Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
This article, which reviews the Canadian Consumer Privacy Protection Act, first seeks to identify the delta between the Act and PIPEDA in order to allow privacy officers of organizations that are already PIPEDA compliant to identify the net new compliance requirements under the Act and second, to highlight the provisions of the Act which, if breached, could lead to the imposition of significant fines.
In June 2022, Bill C-27, or “An Act to enact the Consumer Privacy Protection Act (the Act) and, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts” (Bill C-27) was introduced by the Minister of Innovation, Science and Industry, and underwent First Reading, as a replacement to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). (This is in fact the second effort by the federal government to enact this replacement to PIPEDA. In 2021, Bill C-11 (An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts) — the mooted replacement for PIPEDA — passed Third Reading of the legislative process, but Canada then had a federal election, and as a result Bill C-11 died prior to being enacted.) Prior to the introduction of the Act, there were concerns that it would effectively be a “’Made in Canada’ GDPR”. However, while the Act has taken the lead from the EU General Data Protection Regulation in introducing financially enormous penalties, as well as the right of data portability and the right to be forgotten, enough of the original PIPEDA remains such that the Act is now effectively a PIPEDA/GDPR hybrid.
Continue reading by getting
started with a subscription.
By Jonathan Moskin and Rachel Pauley
The emerging cases by authors and copyright owners challenging various generative AI programs for using copyrighted materials are certain to create new troubles for the courts being asked to apply the fair use doctrine to this important new technology.
By Stéphanie Faber and Charles Helleputte
Since April 2023, French regulation makes the payment of insurance compensation in case of cyberattacks conditional on the filing of a complaint within a reduced time frame. This regulation has been enacted in the context of the French government decision to fight against the resurgence of cyberattacks, together with ransom demands, which have a significant impact on the economy.
By Ed Lanquist, Jr. and Dominic Rota
At what point does a “smart” computing system, or advanced software program, qualify as AI in the eyes of pertinent regulatory or judicial authorities? When is an individual considered to have merely deployed an AI-based computing tool to assist with creating a work of art or conceiving of a technological innovation? Each of these questions is explored in this article, giving consideration to currently prevailing guidelines from administrative bodies and the courts.
By Peter Collins
In the hands of a motivated insider with only average technical proficiency, AI becomes a uniquely effective tool with which to penetrate an organization’s complete security infrastructure for any number of malicious purposes.