Industry Committee on Nov. 30th, 2023

Hello and thank you for inviting me and offering me the opportunity to address you.

I am going to give my presentation in French, but then I will be able to answer questions in English or French. In these five minutes, I am going to try to focus on the concepts of privacy, explainability and fairness in artificial intelligence.

First, there is an important element that does not seem to be addressed in the bill. When you are training a learning model, essentially, it will summarize the personal data that was used for training it. An assessment of the privacy-related factors will therefore have to be done, taking into account state of the art attacks. In my research community, for example, we try to show that using a learning model, or a "black box", like a neural network, training data can be reconstructed.

In addition, a challenge that we will have in the future, and that we have now, is that most learning models that people develop are improved using pre-trained models that were themselves trained using personal data that we do not necessarily know the origin of. I would therefore say that there are going to be very considerable challenges in this regard, in particular in the case of high-impact artificial intelligence systems.

We can also see that there are going to be difficulties regarding the creators and users of the models. For example, in the bill, section 39 of the Artificial Intelligence and Data Act says that people are responsible for the use of a learning model, but when we talk about foundation models, which are the basis of tools like ChatGPT, those models can be used for a lot of things. It is therefore difficult for the creator of a model to predict all the beneficial or harmful uses that could be made of it, and so, in practice, we have to distinguish between the person who created the model and the use made of it in a particular case.

Regarding explainability, which is the second important subject, apart from providing an explanation to someone about the reason for a prediction, they also have to be given a clear explanation of what data was collected, the final result, and the impact on the individuals. It is particularly necessary to be transparent in these regards and to provide a comprehensible explanation in the case of high-impact artificial intelligence systems so the person has remedies. Without a good explanation, essentially, they cannot question the decision made by the algorithm, because they do not understand it. In the case of high-impact systems that affect people, they should also have the ability to contact a human being, somewhere in the process, who has a solution that allows for the decision to be reviewed. This is a concept that is missing in the bill.

Overall, therefore, an impact analysis has to be done that takes into account not only privacy-related factors but also these ethical issues. I have not mentioned fairness, but that is also an important point. Apart from the law, another challenge we are going to encounter will be to adopt standards based on the fields of application, in order to define the correct fairness indicator and incorporate it into artificial intelligence systems, and the right form of explanation to offer. It will not be the same in the medical field as it is in banking, for example. The protection mechanisms to put in place in each context will have to be defined.

I would like to conclude my presentation by talking about the risk associated with fairwashing, an issue I have done some work on. Essentially, it requires concrete standards that define the fairness indicator to be used in a particular context, because there are many different definitions of fairness. Debates have already arisen between companies that built artificial intelligence systems and researchers regarding the fact that a system was discriminatory. The company said the right indicator had not been used. Without precise standards put in place by the stakeholders, therefore, companies could cheat and say that their model does not discriminate, when they have chosen a fairness indicator that works to their advantage. It is also very easy to come up with explanations that seem realistic but in no way reflect everything the "black box" does.

I would therefore say that the fairwashing issue could become apparent when the bill is put into effect. We have to think about ways of avoiding this and adopt concrete standards that will not necessarily be in the legislation, but will be defined afterward, to avoid the legal uncertainty surrounding fairness indicators and forms of explanation relating to privacy issues.

Finally, if I have 30 seconds left, I would first like to address one last point regarding privacy. The difference between the definition of anonymized data and the definition of de-identified data is always difficult for me, because, as a privacy researcher, I know there is no perfect method of anonymizing data.

The bill refers to anonymized data, an irreversible process, and de-identified data, a process that could be reversed someday. In fact, I think there really is no perfect method. Therefore, even when we are told that data is anonymized, in general, there are always risks that it will be possible to identify the person again by cross-referencing with other data or other systems. The difference between the definitions of these two terms could be clarified, or in any event should be clarified by providing additional explanations.

I hope I have not gone too far over my speaking time.

Thank you, Mr. Chair.

I want to thank the members of the committee for having me here today.

My name is Philippe Letarte and I am head of policy and public affairs at Flinks Technology Inc.

Flinks is a technology company founded in Montreal whose mission is to enable consumers to control their finances and to create a customer-centred banking environment. That banking environment, which is also called an open banking system, is based on consumers' ability to control and direct the use of their financial data so they are able to receive the best financial services and products available to them.

To facilitate the discussion period and avoid any potential confusion relating to the technical terms, I am going to continue the rest of my address in English.

Flinks is pleased to see that the notion of control, or “consent” in the context of privacy legislation, is apparent throughout the CPPA, which, once enacted, will clearly constitute the cornerstone of all activities organizations engage in that involve the processing of personal information. This is a much-needed overhaul of the CPPA’s predecessor. It will introduce a more consumer-protectionist approach to processing activities, while also moving Canada’s privacy regime closer to what has been established across other OECD countries. Flinks is pleased to see that consent will now form the basis for all personal information processing activities.

