The Artificial Intelligence and Data Act… coming soon to AI near you
In June, 2022, the Government introduced Bill C-27, an Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act. A major component of this proposed legislation is a brand new law on artificial intelligence. This will be, if passed, the first nadian law to regulate AI systems.
The stated aim of the Artificial Intelligence and Data Act (AIDA) is to regulate international and interprovincial trade and commerce in artificial intelligence systems. The Act requires the adoption of measures to mitigate “risks of harm” and “biased output” related to something lled “high-impact systems“.
Ok, so how will this work? First, the Act (since it’s federal legislation) applies to “regulated activity” which refers to specific activities rried out in the course of international or interprovincial trade and commerce. That makes sense since that’s what falls into the federal jurisdiction. Think banks and airlines, for sure, but the scope will be wider than that since any use of a system by private sector organizations to gather and process data across provincial boundaries will be ught. The regulated activities are defined as:
- (a) processing or making available for use any data relating to human activities for the purpose of designing, developing or using an artificial intelligence system;
- (b) designing, developing or making available for use an artificial intelligence system or managing its operations.
That is a purposely broad definition which is designed to tch both the companies that use these systems, and providers of such systems, as well as data processors who deploy AI systems in the course of data processing, where such systems are used in the course of international or interprovincial trade and commerce.
The term “artificial intelligence system” is also broadly defined and ptures any “technologil system that, autonomously or partly autonomously, processes data related to human activities through the use of a genetic algorithm, a neural network, machine learning or another technique in order to generate content or make decisions, recommendations or predictions.”
For anyone rrying out a “regulated activity” in general, there are record keeping obligations, and regulations regarding the handling of anonymized data that is used in the course of such activities.
For those who are responsible for so-lled “high-impact systems“, there are special requirements. First, a provider or user of such a system is responsible to determine if their system qualifies as a “high-impact system” under AIDA (something to be defined in the regulations).
Those responsible for such “high-impact systems” must, in accordance with the regulations, establish measures to identify, assess and mitigate the risks of harm or biased output that could result from the use of the system, and they must also monitor compliance with these mitigation measures.
There’s more: anyone who makes a “high-impact system” available, or who manages the operation of such a system, must also publish a plain-language description of the system that includes an explanation of:
- (a) how the system is intended to be used;
- (b) the types of content that it is intended to generate and the decisions, recommendations or predictions that it is intended to make; and
- (c) the mitigation measures.
- (d) Oh, and any other information that may be prescribed by regulation in the future.
The AIDA sets up an analysis of “harm” which is defined as:
- physil or psychologil harm to an individual;
- damage to an individual’s property; or
- economic loss to an individual.
If there is a risk of material harm, then those using these “high-impact systems” must notify the Minister. From here, the Minister has order-making powers to:
- Order the production of records
- Conduct audits
- Compel any organization responsible for a high-impact system to cease using it, if there are reasonable grounds to believe the use of the system gives rise to a “serious risk of imminent harm”.
The Act has other enforcement tools available, including penalties of up to 3% of global revenue for the offender, or $10 million, and higher penalties for more serious offences, up to $25 million.
If you’re keeping track, the Act requires an assessment of:
- plain old “harm” (Section 5),
- “serious harm to individuals or harm to their interests” (Section 4),
- “material harm” (Section 12),
- “risks of harm” (Section 8),
- “serious risk of imminent harm” (Sections 17 and 28), and
- “serious physil or psychologil harm” (Section 39).
All of which is to be contrasted with the well-trodden legal analysis around the term “real risk of signifint harm” which comes from privacy law.
I n assure you that lawyers will be arguing for years over the nuances of these various terms: what is the difference between “harm” and “material harm”, “risk” versus “serious risk”? and what is “serious harm” versus “material harm” versus “imminent harm”? …and what if one of these species of “harm” overlaps with a privacy issue which also triggers a “real risk of signifint harm” under federal privacy laws? All of this could be clarified in future drafts of Bill C-27, which would make it easier for lawyers to advise their clients when navigating the complex legal obligations in AIDA
Stay tuned. This law has some maturing to do, and much detail is left to the regulations (which are not yet drafted).
lgary – 16:30 MT
No commentsBeer Brand Battle at the 100th Meridian
By Richard Stobbe
A nadian band, The Tragilly Hip, has sued a brewer for the use of a beer name that mimics the title of one of the band’s popular songs.
