdiction, besides the , to draft legislation that directly addresses the regulation of AI.

AIDA is very broad in scope, with respect to both the definition of AI and the range of people obliged to abide by the Act. It does not set out specific prohibited practices and seems to contemplate a distinction only between high-risk systems and all other AI systems. Compared to EU’s 2021 proposal for Artificial Intelligence Act, AIDA is “considerably less elaborate” and “proposes to leave many salient matters to regulation,” according to cybersecurity professionals at .

The legislative purposes of AIDA are, per s. 39.4:

(a) to regulate international and interprovincial trade and commerce in artificial intelligence systems by establishing common requirements, applicable across Canada, for the design, development and use of those systems; and

(b) to prohibit certain conduct in relation to artificial intelligence systems that may result in serious harm to individuals or harm to their interests.

AIDA aims to protect people from any potential harm brought by biased AI output, which is the output of AI systems that differentiate people based on prohibited grounds of discrimination.

AI systems identified as “high-impact” will undergo mitigation measures and ongoing monitoring for compliance. Despite the preliminary guidance from the federal , it is largely the persons responsible for an AI system—including designers, developers, providers, and managers—who are responsible for these assessments and measures. There will also be higher transparency in both the intended and actual use for high-impact AI systems. Any material harm should be reported to the Minister of Innovation, Science and Industry. Under this act, an Artificial Intelligence and Data Commissioner will assist the Minister in monitoring company compliance.

Bill C-27, if passed, is sure to be a milestone in the development of legal regulations for AI. Many law firms are closely monitoring this legislation’s progress since it was released. There are, of course, still many questions to be investigated, such as the potential chilling effect on innovation and the design of administrative penalties. The legislation will become more clear upon the second and third readings in the House of Commons and subsequent regulations.

The post Bill C-27: Canada Introduced Its First Legislation on the Development and Use of Artificial Intelligence in the Private Sector appeared first on IPOsgoode.

]]>
Social Media Privacy: Legalities of Personal Data Collection /osgoode/iposgoode/2021/04/05/social-media-privacy-legalities-of-personal-data-collection/ Mon, 05 Apr 2021 16:00:02 +0000 https://www.iposgoode.ca/?p=36922 The post Social Media Privacy: Legalities of Personal Data Collection appeared first on IPOsgoode.

]]>
Social media platforms are connecting friends, family, and colleagues in new ways. With over using social media in 2020, these platforms are all-encompassing. Each of these billions of users produces data in some form — pictures, videos, text, interactions, purchases — all collectively showing their social media usage over the years.

This data contains personal information specific to each user. Without proper protection, social media companies may mishandle, lose, or leak the data to cybercriminals. Social media companies already widely – and legally – mine customer data for profit-boosting details or sell their information to third parties. To increase protection, governments often develop and enforce stricter regulations.

However, not all countries keep up with consumers’ wants and needs. For example, or protection regulations. Companies in China must obtain consent to interact with their users’ data. However, government officials often block access to sites or monitor how residents use them, raising surveillance concerns. Data privacy rules are further complicated as they vary across platforms.

Social Media Privacy Rules

Registration for any social media site initially requires you to accept their terms and conditions. These conditions detail how the platform will use your data, including your interactions and preferences. Even if your account is “private”, to your information.

No matter how you use social media, you should understand two applicable topics: copyright and how your relationship with a company dictates the way its representatives can collect data. Both of them will likely come up regularly as you learn more about social media privacy — or the lack thereof.

First, copyright is critical for creators and observers. A copyrighted work receives protection once the creator distributes it in a fixed format. For example, posting an original image on social media is enough to . Therefore, users can’t post any picture they find online without permission. Attributing the work is not synonymous with asking the creator for approval.

Most images used legally on the internet fall into several categories:

  • Pictures the poster owns and can use how they wish.
  • Rights-managed images, which allow people to purchase photos and use them per a specific license. This includes many items offered through the Creative Commons organization.
  • Royalty-free images, which enable people to use the pictures in unlimited, multiple and nonexclusive ways.
  • Public domain/Creative Commons Zero (CC0) images, which have no restrictions because creators waive their rights under copyright law.

Any original content posted on social media is royalty-free, but social media platforms generally offer users protection against infringement.

Instagram, for instance, provides instructions on on your copyrighted content. This protection means anything you originally create belongs to you, letting you pursue action against any violation of Instagram’s policy. Facebook, the owner of Instagram, has almost identical rules. Twitter may have some exceptions.

It is essential to protect your own data and avoid infringing on others’ original works. However, the second set of rules focuses on your relationship with the platform itself. Historically, data collection has been controversial around the world. Take Facebook, for instance. The big tech company had to clarify after countless scandals emerged. Thus, these instances sparked broader societal discussions about big tech’s growing power and its potential detriment to user privacy.

Personal Data Collection Controversies

Data protection regulation and compliance vary by country. Some territories have federal guidelines in place, like the European Union’s General Data Protection Regulation (GDPR).

The United States has no unifying federal law for cybersecurity compliance. However, the posts its own guidance, alongside each state’s own compliance rules.

Each set of regulations aims to ensure that tech companies protect consumer data and provide users with the correct rights. Unfortunately, despite these laws, data collection controversies continue to arise. Companies find loopholes and use the data in questionable ways. Facebook is notorious for attracting bad press, whether related to misinformation, social justice, or individual rights.

Another example is WhatsApp. After Facebook acquired WhatsApp, the messaging platform updated its conditions to indicate that the platforms would automatically link datasets. Facebook could then use this data for marketing purposes. The EU for violating the law and misleading users.

Facebook again found itself at the center of a data-centric legal case at the end of 2020. This time, the big tech company pursued an action against two smaller companies that it , or taking data from another source for their own use. While Facebook was not the accused, this case again raises the question of big tech’s power and responsibility.

