Industry Committee on Nov. 28th, 2023

Thank you. That's an excellent question.

My first reaction would be that this goes back to an important need for this bill to really be able to allow for regulations that will address discriminatory bias outputs that come from AI systems. If the bill is structured in a way that the obligation is clear and actually captures the range of ways in which algorithmic bias can arise, then companies will have an impetus to hire teams that are better enabled to anticipate and mitigate some of those harms.

One of the comments that I included in my introduction was that one of the issues, and what I see as one of the limits of this bill as it's structured right now, is that many occasions of discriminatory bias have been identified after the fact, usually through investigative reporting, usually by experts or people who experience these harms themselves and so have an understanding of the kind of harm that might arise. Then when that becomes publicly known and there's a public backlash, at that point there's an explanation that it was unforeseeable at the time the system was being developed or that the initial idea was developed to automate a decision-making process that was previously done by people, for example.

This bill, in the structure it is in right now, needs to be enabled to capture not just discrimination on recognized grounds but also discrimination by proxy for a recognized ground. Where a postal code might stand in or where employment status or previous experience of imprisonment or social networks might stand in to influence algorithmic decision-making and reflect a protected ground, this bill needs to really capture all the complexity of how these harms can arise so that companies are then motivated to ensure, to the best of their abilities, that this kind of discrimination doesn't happen.

This is also why we recommended an equity audit, which obviously would need more structure probably in regulation to really signal and advance the importance of equity and anti-discrimination in the development of these systems.

It's a crucially important point. I honestly do think that the companion document reflects the importance of that, but we don't see it fleshed out in the bill right now.

Mr. Chair, could I add just a very quick supplemental to that?

Mr. Masse, the question you ask is very important, but we need to recognize that one of the reasons there is the discrimination in algorithms is that they're being trained on data that is currently being used in other contexts.

I think we need to recognize that this problem is not just an algorithmic problem. It's a problem with discrimination that we have in this country that's not being addressed. What's the best entity to deal with that? It's the Canadian Human Rights Commission.

We don't need to solve this problem with AIDA. There's ample authority under the Canadian Human Rights Act to make extensive regulations. They need to be given the power to deal with all discrimination that's currently not covered, including algorithmic. Put the expertise in them, and do not separate them so that the Human Rights Commission is dealing only with older discrimination but not algorithmic discrimination. Let them deal with this so they can take a holistic view and deal with the problem.

Mr. Vis, thank you for the question.

I'm not familiar with that, and I don't know that it provides any insight into whether this bill would be adequate because there isn't proper management of IT.

However, to the extent that there's a requirement for expertise related to the regulation of AI, that expertise doesn't currently exist, in my view, within ISED. This is very complex. If you can't manage an IT system, how are you going to manage an AI ecosystem? If that's your point, I agree with you.

Thank you for that question.

In all the work I've done as a regulator over 15 years, the work that I think is most impactful and the work that I'm most proud of is developing the age-appropriate design code.

The code is a statutory code, which means it's enforceable by the commissioner and by the court. It's not guidelines.

It follows directly from the U.K. GDPR. It has some provisions in it that I would recommend need to be in the CPPA.

One of them needs to be a statement in the preamble or in the purpose statement that recognizes that companies need to provide services in the best interests of the child. That language comes out of the UN convention that I mentioned earlier. Canada is a signatory to that.

The best interests of the child—

Yes, I did—with my team.

We were directed by Parliament to write a code. It was a requirement in the act. It was a one-line requirement to have an age-appropriate design code.

My team worked for two years. We had 57 round tables across all industry sectors. We worked with child psychologists, parents, children themselves, the gaming industry, and the social media and video-sharing companies to come up with a code.

The code has been deeply inspiring to many countries around the world.

It does.

Obviously, the commissioner's office developed the code, but it was laid in Parliament. Parliament approved the code, which gives it the status before the courts that the code needs to be taken into consideration.

Yes. Because the CPPA gives the commissioner a new power to create codes and certification, there would be a vehicle in the CPPA for the commissioner to develop such a code as is happening across northern Europe, Argentina, Turkey, Ireland and many places around the world. The state of California has this code.