Wendy Gross, Sam Ip
Dec 8, 2020
This past year we have continued to see considerable advancements in the technology sector. The COVID-19 pandemic has increased consumer and business reliance on technological solutions and added a level of complexity to the delivery of services.
The pandemic has had a significant impact on commercial contracting. Key contractual terms, such as those relating to business continuity, force majeure, service delivery, information security standards and incidents, and risk allocation require increased consideration, adjustment and negotiation.
There have been numerous developments in artificial intelligence (AI), an increase in the relevance of open data and further progress in payments modernization and consumer-directed finance (open banking). As data-driven solutions become more important, we have seen industries turn to open data for access to the information they need to solve problems and meet the needs of consumers and businesses. Additionally, there has been an increased need for the efficient and reliable delivery of financial services to both individuals and businesses, which has caused a heightened focus on Canada’s payments modernization and open banking initiatives.
Commercial contracting and COVID-19
The COVID-19 pandemic has presented challenges and unique issues for commercial contracting that should not be overlooked. These issues are often not adequately addressed by an organization’s standard provisions or risk management framework. Contract negotiations have become more challenging in light of the uncertainty of the business environment, with delays and rapid change impacting timelines.
In addition, a fresh look at many key contractual terms is required to assess whether and the extent to which they should be adjusted. For example:
- Business continuity terms – Both customers and suppliers may need to consider the business continuity provisions to take into account potential impacts and recourse associated with the COVID-19 pandemic. Customers may wish to conduct additional due diligence to review the supplier’s business continuity plan. Suppliers will have to ensure their business continuity plans are able to meet customer requirements.
- Force majeure and change in law terms – Parties should consider whether standard force majeure provisions and definitions as well as provisions regarding changes in law and their impact on the contractual terms are sufficient to provide the intended risk allocation.
- Service delivery requirements – Provisions may need to be adjusted to account for the impact of the COVID-19 pandemic on service commitments, milestones or timelines. Consideration needs to be given to items such as remedies for late delivery, risks associated with future-state delivery commitments and the ability to meet standard service level commitments.
- Security standards, protocols and processes – The framework associated with security may need to be assessed and adjusted to account for the fact that services are, in many cases, being delivered in a work-from-home environment. Certain security requirements may not be possible to achieve in light of this change and alternative, mitigating standards may be appropriate. Similarly, security incident monitoring, notification and management protocols may require adjustment to account for the way in which services are currently being delivered.
For more details on the impact of the COVID-19 pandemic on commercial contracting, please see our Osler Update, “Working together while working from home: Key considerations for technology and other commercial service agreements” on osler.com.
AI continues to be of central importance to developments in technology and innovation. It is increasingly being adopted in various sectors and verticals, including financial services, telecommunications, supply chain, transportation and retail. As AI becomes more prevalent, there has been an increased emphasis on the development of standards to address potential risks that accompany the application of automated decision making. Organizations should be aware of these standards and how they will apply to their own application of AI and big data decision making.
These are some examples of areas where there is an increased focus on AI standards:
- There is growing concern about the ethics of using AI. In response to this, there has been greater focus on ethics standards in M&A transactions and commercial contracting. In many cases, this results in specific terms being imposed on service providers and organizations regarding their ethical practices. Such terms can require compliance with ethical declarations and statements, such as the Montreal Declaration, which sets out 10 principles and eight recommendations to help guide the development of ethical AI. To address these ethical concerns, new organizations and consultants have emerged to assist with these efforts. For example, the Montreal AI Ethics Institute helps organizations comply with ethics declarations, like the Montreal Declaration.
- The use of AI combined with big data raises concerns about the risks related to the use and consumption of the underlying information. The role of de-identification of data has become more important in the construction of AI models and in AI’s use of big data as it can serve to mitigate these risks. Organizations such as the Canadian Anonymization Network (CANON) are working to develop a framework of principles for effective anonymization that are technologically and sectorally neutral. These efforts are expected to help organizations feel more confident about their use of AI and big data.
