ARTICLE
28 March 2025

AI, Privacy And Data Protection: Balancing Compliance With Innovation

MT
Miller Thomson LLP

Contributor

Miller Thomson LLP logo
Miller Thomson LLP ("Miller Thomson") is a national business law firm with approximately 500 lawyers across five provinces in Canada — the broadest reach of any Canadian law firm. Partnering with clients across Canada and internationally, we bring deep local insight to a comprehensive range of business law, litigation and dispute services, as well as other specialized practices. We focus on understanding your business, your industry, and the factors that drive long-term growth and success. Learn more at millerthomson.com or follow us on LinkedIn.
Explore Firm Details
It is no secret that training and using AI involves the collection, disclosure, and processing of information, which also includes personal information.
Canada Technology
David Krebs,Kathryn Frelick,Jaclyne Reive
+1 Authors
 Your Author LinkedIn Connections
David Krebs’s articles from Miller Thomson LLP are most popular:
  • with Finance and Tax Executives and Inhouse Counsel
  • with readers working within the Automotive, Banking & Credit and Insurance industries

It is no secret that training and using AI involves the collection, disclosure, and processing of information, which also includes personal information. In Canada and most other jurisdictions, the collection, use, and disclosure of personal information is regulated to some extent. Data "scraping" is a live issue and concern. Developing AI or using AI can pose various privacy issues that need to be addressed in a way that protects the organizations from compliance risk as well as the privacy of those whose information is being processed in this context. Using personal information in AI may also be a matter of ethics in some cases.

Just because there is not yet an AI-specific legislation in Canada does not mean there are no Canadian laws that protect the use of personal information in AI. The Personal Information and Protection of Electronic Documents Act ("PIPEDA") and its provincial substantially similar counterparts, govern the collection, use and disclosure of personal information in the course of "commercial activities." Quebec has enacted a regime with monetary penalties in this regard.

Public-sector freedom of information and privacy legislation, as well health-specific legislation are present in every province. The themes in many of these legislative instruments include: ensuring organizations are accountable and transparent; obtaining individual consent when appropriate; limiting collection, use, disclosure and retention of data; and, employing security safeguards.

The call for legislation specific to AI has arisen contemporaneously with the innovation of new and emerging AI technologies. AI tools raise issues concerning (data scraping) privacy rights: non-consensual collection, biased inputs resulting in discriminatory outputs, and use or intentional misuse in the hands of malicious actors. For example, AI tools can be manipulated through the poisoning of data sets and can be used to execute cyberattacks such as malware and phishing attacks.

Miller Thomson's Privacy and Cybersecurity Team have been monitoring developments and continue to guide clients through balancing the innovation of new AI technologies while ensuring compliance with existing and new privacy, data protection and AI-specific legislation.

Want to learn more?

Download our complete guide: AI and the Law

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of David Krebs
David Krebs
Photo of Kathryn Frelick
Kathryn Frelick
Photo of Alexandre Ajami
Alexandre Ajami
Photo of Jaclyne Reive
Jaclyne Reive
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More