Sam Ip, Wendy Gross
Dec 13, 2019
Over the past year, the trends we wrote about in 2018 have continued. We have also seen the development and adoption of new technologies in mainstream businesses continue to accelerate in many vertical markets, both in the business-to-business and business-to-consumer contexts. As opportunities relating to innovation in artificial intelligence (AI), and machine learning in particular, continue to grow, debates regarding the need for a regulatory framework to ensure the ethical use of AI and the adequacy of Canada’s privacy regime have become more active.
As in previous years, innovation in the financial services sector in Canada continues unabated. Developments in payments modernization and open banking are leading Canada towards a fundamentally different, and more complex, financial services ecosystem comprised of both incumbents and new FinTech entrants.
Over the past year, we have also seen the rise of new buzzwords, including “PropTech” and “UrbanTech,” as clients in bricks-and-mortar businesses such as real estate and infrastructure, led by initiatives like Sidewalk Toronto, start to recognize and embrace the opportunities presented by new technologies.
One final trend of note for 2019 has been declining interest in public blockchain. Secure private blockchain implementations, by contrast, continue at a steady pace, but are no longer accelerating.
Increasing adoption of AI technologies
Of the many technological advances over the past year, AI continues to take centre stage. In 2019, the number of public and private sector organizations embracing initiatives to implement machine learning within key parts of their business increased significantly. As expected, this activity was particularly pronounced in sectors that possess the high volume of relevant and structured data required to power machine learning algorithms, as well as the data governance practices necessary to effectively employ the data. Activity is high in sectors such as financial services, telecommunications, supply chain, transportation and retail.
Increased prevalence of ethics principles and standards
As AI in the mainstream has continued to grow, the debate regarding the need for regulation of AI has also accelerated. Given the slow pace at which legislation or regulations are developed and introduced, we have seen an increasing role for non-legislative standards and principles designed to establish a common language and framework for commerce and, as noted by the CIO Strategy Council, to act as a proxy for regulation.
Within Canada, the following directives and standards are particularly noteworthy
- On April 1, 2019 the Government of Canada published its Directive on Automated Decision Making (the Directive), which will take effect on April 1, 2020. The Directive sets out minimum requirements for federal government departments that wish to use an automated decision system (i.e., technology that either assists or replaces the judgment of human decision-makers). The objective of the Directive is to ensure that such technology is deployed in a manner that reduces risks to Canadians and federal institutions, leading to more efficient, accurate, consistent and interpretable decisions. The Directive is now in its operationalization phase. Further guidance is anticipated in 2020 that will provide details about how organizations can comply with specific requirements, such as those related to transparency or explainability.
- On October 2, 2019, the CIO Strategy Council published a new National Standard of Canada, the CAN/CIOSC 101:2019 – Ethical design and use of automated decision systems, designed to help organizations design and implement responsible AI solutions. This standard provides a framework and process that can be both measured and tested for conformity. The framework is intended to offer consumers confidence in the technologies that are providing information, providing recommendations or making decisions using AI and machine learning.
On the international front, the following standards and principles have attracted attention
- In February, the ISO/IEC JTC 1/SC 42, tasked by the International Standards Organization with carrying out standardization activities for AI, published the ISO/IEC 20546:2019 standard that sets forth a set of common terms and definitions to promote communication and understanding of big data.
- In May, OECD member countries approved the OECD Council Recommendations on Artificial Intelligence, which sets out principles for the stewardship of trustworthy AI. Shortly thereafter, in June, the G20 adopted G20 AI Principles that were drawn from the OECD principles. Given the profile of the OECD and G20, we expect many regional or sector-specific standards will make reference to these principles.
As we head into 2020, we expect that novel and complex legal issues will continue to surface. AI-specific regulations will emerge (e.g., in the area of copyright, factoring in the report of findings from the parliamentary review of the Copyright Act), and numerous ethics standards and principles will converge. Advising clients within such an unpredictable regulatory framework presents unique challenges. Practitioners in this area will need to be creative and nimble, with a focus on ensuring clients have preserved the flexibility in their commercial arrangements needed to adapt to regulatory requirements as they evolve.
Privacy compliance, data security and data use are becoming more complex than ever
The Privacy Commissioner of Canada has stated that, while AI solutions have the potential to foster significant societal benefits, they also present challenges to privacy and data protection rights and should be developed with “privacy by default and by design.”
As machine learning solutions reach the mainstream and move beyond simpler data analytics, the issues relating to data security, data use and data quality become more pronounced. The business models of many AI solution providers depend on their ability to use customers’ data to “train” their solutions and to deliver the value promised. As a result, discussions regarding data use rights and regulatory compliance have become more complex, with a need to focus on data use, data quality, de-identification standards and processes, data security and incident management, as well as valid consent. All of this must be addressed within an increasingly complex ecosystem where the achievement of data privacy compliance is often a shared responsibility among multiple stakeholders.
For lawyers advising clients in connection with AI-based commercial arrangements, it is often necessary to unpack broad definitions of data found in more traditional services agreements in a way that has not previously been required. It is necessary to consider its constituent elements, including customer input data, prediction data, a provider’s pre-existing data and generated data. This unpacking is increasingly essential to ensure that each party’s rights and responsibilities with respect to data use, data security and privacy compliance are appropriately addressed.