- The growth of AI has been accompanied by concerns surrounding the privacy implications of AI’s applications. This November, the Privacy Commissioner of Canada published a number of recommendations on reform for the private sector privacy legislation (PIPEDA). The recommendations propose new exceptions to consent requirements, which would allow data to be used for the training of AI and the development of AI initiatives. The recommendations also propose to add two new rights for individuals to challenge AI decision making – a right to meaningful explanation and a right to contest. The rights would bring Canada closer in line with recent European Union changes to provide more protection to individuals regarding their personal information. The recommendations also propose that all automated decisions be regulated. If implemented, this change may have a profound impact on future AI developments.
Principles, standards and services relating to AI continue to develop and evolve. Following the establishment of the CAN/CIOSC 101:2019 standard on the Ethical Design and Use of Automated Decision Systems that was published last year, the CIO Strategy Council has launched an AI Ethics Assurance Program in collaboration with KPMG. The program will help organizations obtain assurance that their controls meet the criteria for ethical design and use of automated decision making set out in the CAN/CIOSC standards.
Similarly, the OECD, which adopted its Principles on Artificial Intelligence in 2019, continues to develop and evolve its AI principles. It recently launched the OECD.AI Policy Observatory, which combines resources on AI and facilitates a dialogue between multiple stakeholders in order to develop effective and fair AI public policy. The continued proliferation of competing standards will pose significant challenges to both developers and users of AI, as they seek to take advantage of the promise of AI in a way that meets what is fast becoming a patchwork of potentially overlapping and differing requirements.
As we look ahead to 2021, we expect that AI will continue to be incredibly important to technological developments and innovation in Canada. It is likely that we will see these ethical standards and data governance frameworks start to shape how AI is applied and developed, and as they continue to develop, we hope that there will be a convergence of standards worldwide to facilitate and foster a consistent approach.
Open data has become increasingly relevant in the Canadian innovation landscape. Open data is defined by the Government of Canada as “structured data that is machine-readable, freely shared, used and built on without restrictions.” While not widely known, the Canadian government was one of the leaders in the establishment of the Open Data Charter.
The COVID-19 pandemic has demonstrated how open data can be leveraged to exchange information and to accelerate research, particularly when paired with advances in AI that are often reliant on large volumes of structured data. Companies across sectors may start to use open datasets more frequently in their research and development.
Here are some noteworthy observations from our survey of Canada’s open data landscape in 2020:
- A majority of the provinces and territories have adopted open data policies, directives or guidelines. Most of these provinces also have open data websites or portals, evidencing an interest in leveraging open data solutions in the public sector. Additionally, several provinces and territories have adopted open data licences in some form. The federal government’s licence version 2.0 is drafted in a largely permissive manner that permits copying, distribution, adaptation and exploitation for lawful purposes.
- In the private sector we have seen notable efforts to promote open data in the context of smart cities. Additionally, we have seen a reliance on existing open data licences by Creative Commons and Open Data Commons, which provide a broad scope of usage rights with few use limitations.
- Several organizations have developed data standards and frameworks for open data. For example, the CIO Strategy Council has published two standards on data governance, CAN/CIOSC 100-1:2020 and CAN/CIOSC 100-2:2020. These standards set out the requirements for data protection and privacy safeguards in the context of open data sharing.
We expect that Canada will continue to support open data initiatives in 2021, solidifying its position as a global leader in this area.
While we have seen a declining general interest in public blockchain, the blockchain sector has continued to mature, with a focus on more pragmatic uses for blockchain. In addition to cryptocurrency, the most widely recognized use of blockchain, there have been solutions focused on digital identity and supply chain implementations. In these cases, the benefits of a technology solution based on a distributed, immutable ledger outweigh the complexity and costs to implement and maintain such a solution.
Security and privacy issues remain at the forefront of blockchain considerations. Many organizations have elected to deploy private blockchain implementations, such as Hyperledger Fabric, within their private networks. These enable the organization to set access controls to further mitigate the risks associated with security and privacy of personal or sensitive data.
