On September 17, 2019, the Information Technology and Intellectual Property Law section and the Privacy and Access to Information Law section jointly presented Blockchain & Artificial Intelligence Meet Privacy Law: An Interactive Conversation on Strategizing for Clients. This important and timely program discussed the trends, risks and strategies associated with privacy considerations for blockchain and artificial intelligence.
Usman Sheikh (Gowling WLG) gave an informative keynote address about the intersection between blockchain and privacy legislation. For example, he identified that one issue relating to the European Union’s General Data Protection Regulation (GDPR) is how to exercise the right to be forgotten when information on blockchains is immutable. Similarly, he noted that the permanence of information on a blockchain raises the issue of how individuals can exercise their right to correct information under both the GDPR and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
The first panel, consisting of Naïm Alexandre Antaki (Gowling WLG), Kesem Frank (Aion Network) and moderator Sebastien Budd (Department of Justice Canada), discussed the benefits of blockchain, including how it can be seen as a “single source of truth”, meaning that a correctly implemented blockchain system should make it very hard for a bad actor to dispute they are a bad actor. The panelists discussed how this can help remove any incentive to be dishonest as such dishonesty will be immediately obvious to the others on the chain. On the other hand, the panelists also noted that blockchain poses challenges from a privacy perspective. For instance, because of the transparent nature of blockchain, each person may own a complete carbon copy of the raw data. Therefore, the question exists: how can you best protect personal information that others may have access to, at least in a limited way.
The laws applicable to blockchain are relatively ambiguous, which can make it difficult for those in the legal profession to give concrete advice. The panel emphasized the importance of creativity when advising in this area – think of the client and its needs, propose alternatives, give risks assessments and be honest about blind spots.
The second panel was an enlightening conversation on artificial intelligence and privacy between moderator Isi Caulder (Bereskin & Parr LLP) and panelists Helen Konozpoulos (ODAIA.ai), Migan Megardichian (Barrister & Solicitor / Certified Information Privacy Professional) and Carole Piovesan (INQ Data Law). AI is unique when it comes to privacy considerations, and the panelists explained that it can be challenging to navigate and provide advice in this area, because there are no AI-specific laws in Canada. Luckily, elements of existing privacy legislation and best practices can be applied to AI.
For example, the panelists noted that the principles of transparency and accountability found in PIPEDA are critical in an AI context. Organizations should be clear and transparent about their privacy practices. This can help build trust with consumers. Organizations should also create a sufficiently clear narrative to enable a consumer to understand the uses of data and to agree to trust the organization with his or her personal information. Consider whether, even if technically legal, a proposed use of information could be considered “creepy.” Similarly, organizations should assess whether they should be making certain uses of the data. For example, could a proposed use have a negative impact on vulnerable populations? In these cases, consumer trust can be quickly eroded and we have seen organizations face swift public backlash.
Finally, the panelists commented on the need for organizations to be accountable for their use of personal information and AI. This requires organizations to do their due diligence up front (e.g., data mapping, determining data flows, etc.), to have written policies and procedures in place, and to monitor and audit data use to ensure ongoing compliance.
AI and blockchain are rapidly evolving technologies and it will be interesting to see how the law develops, particularly as it relates to privacy. Stay tuned for further programs from the OBA on this and other exciting topics.
A version of this article was first published in the OBA Privacy and Access to Information Law Section Portal and the Information Technology and Intellectual Property Law Portal. Please go to www.oba.org