Canada: Federal Government Introduces New Privacy, Cybersecurity and AI Legislation

Jun 27, 2022Global Alliance for Digital Governance, News, Practices in Cybersecurity

Last week, the federal government introduced two pieces of legislation proposing major privacy, cybersecurity and data governance reforms. The first, Bill C-26, would enact the Critical Cyber Systems Protection Act (CCSPA), which aims to protect critical cyber systems in the telecom, financial, energy and infrastructure sectors and grants substantial new order-making and information-gathering powers to federal regulators overseeing them. The second, Bill C-27, would enact the Consumer Privacy Protection Act (CPPA), a previously proposed statute that has been updated since the last Parliament, and the Artificial Intelligence and Data Act (AIDA), which would govern the use of AI and automated decision systems.

If passed, the Bill would significantly reform federal private-sector privacy law. It would also introduce rules to regulate “high-impact” artificial intelligence (AI) systems under a new Artificial Intelligence and Data Act (AIDA).

AIDA would, among other things:

Establish a new Artificial Intelligence and Data Commissioner to support the Minister of Innovation, Science and Industry in enforcing AIDA

Make it an offence to make available or use an artificial intelligence system that is likely to cause serious harms

Like the EU’s recent proposal, the AIDA would take a harm-based approach to regulating AI by creating new obligations for yet-to-be-defined “high-impact systems.”

Boston Global Forum (BGF), Club de Madrid and AI World Society (AIWS) established the Global Alliance for Digital Governance (GADG) in September 2021. This is a part of the Social Contract for the AI Age, Framework for AI International Accord, and Remaking the World – Toward an Age of Global Enlightenment.