20 April 2018

UK Artificial Intelligence

The House of Lords has released a report on artificial intelligence in the UK, titled AI in the UK: Reading, Willing and Able?.

The report features a useful discussion of concerns regarding provision by the  Royal Free London Hospital Trust (ie a NHS unit) of bulk patient data to Alphabet (Google's parent).

The summary states
Our inquiry has concluded that the UK is in a strong position to be among the world leaders in the development of artificial intelligence during the twentyfirst century. Britain contains leading AI companies, a dynamic academic research culture, a vigorous start-up ecosystem and a constellation of legal, ethical, financial and linguistic strengths located in close proximity to each other. Artificial intelligence, handled carefully, could be a great opportunity for the British economy. In addition, AI presents a significant opportunity to solve complex problems and potentially improve productivity, which the UK is right to embrace. Our recommendations are designed to support the Government and the UK in realising the potential of AI for our society and our economy, and to protect society from potential threats and risks.
Artificial intelligence has been developing for years, but it is entering a crucial stage in its development and adoption. The last decade has seen a confluence of factors—in particular, improved techniques such as deep learning, and the growth in available data and computer processing power—enable this technology to be deployed far more extensively. This brings with it a host of opportunities, but also risks and challenges, and how the UK chooses to respond to these, will have widespread implications for many years to come. The Government has already made welcome advances in tackling these challenges, and our conclusions and recommendations are aimed at strengthening and extending this work.
AI is a tool which is already deeply embedded in our lives. The prejudices of the past must not be unwittingly built into automated systems, and such systems must be carefully designed from the beginning. Access to large quantities of data is one of the factors fuelling the current AI boom. We have heard considerable evidence that the ways in which data is gathered and accessed needs to change, so that innovative companies, big and small, as well as academia, have fair and reasonable access to data, while citizens and consumers can protect their privacy and personal agency in this rapidly evolving world.
To do this means not only using established concepts, such as open data and data protection legislation, but also the development of new frameworks and mechanisms, such as data portability and data trusts. Large companies which have control over vast quantities of data must be prevented from becoming overly powerful within this landscape. We call on the Government, with the Competition and Markets Authority, to review proactively the use and potential monopolisation of data by big technology companies operating in the UK.
Companies and organisations need to improve the intelligibility of their AI systems. Without this, regulators may need to step in and prohibit the use of opaque technology in significant and sensitive areas of life and society. To ensure that our use of AI does not inadvertently prejudice the treatment of particular groups in society, we call for the Government to incentivise the development of new approaches to the auditing of datasets used in AI, and to encourage greater diversity in the training and recruitment of AI specialists.
The UK currently enjoys a position as one of the best countries in the world in which to develop artificial intelligence, but this should not be taken for granted. We recommend the creation of a growth fund for UK SMEs working with AI to help them scale their businesses; a PhD matching scheme with the costs shared between the private sector; and the standardisation of mechanisms for spinning out AI start-ups from the excellent research being done within UK universities. We also recognise the importance of overseas workers to the UK’s AI success, and recommend an increase in visas for those with valuable skills in AI-related areas. We are also clear that the UK needs to look beyond the current dataintensive focus on deep learning, and ensure that investment is made in less researched areas of AI in order to maintain innovation.
Many of the hopes and the fears presently associated with AI are out of kilter with reality. While we have discussed the possibilities of a world without work, and the prospects of superintelligent machines which far surpass our own cognitive abilities, we believe the real opportunities and risks of AI are of a far more mundane, yet still pressing, nature. The public and policymakers alike have a responsibility to understand the capabilities and limitations of this technology as it becomes an increasing part of our daily lives. This will require an awareness of when and where this technology is being deployed. We recommend that industry, via the AI Council, establish a voluntary mechanism to inform consumers when artificial intelligence is being used to make significant or sensitive decisions.
