BellData Intelligence
Newsroom/Legal
Legal3d ago

Canada’s Bill C-36 tackles AI privacy. Is it enough?

Bell summary

Canada has introduced Bill C-36, its first major private-sector privacy overhaul in over 25 years, aiming to strengthen protections for children's data and enhance transparency in automated decision-making. Experts argue the legislation may not adequately address emerging risks posed by AI systems' ability to infer sensitive information from indirect data sources.

The full story

Canada is advancing privacy legislation through Bill C-36, the Protecting Privacy and Consumer Data Act, announced in June as a comprehensive revision of private-sector privacy rules. The bill formally recognizes privacy as a fundamental right and introduces several protective measures, including enhanced safeguards for children's personal information, expanded deletion rights, and mandatory transparency requirements for systems that make significant automated decisions affecting individuals.

The legislative push follows heightened public concern about artificial intelligence following incidents such as the February shooting in Tumbler Ridge, British Columbia, which raised questions about AI chatbot safety and technology company accountability. The shooting suspect allegedly used ChatGPT before the attack, prompting victims' families to pursue legal action against OpenAI, alleging the company's safety team identified violent prompts without alerting law enforcement. British Columbia has also announced preparations for legal action against the AI company.

Canada's Minister of AI and Digital Innovation, Evan Solomon, stated that the government aims to protect citizens online while enabling them to benefit from emerging technologies. He emphasized that Bill C-36 establishes a framework for responsible use of de-identified data, incorporating safeguards designed to reduce re-identification risks while supporting research, accountability and innovation.

However, legal experts contend that the legislation may not adequately address fundamental shifts in how AI systems create privacy risks. According to Ignacio Cofone, professor of law and regulation of AI at the University of Oxford, traditional privacy frameworks assume danger originates from data companies directly collect. Modern AI systems, by contrast, pose risks through inferences drawn from indirect sources—shopping patterns, browsing history, location data and online activity—enabling algorithms to make accurate predictions about health, finances and behaviour without requiring individuals to voluntarily disclose sensitive information.

Mentioned in this story
OpenAI

Bell tracks these organizations in depth — profiles, people, signals, and history. See them inside Bell →

Written by Bell Data Intelligence · based on reporting by Al Jazeera.Read the original ↗
Data you can defend

Provenance on every fact. Sovereign-grade by design.

191,000+
Qatari companies
76,000+
actively trading
All
decision-makers