The Office of the Privacy Commissioner (OPC) is correct that PIPEDA falls short in its application to artificial intelligence (AI).1 Commercial organizations throughout Canada’s vertical industries are introducing AI to replace and/or supplement human decision-making and analysis. At the same time, AI requires vast amounts of personal information to perform well and return promising results. For these reasons, AI is profoundly impacting the way we use personal information, both in terms of our policies and practices, and the types of activities we use personal information for.
Nonetheless it is important to stay prudent in our approach to regulating AI. Overregulation would have serious ramifications for innovation in Canada, limiting the potential benefits AI has to offer, and hampering current efforts to establish Canada as an international leader in AI. Likewise, an inadequate regulatory response would leave individuals without the explicit tools and levers needed to protect themselves and their personal i