AI will have significant implications for the ways in which society lives and works. AI may accelerate the digital disruption in the jobs market. Many jobs will be enhanced by AI, many will disappear and many new, as yet unknown jobs, will be created. A significant Government investment in skills and training is imperative if this disruption is to be navigated successfully and to the benefit of the working population and national productivity growth. This growth is not guaranteed: more work needs to be done to consider how AI can be used to raise productivity, and it should not be viewed as a general panacea for the UK’s wider economic issues.
As AI decreases demand for some jobs but creates demand for others, retraining will become a lifelong necessity and pilot initiatives, like the Government’s National Retraining Scheme, could become a vital part of our economy. This will need to be developed in partnership with industry, and lessons must be learned from the apprenticeships scheme. At earlier stages of education, children need to be adequately prepared for working with, and using, AI. For a proportion, this will mean a thorough education in AI-related subjects, requiring adequate resourcing of the computing curriculum and support for teachers. For all children, the basic knowledge and understanding necessary to navigate an AIdriven world will be essential. In particular, we recommend that the ethical design and use of technology becomes an integral part of the curriculum.
In order to encourage adoption across the UK, the public sector should use targeted procurement to provide a boost to AI development and deployment In particular, given the impressive advances of AI in healthcare, and its potential, we considered the health sector as a case study. The NHS should look to capitalise on AI for the public good, and we outline steps to overcome the barriers and mitigate the risks around widespread use of this technology in medicine.
Within the optimism about the potential of AI to benefit the UK, we received evidence of some distinct areas of uncertainty. There is no consensus regarding the adequacy of existing legislation should AI systems malfunction, underperform or otherwise make erroneous decisions which cause harm. We ask the Law Commission to provide clarity. We also urge AI researchers and developers to be alive to the potential ethical implications of their work and the risk of their work being used for malicious purposes. We recommend that the bodies providing grants and funding to AI researchers insist that applications for such funding demonstrate an awareness of the implications of their research and how it might be misused. We also recommend that the Cabinet Office’s final Cyber Security & Technology Strategy consider the risks and opportunities of using AI in cybersecurity applications, and conduct further research as how to protect datasets from any attempts at data sabotage.
The UK must seek to actively shape AI’s development and utilisation, or risk passively acquiescing to its many likely consequences. There is already a welcome and lively debate between the Government, industry and the research community about how best to achieve this. But for the time being, there is still a lack of clarity as to how AI can best be used to benefit individuals and society. We propose five principles that could become the basis for a shared ethical AI framework. While AI-specific regulation is not appropriate at this stage, such a framework provides clarity in the short term, and could underpin regulation, should it prove to be necessary, in the future. Existing regulators are best placed to regulate AI in their respective sectors. They must be provided with adequate resources and powers to do so.
By establishing these principles, the UK can lead by example in the international community. There is an opportunity for the UK to shape the development and use of AI worldwide, and we recommend that the Government work with Government-sponsored AI organisations in other leading AI countries to convene a global summit to establish international norms for the design, development, regulation and deployment of artificial intelligence.

18 April 2018

Reforming auDA and the dot au ccTLD

As a member of several auDA working parties in a past life I expressed concerns regarding regulatory capture. Those substantive nature of those concerns is evident in the Commonwealth government's Review of the .au Domain Administration report released today.

The report states
On 19 October 2017, the Minister for Communications, Senator the Hon Mitch Fifield, announced a review of Australia’s management of the .au domain (the Review). The not-for-profit .au Domain Administration (auDA) oversees the operation and management framework of the .au domain of the internet. auDA is endorsed by the Australian Government as the appropriate entity to administer Australia’s country code Top-Level Domain (ccTLD)—the .au domain—on behalf of Australian internet users.
The digital landscape has changed significantly since auDA was endorsed by the Australian Government in 2000. The internet has become all-pervasive and a critical enabler of the digital economy. The .au namespace plays an important role in supporting the digital economy, allowing entities and organisations to register domain names. As of late September 2017, over 3 million .au domain names had been registered in Australia.