As previously mentioned, one of Flinks' raisons d'être is to give consumers control over their personal and financial information, and more specifically to direct how such information is used and by whom. Inherently, this involves many participants in the ecosystem in which Flinks currently operates.

We do, however, remain concerned about the following wording set forth in proposed section 72 of the CPPA: “if both organizations are subject to a data mobility framework.” This proposed language raises questions related to how an organization takes part in this framework, whether there will be multiple frameworks for different types of organizations, what limits are in place if a given organization is not part of said framework, and what the requirements will be to remain compliant with such a framework.

This language is also incompatible with the proposed language in last week's fall economic statement and the policy statement on consumer-driven banking, which states that the federal “government will mandate participation for federally-regulated” entities.

It is now an indisputable fact that jurisdictions with successful open banking regimes have not only forced the participation of an overwhelming majority of their financial institutions and third parties in the framework but have also, because of strong and clear regulations, given confidence to consumers that adequate protections were put in place.

With the current wording, there’s a risk of inadequacy in CPPA and upcoming future consumer-driven banking regulations, in terms of which entities and datasets are covered by which framework, leaving Canadian consumers confused, and depriving them of the benefits of customer-driven finance. We therefore recommend changing the wording of proposed section 72 to make the participation in the data portability framework mandatory for organizations in the financial sector—not “if”, but “when”—and to avoid any potential loopholes or flaws among different regulations dealing with data portability rights.

We also have concerns about the concept of the “legitimate interest” exception to consent in proposed subsection 18(3) and proposed subsection 18(4) of the CPPA. The inclusion of this exception appears to lend itself to abuse in the absence of any further guidance or clarification, as no definitions are provided for “legitimate interest” or “adverse effect”. This creates the possibility of a scenario in which organizations are left to conduct their own assessment as to what the weights of a legitimate interest and adverse effect are, without any further information to rely upon in doing so. This is problematic, as an organization may, for example, seek to use the “legitimate interest” exception as a way of curtailing any limits the CPPA places on consent or on secondary uses of personal information. This type of interpretation or application of a legitimate interest by a participant in an open banking environment would completely erode any trust in open banking in Canada.

In light of this, please allow us to respectfully recommend clarifying this provision by establishing clearer definitions or providing assessment criteria for what a “legitimate interest” and an “adverse effect” are. In the same vein, we respectfully ask the committee to also clarify the types of scenarios or criteria for determining what is “clearly in the interests” of an individual, as mentioned in proposed subsection 29(1) of the CPPA.

In conclusion, I would like to reiterate the urgent need for Canadians to benefit from a true customer-driven banking system. Since the advent of the digital economy, not a great number of public policies have proven to be as beneficial as open banking. It helps drive competition and innovation in a very concentrated and archaic sector. It empowers consumers to make better-informed financial decisions while giving them control over their own data. It enhances the financial inclusion of the most vulnerable. It reduces drastically the cost of operation for small business owners and it stimulates entrepreneurship and foreign investment, and so on.

The measures proposed in the fall economic statement, doubled with the provisions and protections established by the CPPA, represent a unique opportunity to provide Canadians with financial freedom and adequate privacy protections while bridging the competition gap with trading partners and other modern economies.

I am happy to answer any questions the committee may have to the best of my capabilities.

I will answer equally well in French and English.

That would be proposed subsection 29(1) in clause 2.

Hello, Mr. Chair and members of the committee.

Thank you for offering us the opportunity to present our comments.

My name is Alexandre Plourde. I am a lawyer with Option consommateurs. With me is my colleague Sara Eve Levac, who is also a lawyer with Option consommateurs.

Option consommateurs is a non-profit association whose mission is to help consumers and defend their rights. As a consumers' association, we are in regular contact with people who are having privacy-related problems. In recent years, we have often become involved in privacy issues, for example by publishing research reports and taking part in consultations on proposed legislation. We have also initiated large-scale class actions, including under the federal Privacy Act.

As you can read in the brief we have submitted to the committee, Bill C-27 contains a number of flaws, in our opinion, particularly regarding the exceptions to consent, the absence of a right to be forgotten, the limitations on the right of portability, and management of individuals' data after their death.

Since our time is limited, we will first address two aspects of Bill C-27 that are of particular concern to us.

First, I am going to talk about Bill C-27's lack of deterrent effect and the obstacles this may create for civil actions by consumers. Second, I am going to talk about the flaws in relation to children's privacy.

Our first concern relates to Bill C-27's lack of deterrent effect. We believe that the bill contains flaws that could make enforcing it problematic. First, although the bill contains high administrative monetary penalties, only certain violations of the act can result in such penalties being imposed.

Second, the Privacy Commissioner will not have the power to impose penalties directly; they will be able to do so only by recommending to the new personal information and data protection tribunal that penalties be imposed. That additional step suggests, at least, that there will be significant delays in applying the penalties imposed on businesses that commit offences.

