AI Legal Guide

01 PURPOSE

Generative Artificial Intelligence (AI) is transforming industries. AI offers opportunities to streamline processes, generate content, and enhance user experiences. However, it also introduces risks related to regulation, privacy, and ethics. This guide provides a framework for responsible AI use.

This guide serves as your go-to resource for what to do, what to avoid, and what to consider when using AI. It provides:

Best Practices: Do’s and don’ts for common AI use cases.
Legal Guidance: A summary of the current Canadian and international regulatory landscape.
Risk Awareness: Understanding the potential costs and implications of Non-Compliance.
Practical Tools: Suggested language to address client questions and resources for ongoing monitoring.

_{*By adhering to this guidance, KU ensures that AI tools are deployed in an ethical, legal, and transparent manner. Thereby protecting the company and its clients.*}

02 CANADIAN LAWS

PRIVACY REGULATIONS

TL;DR: Always ensure AI use respects consent, limits data collection, and safeguards personal information to comply with PIPEDA, OPC guidance, and emerging AI regulations.

In Ontario, the use of AI may be subject to active privacy regulation. The Personal Information Protection and Electronic Documents Act (PIPEDA) regulates the collection, use, and disclosure of personal information in the course of commercial activities. PIPEDA applies to the use of AI in communications that involve personal information. PIPEDA violations also extend to AI systems that misuse or improperly collect personal information from customers.

The following are the main privacy concerns caught by PIPEDA, specific to the use of AI systems:

Is any personal information being collected, used or processed?

Is the personal information being collected for purposes that a reasonable person would consider appropriate in the circumstances?

Has meaningful consent been obtained from concerned individuals?

How long will personal information be retained and in what manner, given inputs may be used to train the AI system?

Does the individual have the ability to opt out or use an alternative system or process?

The Office of the Privacy Commissioner of Canada (OPC) introduced a comprehensive set of principles aimed at guiding the responsible development and use of generative artificial intelligence (AI) technologies. Below is what they mean for you:

OPC AI Principles	Legal Term	TL;DR, Guidance
Legal Authority & Consent	Collect and use personal information lawfully, with informed consent.	When using real people’s likenesses (photos, videos, voices), obtain signed consent before creating or publishing content.
Appropriate Purposes	Use AI for purposes that a reasonable person would consider appropriate.	Do not use AI to misrepresent people, exploit sensitive personal data, or create misleading endorsements. Stick to marketing purposes that the audience expects.
Necessity & Proportionality	Limit use to what’s necessary and proportionate.	Don’t collect or store more client data than you need. Example: if only a headshot is needed, don’t keep other personal details.
Transparency	Provide clear information about AI use.	Disclose when AI-generated content is used, especially if it could be mistaken for real.
Accountability	Governance structures must ensure compliance.	Keep records of client approvals, consent forms, and decisions regarding AI usage. One must be able to prove compliance if challenged.
Fairness & Equity	Prevent AI from reinforcing bias.	Review ads for discriminatory outputs before launch.
Security	Safeguard personal information.	Store consents securely, avoid uploading sensitive data into unapproved AI tools. Breaches can lead to liability and reputational damage.
Individual Rights	Respect rights of access and correction.	Be prepared to delete or correct data if requested by clients or consumers.