While internet usage continues to grow, the overall communications environment is changing. Australians are accessing the internet in different ways and cyber security threats are increasingly prevalent. Future trends may have an impact on the domain space and it is important Australia has an effective .au administrator that is able to ensure the ongoing availability of .au domains while navigating future uncertainty.
auDA’s governance arrangements have not changed significantly since it was first established, with its structure and approach to governance set at a point in time when the internet and the domain industry was still in its infancy. The Review has found that reforms to auDA’s governance arrangements are necessary if the company is to perform effectively and meet the needs of Australia’s internet community.
In undertaking the Review, the Department has reflected on three principles:
• The Australian Government is committed to strengthening multi-stakeholder mechanisms for internet governance, noting the diversity of auDA’s stakeholders. 
• The .au namespace is a public asset given its increasing importance to the daily lives of Australians and should be governed with community interests in mind. 
• auDA has a monopoly position in administering the .au namespace and should be subject to stringent oversight requirements.
Importantly, the review acknowledges that auDA has overseen a significant ramp up in the number of domain names and has introduced many important policy and security initiatives. auDA has contributed to .au being seen globally as a secure and trusted namespace.
The government's Findings are -
The central finding of the Review is the current management and governance framework for auDA is no longer fit-for-purpose and that reform is necessary if the company is to perform effectively and meet the needs of Australia’s internet community.
In particular, the current membership model, and its relationship to corporate governance, is impeding auDA’s decision making and is contributing to ongoing organisational instability. The membership class structure is not reflective of Australia’s internet community nor auDA’s stakeholders. The current process where the majority of directors are appointed from the membership does not support effective governance outcomes.
Further, directors can be elected to the board with little regard to the skills required to effectively govern a modern domain administrator. Directors are also not required to meet probity, security or conflict of interest checks.
Ultimately, current governance and management framework arrangements are not satisfactory given the importance of the .au namespace to the Australian community. In considering stakeholder feedback and better practice guidelines, the Review identifies a range of reforms to improve stakeholder engagement, transparency and accountability, and mechanisms to promote trust and confidence in the .au domain name.
The Review considers that significant and urgent reforms are necessary to ensure that the .au namespace is administered in line with community and the Australian Government’s expectations.
To achieve this, the Review has made recommendations focusing on:
• clarifying the role of the .au domain administrator to ensure its activities are aligned with its responsibilities 
• reforming the management framework to support improved transparency, consultation and accountability by providing greater guidance on performance and reporting requirements 
• supporting effective stakeholder engagement and better representation of the Australian internet community, by acknowledging the .au DNS as a public asset and the multi-stakeholder approach to internet governance 
• outlining the role and expectations of the Australian Government 
• fostering greater trust and confidence in the .au namespace by enhancing security best practice and coordination of DNS administration.
... Reforming auDA will be a substantial process. Changes to its governance and membership arrangements involves significant constitutional reform, which requires the support of the membership base. The extent to which the membership supports reform is unclear.
The Review proposes two options to implement recommendations. The first option would see the Minister for Communications issuing revised terms of endorsement to auDA supported by an implementation plan with clearly identified milestones for reform. This plan would see a clear pathway for reform in place by three months, significant progress by 12 months, and the full reform package implemented within 24 months.
Alternatively, the Government could consider issuing an expression of interest to assess whether an alternative provider is able to perform the .au domain administration function in line with the revised terms of endorsement. This option may identify a viable alternative provider for the administration of the .au namespace mitigating the risk that constitutional reform of auDA cannot be achieved.
The stability, resilience and security of the .au namespace is paramount to the Government. The review recommends that auDA be given the opportunity to conduct the necessary reforms. However, the Government is committed to implementation of timely reform and will take action to ensure that Australia’s domain name is administered effectively and in the interest of all Australians. This includes transitioning the delegation for management of .au to another provider if auDA is unable to achieve necessary outcomes.
On that basis the report features the following recommendations
Purpose of the .au domain administrator
1. While auDA has an ongoing role in the security and stability of the .au space including as part of the critical infrastructure sector, this should not in the foreseeable future alter auDA’s role and purpose. 
2. That auDA continue to operate as a not-for-profit entity and does not seek to maximise profit. 
3. Consideration of commercial strategies relevant to the sustainability of the domain administrator should not detract from the domain administrator’s core function as described in the terms of endorsement and core purpose.