TikTok has also received public and government backlash. After the platform grew exponentially, U.S. officials became wary of due to its Chinese ownership. They were mainly concerned about what TikTok might do with the data it gathered, raising possible national security threats to the United States. However, in September 2020, a deal split TikTok’s ownership between China and the U.S.

Moving forward, countries must re-examine how social media companies use data. Though individuals can take legal action against offending corporations in court, these companies often overpower them, meaning the government must step in. For example, Canada’s Privacy Commissioner can investigate how public and private-sector organizations handle data. They also try to resolve disputes through mediation, negotiation and reconciliation.

Changing Priorities

In the United States, the lack of an overarching federal cybersecurity compliance law has left a legal gap. The California Consumer Privacy Act (CCPA) is a good U.S.-based example that the government should follow. It gives a person the right to access all the information a company has about them or ask that it delete their details. Consumers can also request that companies do not sell their data to third parties or find out which categories of businesses have content about them.

Elsewhere, the GDPR has not effectively maintained these platforms as honest with users about data collection and usage as legislators may have hoped. A 2020 study of central government data protection officers in the United Kingdom found that many of them to deal with the growing number of data protection requests.

Once the GDPR came into effect, internet users were bombarded with cookie preferences windows that let them specify what data companies collected about their internet visit. Many clicked “I accept” without reading the specifics because they were impatient to view the websites in question.

Amidst all the controversies, priorities are changing. People want more security and privacy when using social media services provided by bigger companies. As the U.S. government continues to debate regulations around big tech brands, data collection will continue.

However, data collection can benefits consumers. Social media companies can curate enjoyable, personalized experiences for each user. Issues occur when companies mishandle data or overstep their boundaries. As seen with Facebook, this happens all too frequently.

Since many of the biggest social media companies are U.S.-based, calls for stricter regulation often fall on the United States, in the hopes that consumers will feel more comfortable sharing their data online.

Written by Shannon Flynn, IPilogue Contributor and law technology writer discussing topics such as AI, media, and commercial law.

The post Social Media Privacy: Legalities of Personal Data Collection appeared first on IPOsgoode.

]]>
THE ONGOING SAGA: FACEBOOK HEMORRHAGING ITS USERS PRIVACY /osgoode/iposgoode/2020/07/07/the-ongoing-saga-facebook-hemorrhaging-its-users-privacy/ Tue, 07 Jul 2020 20:58:55 +0000 https://www.iposgoode.ca/?p=35689 The post THE ONGOING SAGA: FACEBOOK HEMORRHAGING ITS USERS PRIVACY appeared first on IPOsgoode.

]]>
Yet again, another regulator, the Competition Bureau of Canada (the Bureau), has unmasked Facebook for incessant acts of breaching its user’s information privacy. On May 19, 2020, the Competition Commission settled an investigation penalising Facebook forfor claims of data privacy following a complaint to the Office of the Privacy Commissioner of Canada (OPC) under the compliance of PIPEDA). Over the past five years, the social media giant has been facing scrutiny regarding its data privacy policies. After the outrage of British data firm , it has been glib in steering major policy changes in respect to privacy. Investigation revealed that Facebook had been loosely treating its user's data and had disclosed it to third parties affecting. The OPC came to this conclusionafter due deliberation, highlighting the importance of “ This has not only plunged the users confidence on the Facebook in Canada, but also in many jurisdictions including its host jurisdiction in the US by .

Disingenuous and Deceptive Behaviour

Prior to the whistleblower revelation of Facebook's involvement in Cambridge Analytica influencing , it had been popularising various quizzes and games on its platform. This was to engage users in order to conductto check if instigation of "emotional contagion” was possible through social media. Succeeding in such attempts, it gave multiple third partiesaccess to its users’ data (e.g., content posted on Facebook and messages exchanged through Messenger). Thus, it is imperative to regulate such social media platforms. Facebook superficially handles its privacy policies through, which hampers the meaningful andfrom users. Accordingly, the Canadian regulators are making painstaking efforts to protect citizens from such undue influences by penalizing such activities. The Bureau explicitly confirms thatdo not in their entirety protect the users to control their respective messenger chats and other private activities. Rather, there are loopholes (such as, installation of third-party apps) by which third parties can access such information rendering enormous profits to Facebook. Though Facebook had contended to refrain from such activities in 2015, that such practice continued until 2018.

Intertwined Relationship of the Regulators in the Privacy Dispute

Due to complexity of the cases and inadequacy of laws in the field of data privacy, the OPC and Competition Commission have gone to great lengths to achieve a comprehensive settlement and enforcement in this case. As both had different approaches and interests, being regulated under different laws, including PIPEDA and the respectively, achieving consistency with regards to regulations can be a challenge. Intertwining both regulators helped in bridging the gap between the “” of federal and provincial privacy laws, while Competition Bureau sought an administrative penalty helping in the enforcement proceedings. Though the OPC has been criticized in the past for lack of enforcement powers, coalition of both regulators has demonstrated benefit to the Canadian privacy regime.

In conclusion, considering thecurrent scenario, it is foreseeable that more regulators mayinterpret privacy issues differently and as per their mandates. This is because the privacy law framework in Canada, and elsewhere, has not entirely addressed online infringement issues and it will take a considerable period of time to develop comprehensive statutes to regulate these novel and often nefarious online activities.

Written by Aishwerya Kansal, IPilogue Contributor. Aishwerya is pursuing Master’s in Law in International Business Laws at Osgoode Hall Law School, and she is also an IP Innovation Clinic Fellow.

The post THE ONGOING SAGA: FACEBOOK HEMORRHAGING ITS USERS PRIVACY appeared first on IPOsgoode.

]]>