Mill Street Brewery, a brand owned by Anheuser-Busch InBev (the world’s largest brewer), has a beer branded as “100th Meridian Organic Amber Lager” .
This sounds familiar to fans of the The Hip, who will rell rockin’ out to the opening power chords of the 1992 hit entitled “At The Hundredth Meridian” from the??Fully Completely album.
Does the name of a song from the 1990s take on the attributes of a trademark? Does the use of song title create a false association with the band, such that the band’s trademark rights are infringed? What if the name of the song ( “At The Hundredth Meridian” ) is not identil to the beer name (“100th Meridian”)? Does it make a difference if other brewers have given a nod to The Hip (Fully Completely IPA from Phillips Brewing, Ahead by a Century IPA, Tragilly Hopped Double IPA, what’s with all the IPAs? heck there’s even a 50 Mission p Brewing Co.!).
This week, The Hip sued Trillium Beverage the brewer of the Mill Street product (Trillium is owned by Labatt Brewing Company, which in turn is owned by the conglomerate AB InBev), claiming trademark infringement. This is a tricky one for a couple of reasons, particularly since the brewer owns a registered trademark for “100th MERIDIAN” for beer. The Hip will face an uphill battle there. However, Mill Street didn’t do itself any favours by posting pictures on social media of the beer next to Tragilly Hip albums, clearly suggesting some kind of association.
Related Reading: The Tragilly Hip sue Mill Street Brewery over 100th Meridian beer
The lawsuit will likely settle, but if it does go through to a judgement on its merits, it will be an interesting one to watch.
lgary – February 10, 2021
No commentsClick-Through Agreements
.
By Richard Stobbe
Sierra Trading Post is an Internet retailer of brand-name outdoor gear, family apparel, footwear, sporting goods. Sierra lists comparison prices on its site to show consumers that its goods are competitively priced.
Chen, the plaintiff, sued Sierra, claiming the website’s comparison prices were false, deceptive, or misleading. The internet retailer defended by asserting that the lawsuit should be dismissed: Sierra pointed out that users of its site agreed to binding arbitration in the Terms of Use.?? Chen countered, arguing that he had never seen the Terms of Use and so they were not binding.
In??Chen v. Sierra Trading Post, Inc., 2019 WL 3564659 (W.D. Wash. Aug. 6, 2019), a US court decision, the court reviewed the issues. There was no disagreement that the choice-of-law and arbitration clauses appeared in the Terms of Use. The question, as with so many of these ses, is around the set-up of Sierra’s check-out screen. Were the Terms of Use brought to the attention of the user, so that the user consented to those terms at the point of purchase, thus evidencing a mutual agreement between the parties to be bound by those terms?
Both nadian and US ses have been tolerant of a range of possibilities??for a check-out procedure, and the placement of “click-through” terms. This applies equally to e-commerce sites, software licensing, subscription services, or online waivers. Ideally, the terms are made available for??the user to read at the??point of checkout, and the user or consumer has a clear opportunity to indite assent to those terms. In some ses, the courts have accepted terms that are linked, where assent is indited by a check-box.
While there is no specific bright-line test, the idea is to make it as easy as possible for a consumer to know (1) that there are terms and (2) that they are taking a positive step to agree to those terms.
In this se,??STP claimed that Chen would have had notice of the Terms of Use via the websitea€?s a€?Checkouta€? page where, a few lines below the a€?Place my ordera€? button,??a line says??a€?By placing your order you agree to our Terms & Privacy Policya€?. The court noted that “The Consent line contains hyperlinks to STPa€?s TOU and Privacy Policy.”
On balance, the court agreed to uphold the Terms of Use and compel arbitration.??