Management framework
4. That auDA provide an annual Strategic Plan covering at least a four-year-period and with the Strategic Plan reflecting company purpose and terms of endorsement. The auDA Board and management should present progress against the organisation’s purpose and its strategic objectives at auDA’s Annual General Meeting and in its Annual Report. 
5. That auDA develop a KPI framework to: a. measure its performance against its stated objectives in its terms of endorsement b. report against in its Annual Report and at its Annual General Meeting. 
6. As part of its Strategic Plan, that auDA outline how it intends to discharge its functions as a not-for-profit company and report on its effectiveness in its Annual Report and at its Annual General Meeting.
Transparency and consultation
7. That auDA reform its governance arrangements to ensure: 
a. that the nomination of all Board positions is undertaken by a Nomination Committee comprised of representatives from industry, the business sector, consumers, an auDA member representative, and the Commonwealth, represented by the Department
i. in establishing the Nomination Committee, the auDA Board will undertake a consultative merit-based process to identify members, with a Department representative as a panellist, and the Department to select the committee members from this process 
ii. the Nomination Committee will undertake probity and disclosure assessments and develop a skills matrix to ensure new directors have an appropriate mix of technical and corporate skills and industry experience 
iii. the Nomination Committee will shortlist: member candidates to stand for election by members; and independent candidates to stand for election by the Board 
iv. however, the first Board, following the reform of auDA’s governance arrangements will be selected according to the skills mix identified by the Nomination Committee with shortlisted nominees agreed with the Department 
b. length of terms directors can serve is capped at three years with directors appointed for no more than two consecutive terms 
c. the Board is structured so that the majority of the Board is independent of auDA’s membership 
d. that within 12 months the Board is reconstituted to ensure all appointments meet this criteria.
8. That auDA establish a Board Charter:
a. to set out the respective roles and responsibilities of the Board, Chair and CEO 
b. to set out the basis for appointment of the Chair 
c. that requires the Board to report on an annual basis to stakeholders publicly on its performance against this charter. 
9. That auDA:
a. formalise its transparency and accountability framework, consistent with recommendations in the Westlake review 
b. report annually on its performance against the framework in its Annual Report and at its Annual General Meeting.
Membership
10. That auDA reforms its existing membership model by creating a single member class or a functional constituency model and that membership reform is non-discriminatory and supported with transparent membership guidelines. 
11. That auDA diversify its member base in the short-term with a focus on extending membership to stakeholders that are underrepresented. 
12. That auDA report annually on its initiatives for growing its membership, and their effectiveness at diversifying the membership in its Annual Report and at its Annual General Meeting. 
13. That auDA review its assessment process for new members, in conjunction with the implementation of Recommendations 10, 11 and 12. 
Expectations and role of the Government 
14. That the Minister for Communications issue new terms of endorsement, setting out the Government’s expectations for .au domain administration and that auDA respond by publishing a statement on how it will deliver on these expectations. 
15. That the Government review these terms of endorsement within two years from when they are issued to ensure they remain fit-for-purpose, with reviews scheduled every three years going forward. 
16. That the Department of Communications and the Arts adopts a more formal oversight role of auDA, including that:
a. auDA report quarterly to the Department on its implementation of reforms, work agenda and key work priorities 
b. the Department conducts independent verification of some or all of auDA’s reporting provided through its Annual Report, including those requirements identified as part of the review 
c. a senior executive officer from the Department continue as a non-voting observer at auDA Board meetings and is present for all decisions taken by the Board. 
17. That the oversight role of the Department of Communications and the Arts is reviewed periodically by Government to ensure it is fit-for-purpose. 
Stakeholder engagement 
18. That auDA develops a public stakeholder engagement strategy and implementation plan to articulate how it will engage with stakeholders in all levels of operation and decision making. 
19. Through its Annual Report and at its Annual General Meeting, auDA should report on its performance against its stakeholder engagement strategy. 
20. That auDA publish conclusions from its review on its community activities and publish an implementation plan on future community activities. 
