Minister Champagne provides details on proposed amendments to Canada's Bill C-27

6 minute read
12 October 2023

In its meeting on September 28, 2023, Canada's Standing Committee on Industry and Technology (INDU) passed a motion requiring the Minister of Science, Innovation and Industry François-Phillippe Champagne to provide the committee with further details on a series of proposed government amendments to Bill C-27 that the Minister had referred to during his appearance on September 26.



In response to INDU's motion, Minister Champagne sent correspondence to the committee on October 4 with details on proposed amendments to both the Consumer Privacy Protection Act (CPPA) and the Artificial Intelligence and Data Act (AIDA). The Minister summarized some of the consultations that led to the proposed amendments, followed by details of each proposal.

These proposed amendments to Bill C-27 are significant. The amendments to the CPPA would impose heightened compliance obligations on organizations that are subject to the regime. The three categories of amendments to the CPPA that are included in the Minister's correspondence to the Committee were also proposed by the Office of the Privacy Commissioner of Canada in its 15 recommendations to improve Bill C-27. 

In a similar spirit, the proposed amendments to AIDA would greatly expand the scope of artificial intelligence systems covered by the law, resulting in a more significant impact on the Canadian AI landscape than originally contemplated.

The Minister's proposals are outlined below:

Consumer Privacy Protection Act (CPPA)

  1. Explicitly recognize a fundamental right to privacy:
    • Amend the preamble of the bill and the purpose clause (section 5) to qualify the right to privacy as fundamental
       
  2. Highlight protections for children:
    • Amend the preamble to refer to the special interests of children
    • Amend section 12 to require organizations to consider the special interests of children when determining whether the purpose for collection, use, and disclosure is appropriate
       
  3. Allow for flexibility in the development of compliance agreements:
    • Introduce an amendment to permit the inclusion of terms relating to "financial considerations" in compliance agreements between the OPC and non-compliant organizations

Artificial Intelligence and Data Act (AIDA)

  1. Classifying high-impact systems by the uses below:
    • For employment and hiring determinations
    • To determine (a) whether to extend a service to an individual, (b) the type or cost of services to be provided to an individual or (c) the prioritization of services
    • Using AI to process biometric information in matters relating to: i) iderntifying an individual other than if the biometric information is being processed with the individual's consent to authentication; or ii) an individual's state of mind or behaviour
    • For content moderation in online communication platforms, including search engines and social media, and the prioritization of such content
    • For health care and emergency services
    • For decision-making functions at courts or administrative bodies
    • To assist law enforcement

The government proposes that the above list may be amended by regulation, and also proposes that the requirement under section 7 be removed, which would require persons responsible for high-impact systems to assess whether a system is high-impact.

  1. Align AIDA with EU AI Act and OECD:
    • Expand the definition of AI to align with the OECD in the interest of enhancing interoperability
    • Amend definitions and clarify obligations for developers of machine-learning models, persons placing on the market or putting into service a high-impact system, persons managing the operations of high-impact systems, and persons who substantially modify high-impact or general-purpose systems
    • Introduce an obligation for persons conducting regulated activities to prepare an accountability framework outlining roles and responsibilities within their organization, as well as policies and procedures governing risk management, serious incidents, data usage, and personnel training.
       
  2. Create clearer obligations across the AI value chain:
    • Clarify the obligations of different actors in the value chain along the lines proposed in the AIDA Companion Document produced by Innovation, Science and Economic Development Canada
    • Amend obligations imposed on: developers of machine learning models intended for high-impact use, persons making available high-impact systems, and persons managing the operations of high-impact systems
       
  3. Establish obligations for general-purpose AI systems (such as chatbots):
    • Setting out obligations for developers of general-purpose systems, persons who put general-purpose systems on the market, and managers of operations of general-purpose systems
    • Introduce amendments to ensure Canadians can identify AI-generated content
       
  4. Strengthen the role of the AI and Data Commissioner by clarifying the functions of that role through amendments

The Minister was clear that the government remains open to further amendments beyond those articulated in his correspondence to the committee.

INDU is expected to resume its study of Bill C-27 the week of October 9. We will be monitoring closely to see how the committee's study is affected by the Minister's important proposed amendments.

For more information on Bill C-27, please reach out to a member of Gowling WLG's Cyber Security and Data Protection Group.


NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.