A number of new standards seeking to assist with the proliferation and adoption of blockchain technology were published in 2020. Most notably, in July, the ISO/TC 307 Committee, approved by the International Standards Organization to develop blockchain and DLT-related standards, published two new standards: (1) the ISO 22739:2020 standard that provides a common vocabulary by establishing fundamental terminology for blockchain distributed ledger technologies; and (2) the ISO/TR 23244:2020 standard that provides an overview of privacy and personally identifiable information protection as applied to blockchain systems. These two standards supplement the ISO/TR 23455:2019 standard that describes what smart contracts are and how they work, including various technical methods of establishing interaction between multiple smart contracts.
These standards will provide a helpful framework for engaging in discussions regarding the use of blockchains, though whether these standards will be widely adopted remains to be seen.
Payments Canada has continued to push forward with its modernization plans to improve Canada’s payments system. Their current proposal seeks to establish a national system for clearing and settlement of payments to ensure a faster, more efficient payment infrastructure. In May, Payments Canada published its Annual Report, highlighting the progress made on modernization. The main developments include
- the progression of Lynx (a new high value payment system), where Payments Canada advanced timelines to leverage the SWIFT ISO 20022 (the global payments messaging standard) deadline and solidified industry partnerships
- the progression of the Real-Time Rail (a new real time payments system) with Payments Canada’s members and partners and Payments Canada’s recent announcement of its partnership with Mastercard’s Vocalink as the clearing and settlement solution provider for Real-Time Rail
- new service offerings, like initiatives to support ISO 20022 and API development, as well as to address the rising payments knowledge gap through international collaborative efforts
Shortly after the report was released, Payments Canada announced the availability of ISO 20022 messages for Lynx. This will allow system participants to prepare to leverage the value of ISO 20022, as well as supporting financial institutions in their preparations to meet SWIFT’s ISO 20022 migration date (2022) for cross-border payments.
More recently, Payments Canada has announced changes to the Payment Items and the Automated Clearing Settlement System bylaws, which will allow for a wider range of member financial institutions to be eligible to become direct clearers or group clearers, amongst other benefits. These developments will help Canada’s payments systems to be faster, more flexible and more secure. Although Canada’s implementation of payments modernization has been slower than comparable countries, such as Australia and the United States, we expect these initiatives to stay on track to launch in 2021 and 2022.
Consumer-directed finance (open banking)
Open banking is slowly progressing in Canada, as industry stakeholders remain interested in the opportunities available through open banking to develop and offer new products and services and reach new customers. The Canadian government has conducted a review of open banking and in January 2020, published a Report on Open Banking in Canada (the Report). The Report has aptly given open banking the new moniker of “consumer-directed finance,” which better reflects its role in providing consumers more control and protection over their financial data.
The Report sets out the findings and recommendations from stakeholders regarding consumer-directed finance in Canada, including a number of key findings
- privacy and cybersecurity are real concerns and, as such, a robust security framework for open banking must be established to address any data use and privacy concerns
- Canadian consumers want more control over their information, so open banking should allow for more meaningful consent (practices like screen-scraping are questionable)
- open banking drives innovation and growth globally while making Canada more competitive. It should be market led, with support from both federal and provincial governments
- a liability framework should be established to address how different participants would assume liability within an open banking model, rather than financial institutions taking on all the risks
The Report was prepared by the Advisory Committee on Open Banking, a committee appointed by the Minister of Finance. With the Report having been made public, the Advisory Committee was expected to collaborate with the Department of Finance to consider the issues highlighted above. However, in light of the COVID-19 pandemic, additional consultations with stakeholders, originally scheduled for the spring of 2020, were put on hold. Such consultations are expected to resume virtually at the end of November and continue through December 2020.
The Advisory Committee has also recommended that the Department of Finance develop a white paper on a proposed consumer-directed finance framework. There is no set timeline for these next steps, making it difficult to anticipate how these developments may impact Canadians. We expect that with the continued support of stakeholders, the development of an open banking framework will move forward, opening the financial sector up to exciting new developments.
This year has presented some unique challenges. We expect that clients and their customers will continue to feel the impact of the COVID-19 pandemic well into 2021. At the same time, these changes present opportunities to continue to advance the use of technology in Canada. In the future, we expect to see a continued and growing emphasis on technology as a key driver for delivering solutions in both the private and public sectors. As standards and governance models for these technology-focused solutions are deployed more widely, it will be important for stakeholders to be aware of developments in this rapidly changing area.