21. That auDA continue to engage with ICANN and other international bodies to represent Australian interests. 
22. That auDA’s stakeholder engagement strategy (Recommendation 18) include ICANN and other relevant international fora and bodies. 
23. As part of its Strategic Plan (Recommendation 4), auDA publishes a forward-looking international travel schedule and describes in its Annual Report the effectiveness of its international activity.
Trust and confidence in .au
24. As part of its international engagement (Recommendations 21, 22 and 23), auDA engage with key international security fora including ICANN’s Security and Stability Advisory Committee to ensure that it is kept updated on international security developments. 
25. That auDA develop and implements an enterprise security strategy based on domestic and international best practice in consultation with all relevant stakeholders. 
26. That auDA publishes a public facing version of its enterprise security strategy, having regard to relevant sensitivities. 
27. As part of its stakeholder engagement plan (Recommendation 18), that auDA maps its relationship with Australian Government security agencies and the internet industry and community on security of the .au namespace. 
28. That the Department of Communications and the Arts facilitate partnerships between auDA and relevant cyber security agencies. 
29. As part of its quarterly reports to Government (Recommendation 16) that auDA report on its security activities.
The report identifies  new terms of endorsement
Preamble
Australia’s country-code Top Level Domain (ccTLD) is an important resource, given the growing reliance of Australians on the .au namespace for economic and social activities. Noting there is a diversity of stakeholders in this namespace, the management of the .au domain must support multi-stakeholder engagement and be administered in the public interest. Responsibility for the administration of .au is ultimately derived from, and is subject to, the authority of the Commonwealth. The Australian Government can delegate the responsibility for managing the .au namespace to an appropriate entity or organisation. However, endorsement from Government is contingent on the entity satisfying a number of conditions. The Government provides the following terms of endorsement to auDA, as the .au domain administrator.
Core functions
The .au domain administrator will undertake the following core functions: • ensure stable, secure and reliable operation of the .au domain space • respond quickly to matters that compromise DNS security • promote principles of competition, fair trading and consumer protection • operate as a fully self-funding and not-for-profit organisation • actively participate in national and international technical and policy namespace fora to ensure that Australia’s interests are represented and to identify trends and developments relevant to the administration of the .au namespace • establish appropriate dispute resolution mechanisms.
Emerging domain issues such as commercial opportunities should not detract from the domain administrator performing its core functions.
Conditional requirements
In undertaking these functions, the .au domain administrator will uphold the following requirements and conditions: Effective governance arrangements for the .au namespace Good governance practices provide the foundation for the effective management of the .au ccTLD. The .au domain administrator must implement a governance structure that supports effective decision-making and represents the interests of stakeholders in a transparent and accountable manner.
Conditions:
That the .au domain administrator has:
• a governance structure which includes the following characteristics: 
• an independent process that can provide assurances of the suitability of candidates considered for board appointments, such as a Nomination Committee 
• a board that has the collective mix of technical and corporate skills, and industry experience, to effectively administer the .au namespace 
• a board that appoints a majority of directors who are independent of the organisation, including the Chair 
• appointment terms that support ongoing board renewal 
• a Board Charter that outlines the roles and responsibilities of the board, Chair and CEO and the basis for appointment of the Chair.
Facilitate effective stakeholder engagement
Noting that the .au namespace has a diversity of stakeholders, the .au domain administrator must engage and consult widely to ensure it can effectively represent the views of its stakeholders.
Conditions: 
That the .au domain administrator:
• consults with stakeholders on deliberations and decisions that will impact on the Australian internet community 
• develop a comprehensive stakeholder engagement plan, including how it will engage with key stakeholders such as industry, members of the community, Government and relevant international bodies and organisations  
• consistent with this stakeholder engagement plan, participate in international fora and relevant community activities 
• has a clearly defined membership structure that can represent the views of the Australian internet community 
• initiate activities that engage the internet community and support the diversification of its member base 
• establish an effective process for assessing and processing new members.