In recognition of the need for a common licensing framework for data in the machine learning context, a multi-disciplinary team of lawyers and Canadian researchers from the AI community collaborated to publish the Montreal Data License with the goal of reducing the ambiguity found in common data licenses. While it is not yet clear whether a significant number of organizations will adopt the Montreal Data License, the concepts set out in it serve as a useful framework for engaging in data licensing discussions.
Financial services evolution: Payments modernization and open banking
The financial services industry in Canada continues to be a key leader in embracing innovation and new technologies. FinTech start-ups are emerging within the Canadian market at a swift pace. New entrants are seeking to compete with and disintermediate the incumbents or partner with the incumbents (and in many cases both simultaneously). At a macro level, in addition to an increase in the adoption of AI, the developments outlined below are continuing. Over time, they will contribute significantly to the transformation of the financial services sector in Canada.
Payments Canada continued its efforts to modernize the Canadian payments system to enable fast, secure, flexible, data-rich payment and settlement capabilities. Specifically
- On June 24, 2019, Payments Canada published a case study that evaluated the benefits of adopting ISO 20022 (the global payments messaging standard). The study concluded that adoption of this standard resulted in greater insight into treasury and cash management, the reduction of manual processes and increased visibility into the value chain. All of these benefits have the potential to increase productivity while reducing costs.
- On October 9, 2019, Payments Canada requested feedback on Lynx Policy Framework (the Framework) that will inform the drafting of by-laws for Canada’s new high-value payments system. The Framework sets out policies regarding (1) access to the system; (2) finality of payment; and (3) service charges.
Financial institutions and payments solution providers are monitoring these developments closely, as they will require large scale implementation of new payment systems.
Open banking refers to an initiative that will enable customers to securely share their banking data with third parties through digital channels, with the goal of promoting innovation and improved access to novel financial products and services.
In January, the federal government released a consultation paper, “A Review into the Merits of Open Banking,” as part of its efforts to undertake a review of the merits of open banking. Later in June, the Standing Senate Committee on Banking, Trade and Commerce released its report entitled, “Open Banking: What it Means for You” (the Report), where it called for “decisive action from the federal government to move forward with an open banking framework.” The Report makes many recommendations to the federal government, including
- designating the Financial Consumer Agency of Canada (FCAC) as the interim oversight body for screen scraping and open banking activities
- providing immediate funding to consumer protection groups to help them conduct and publicize research on the benefits and risks of screen scraping and open banking activities
- facilitating the development of a principles-based, industry-led open banking framework
Notwithstanding the Report’s call to action, progress has been slower than expected. Regulatory efforts are taking place globally, with particularly significant progress being made in the EU, U.K. and Australia. However, it remains to be seen whether Canada will follow suit in 2020.
PropTech and UrbanTech
The potential for innovation in the bricks-and-mortar world beyond the retail industry has been recognized for years. In 2019, this potential began to become a reality. Clients are starting to embrace technologies such as cloud computing and robotic process automation to vastly improve business processes and efficiency. They are also pursuing digital strategies to leverage data that they had not historically recognized as a valuable asset.
Perhaps spurred by initiatives such as Sidewalk Labs, the transformation of the real estate and infrastructure sectors also appears to have begun. Industries that have not historically focused on technological innovation will face challenges in unlocking the value of data or intellectual property as an asset. Industry players that are successful in making this transformation will, in our view, have a meaningful competitive advantage over those that are not.
The slowing of blockchain and distributed ledger technologies activity
The pace of commercial activity in the blockchain space has decelerated due, in part, to the maturation of the innovation lifecycle and the lack of viable and economical use cases. Continued data privacy and security concerns have also contributed.
Security and privacy concerns remain a common theme in enterprise applications of blockchain and distributed ledger technologies (DLT). For instance, in August, the Privacy Commissioner of Canada released a joint statement with representatives from the global community of data protection and privacy enforcement authorities in five other countries (Albania, Australia, Burkina Faso, the U.K. and the U.S.) in respect of the Libra network (i.e., the permissioned blockchain digital currency proposed by Facebook Inc. that is targeted for launch next year). The statement emphasized the need to incorporate good privacy governance and privacy by design principles, as they are “key enablers for innovation and protecting data.”
To address these concerns, we have seen organizations deploy private blockchains, such as Hyperledger Fabric, within the organization’s secure private network that is not accessible to the public. These private blockchains often enable the organization to set access controls to further mitigate against the risks associated with security and privacy of personal or sensitive data. In cases where public blockchains are used, such as Ethereum, organizations are now increasingly raising concerns about storing private or sensitive information directly on the blockchain. Where the storage of information is required, often a pointer or hash is stored on the blockchain that references data that is stored off the blockchain or DLT. The data is secured by other means and is not publicly accessible.
A number of new standards seeking to assist with the proliferation and adoption of blockchain technology were published in 2019. Most notably, in September, the ISO/TC 307 Committee, approved by the International Standards Organization to develop blockchain and DLT-related standards, published the ISO/TR 23455:209 standard. This standard focuses on the technical aspects of smart contracts. It describes what smart contracts are and how they work, including various technical methods of establishing interaction between multiple smart contracts. We find this type of standard to be a helpful framework for engaging in discussions about smart contracts.
Heading into 2020, we do not see the pace of digital innovation, growth in AI or transformation abating. We expect that 2020 will be a year in which the regulatory and technological environments will continue to evolve, accompanied by more transformation and disruption in key industries. For lawyers advising clients in this area, it is an exciting time to innovate and create new market standards to keep pace with clients’ evolving businesses.