In light of proposed updates to Canadian consumer privacy laws, Constangy Cyber attorneys Suzie Allen and Laura Funk authored an article for the December 2023 issue of’s Legal & Compliance Excellence providing insight and guidance on this new legislation under consideration by Canada’s Standing Committee.

Aimed at protecting consumer data and instituting a groundbreaking AI regulatory framework, the Digital Charter Implementation Act would amend Canada’s Bill C-27, and it is imperative for businesses operating in Canada to understand how these changes may fundamentally affect how they do business.

Specifically, these new amendments center around the Consumer Privacy Protection Act (CPPA) and the Artificial Intelligence and Data Act (AIDA) with the overarching goal of creating a robust framework to ensure data privacy and AI accountability.

The CPPA helps provide more transparency to Canadians about how their data is being used. The CPPA replaces Canada’s Personal Information and Electronic Documents Act and can impose more severe penalties for violations. The amendments aim to place the duty of care back on the organization collecting the data rather than the consumer. The amendments assert that privacy is a fundamental right and emphasize securing children’s data. The proposed amendment for increased penalties also seeks to give the agency more enforcement powers to levy fines against non-compliant organizations. 

The AIDA would be a first-of-its-kind regulatory framework specifically for AI. The amendment would put organizations responsible for greater oversight of AI-related activities under their control. “The AIDA is designed to improve accountability and promote the responsible design, development, and deployment of AI systems,” explains Allen and Funk. 

The five proposed amendments to the AIDA include:

  • Requiring organizations to mitigate the risk of harm and bias to “high-impact systems.” 
  • Aligning with international discussions and broadening the scope of AI systems to match the pace of future changes. 
  • Differentiating roles and responsibilities for developing, managing, and making high-impact systems within the AI value chain.
  • Creating regulations for developing, managing, and making general-purpose generative AI systems like Chat GPT.
  • Enhancing the scope of the AI & Data Commissioner to levy fines and avoid cases being adjudicated by the Tribunal.

Businesses operating in or with Canada need to be aware of how these amendments affect their data and AI governance responsibilities within their organization. Bill C-27 is still under consideration with the Standing Committee; we will continue monitoring the Bill’s progress to inform clients of any new developments. 

For the full article, please click here.

Back to Page