In addition, the deterrent effect of legislation is also based on the public's ability to rely on it in the civil courts. However, we believe that the new private right of action provided in proposed section 107 in the bill seriously threatens consumers' ability to apply to the courts to exercise their rights. The problem arises from the fact that the new private right of action allows a company to be sued only if prerequisites are met, requiring, in particular, that the situation have first been dealt with by the Commissioner.

In our opinion, it is entirely possible that the big companies targeted by class actions will rely on these very stringent conditions in order to defeat the legal actions brought against them. There will then be interminable proceedings in the courts to determine the scope of the federal private right of action, given the provinces' constitutional jurisdiction over civil law.

We therefore invite the government to clarify that section 107 is in addition to the other civil remedies provided in provincial law, to ensure that it does not obstruct civil actions instituted under Quebec law.

I will now give my colleague, Ms. Levac, the floor.

Thank you for the invitation and for this opportunity to speak about the artificial intelligence bill and its application to data.

I am not going to reiterate some of the things that Mr. Gambs discussed earlier. However, I would like to come back to certain things in the bill that are not entirely clear, in my opinion, or that should be clarified, particularly when we are talking about biased output. This is one of the things that caught my attention: what is a biased output and how is a biased output arrived at?

Artificial intelligence will never give 100% true output. It is always based on learning, and that learning is what determines that it gives a recommendation or decision, or that it generates new information, new data.

If a person is the subject of biased output, is that the responsibility of the business or organization that created the bias? Is a bias normal? A machine learning system might have a certain degree of success, 90% or 97%, for example. Artificial intelligence will never be 100% true, today. What caught my attention is really the definition of biased output.

I want to draw attention to the learning and the data. Learning takes place using data, but the business has the complete ability to fragment the data among various organizational structures. A piece of data, of information, can even be transformed. The bill raises the fact that there would have to be information about how data is managed and how it is anonymized.

There is also anonymous or de-identified data, as was mentioned. But how can we make sure that the business has not fragmented that data in such a way that it could retrace it? That information cannot be fund in an audit. This is a very important factor to consider in terms of enforceability. I can present you with an entire manual that shows that I have properly anonymized my data and how I manage it, but you cannot be certain that what I used for the learning was that anonymized data. Even if we can go back to find out a bit about the data that was used, as Mr. Gambs said, that is always going to be a difficult and relatively complex job to do.

The last point I would like to address is when we talk about a high-impact system, as you define it. We can say that it is the loss of confidentiality, integrity or availability of data that may have serious or catastrophic consequences for certain individuals or certain entities. If the business defines its system as having a 97% success rate, that means it will always have a 3% failure rate.

So does the case you are looking at fall into that 3%? How can we determine that we are in one of those situations, where a prejudice or bias against a very specific person is created, in spite of the fact that the learning was done correctly?

There are therefore a number of challenges relating to the data that you use: how do you make sure that it is anonymous, that it has not been fragmented or modified? The business will have the complete ability to retrace the data, but an auditor who wanted to do the same thing would find the job very complicated and very complex.

Even if things are done very properly, what is a bias and what is a biased output? How do we make sure that biased output, which does not work and which harms an individual, does not fall within the 3% failure rate in the learning?

Thank you. I am available to answer your questions, in English and French.

I am from Université Laval.

I will be happy to answer your question. I want to make sure I understood it.

Let's talk about anonymous data. Assume that for the machine's learning, I do not use a person's name, or their race or origin, or social insurance number...

Learning is when we give a machine a certain amount of data. The learning may be supervised or not, and I am going to limit my remarks to those two types of learning.

In the case of supervised learning, the machine is given a body of data that will be identified. For example, you say that Sehl Mellouli is a professor. You can add that he belongs to an ethnic minority or his behaviour is excellent, average or bad, for example. That is how you do it so that the system learns from the data you have identified.

As a result, the system can use personal data about Sehl Mellouli to carry out learning by identifying the data that say what kind of person he is, without anonymizing that data. From that personal data, the system can learn.

If the data is anonymous, so much the better. If it is not anonymous, the system will learn from data that is not anonymous and will be able to profile Sehl Mellouli based on a context it chooses, such as his origin, his accent, or what kind of person he is.

That's right.

I always tell my students that if their system gives them results that are 100% correct, there is a problem. This is a computer program that is learning. When you learn from hundreds of thousands of pieces of data, you cannot be certain that all the data being used for learning is right. Systems always have degrees of success, which are used to evaluate their capacity.

Take ChatGPT, for example. It may give you the right answer to a question today, but it may also give you the wrong answer sometimes.

It depends. They are not industry criteria and Mr. Gambs can correct me if I am wrong.

The success rate is used to evaluate the systems. If you are building a new system, you sometimes compare its success rate to the one for other systems or other algorithms. You are trying to create the best learning system possible. Sometimes you may find one that gives a 90% success rate, compared to others for which it is 80%.

Some researchers are working on improving the capacities of these learning systems in order to expand them or increase the success rate of predictions in terms of the output obtained.