Support accountability and transparency
In managing a public asset, the .au domain administrator will be accountable to its stakeholders, including the Australian Government. Improved transparency and accountability is necessary to provide the assurance that the .au namespace is being managed consistent with Government and community expectations.
Conditions:
That the .au domain administrator has:
• an annual strategic plan that reflects these Terms of Endorsement and the company’s purpose with reference to how it will discharge its functions as a not-for-profit entity 
• a transparency and accountability framework 
• an effective reporting framework which would include reporting through its Annual Report and at its Annual General Meeting on performance against: 
• these terms of endorsement, supported by a key performance indicator framework • board performance against its charter 
• its strategic plan • the transparency and accountability framework 
• stakeholder engagement activities including international and community activities and initiatives that aim to expand the member base.
Engagement with the Australian Government
In providing its endorsement for an entity to administer what is a public asset, the Government has a strong interest in the management of Australia’s ccTLD. 
Conditions: 
That the .au domain administrator:
• provide quarterly updates on performance and work priorities to the Department 
• acknowledge that the Government reserves the right to independently review auDA’s reporting and reporting processes at any time 
• ensure that a senior officer from the Department is included in all relevant auDA governance processes, including, but not limited to, non-voting observer status at board meetings for all decisions 
• develop a strategy to enable an orderly transition to an alternative domain administrator in the event that endorsement is withdrawn by the Government.
Support trust and confidence in .au
Confidence in the .au namespace will be critical to the growth of Australia’s economy. In addition to the Department of Communications and the Arts, there are a number of other Australian Government agencies that have a role in supporting the security and stability of .au.
Conditions:
That the .au domain administrator:
• engage with key international security fora to ensure it is aware of international security developments and best practice 
• develop, maintain and, to the greatest extent possible, publish an enterprise security strategy which is informed by domestic and international best practice 
• work with the Department of Communications and the Arts to facilitate partnerships between auDA and relevant cyber security agencies
Commencement of these terms of endorsement
In agreeing to the terms of endorsement, the .au domain administrator is required to respond in writing within three months, providing an implementation plan on how it will meet these terms. The Australian Government will conduct a review within two years to assess the performance of the .au domain administrator and consider whether these terms of endorsement remain fit-for-purpose.

17 April 2018

Big Data and Canadian Privacy

The Use of Big Data Analytics by the IRS: What Tax Practitioners Need to Know' by Kimberly Houser and Debra Sanders in (2018) 128(2) Journal of Taxation comments
With the budget reductions and losses in staff over the past several years, the IRS has been forced to do more with less. In turn, the IRS has turned to big data analytics make up for its loss of personal and the impact of the budget reductions. In 2011, the IRS created the Office of Compliance Analytics in order to create analytics programs that could identify potential refund fraud, detect taxpayer identity theft, and become more efficient in handling noncompliance issues. The IRS uses a wide range of analytic methods to mine public and commercial data including social media sites such as Twitter, Facebook, and Instagram. The data collected from this mining is combined with IRS’s own proprietary information and analyzed using pattern recognition algorithms, which help to identify potential noncompliant taxpayers. The current ability to continuous monitor financial and personal behavior facilitates the building of exhaustive histories of individuals. Knowing that the IRS is utilizing public internet data from websites such as Facebook, taxpayers should consider that their posts could impact their probability of audit.
‘Data Science, Data Crime and the Law’ by Maria Grazia Porcedda and David S. Wall in Research Handbook on Data Science and Law (Edward Elgar, 2018) comments
This chapter explores the relationship between data science, data crimes and the law. It illustrates how big data is responsible for big data crimes, but that data science and law could mutually help each other by identifying the ethical and legal devices necessary to enable big data analytic techniques to identify the key stages at which data crimes take place and also prevent them. The first part looks at the strengths and weaknesses of data science (big data analytics). The second part explores the data crimes created by Big Data to understand their risks, threats, and harms. The third part discusses the opportunities and limitations of the use of data science in surveillance and criminal prosecution to consider whether the predictive (anticipatory) qualities of Big Data analytics could be applied to identify Big Data Crime.
In Canada the House of Commons Standing Committee on Access to Information, Privacy and Ethics report Towards Privacy By Design: Review of the Personal Information Protection and Electronic Documents Act is now available.

The report states that on 1 November 2016, the Committee
adopted a motion to undertake the review of the Personal Information Protection and Electronic Documents Act (PIPEDA).  The Committee began its review on 14 February 2017, and held 16 public meetings. It heard from a total of 68 witnesses and received 12 written submissions. In addition, the Committee considered the study on consent carried out by the Office of the Privacy Commissioner of Canada (OPC). The OPC’s findings and recommendations are found in its 2016–17 annual report.  The Committee also considered a draft OPC position on online reputation released on 26 January 2018.  The Privacy Commissioner of  Canada, Daniel Therrien, appeared at the beginning of the study, on 16 February 2017, as well as at the very end, on 1 February 2018. 
In a brief submitted to the Committee on 2 December 2016, Commissioner Therrien proposed the following four areas of focus for the Committee’s study of PIPEDA:4
1) meaningful consent; 
2) reputation and respect for privacy; 
3) the Commissioner’s enforcement powers; 
4) the adequacy of PIPEDA vis-à-vis the European Union’s (EU) General Data Protection Regulation (GDPR), which will come into effect in May 2018.
This report provides an overview of PIPEDA, addresses each area of focus proposed by the Commissioner and makes recommendations to the Government of Canada. It also includes a report on the Committee’s mission to Washington, D.C., from 2 to 4 October 2017.
The 108 page report features the following recommendations
1  the principle of consent: 
That consent remain the core element of the privacy regime, but that it be enhanced and clarified by additional means, when possible or necessary. 
2  opt-in consent by default: 
That the Government of Canada propose amendments to the Personal Information Protection and Electronic Documents Act to explicitly provide for opt-in consent as the default for any use of personal information for secondary purposes, and with a view to implementing a default opt-in system regardless of purpose. 
3  algorithmic transparency: 
That the Government of Canada consider implementing measures to improve algorithmic transparency. 
4  the revocation of consent: 
That the Government of Canada study the issue of revocation of consent in order to clarify the form of revocation required and its legal and practical implications. 
5  the Regulations Specifying Publicly Available Information: 
That the Government of Canada modernize the Regulations Specifying Publicly Available Information in order to take into account situations in which individuals post personal information on a public website and in order to make the Regulations technology-neutral. 
6  legitimate business interests: 
That the Government of Canada consider amending the Personal Information Protection and Electronic Documents Act in order to clarify the terms under which personal information can be used to satisfy legitimate business interests. 
7  depersonalized data: 
That the Government of Canada examine the best ways of protecting depersonalized data... 
8  financial crimes: 
a) That paragraph 7(3)(d.2) of the Personal Information Protection and Electronic Documents Act be amended to replace the term “fraud” with “financial crime.” 
b) That the definition of “financial crime” in the Act include:
  • fraud; 
  • criminal activity and any predicate offence related to money laundering and terrorist financing; 
  • all criminal offences committed against financial service providers, their customers or their employees; 
  • the contravention of laws of foreign jurisdictions, including those relating to money laundering and terrorist financing.
9  specific rules of consent for minors: 
That the Government of Canada consider implementing specific rules of consent for minors, as well as regulations governing the collection, use and disclosure of minors’ personal information.. 
10  data portability: 
That the Government of Canada amend the Personal Information Protection and Electronic Documents Act to provide for a right to data portability. 
11  the right to erasure: 
That the Government of Canada consider including in the Personal Information Protection and Electronic Documents Act a framework for a right to erasure based on the model developed by the European Union that would, at a minimum, include a right for young people to have information posted online either by themselves or through an organization taken down.
12  the right to de-indexing: 
That the Government of Canada consider including a framework for the right to de-indexing in the Personal Information Protection and Electronic Documents Act and that this right be expressly recognized in the case of personal information posted online by individuals when they were minors. 
13  the destruction of personal information: 
That the Government of Canada consider amending the Personal Information Protection and Electronic Documents Act to strengthen and clarify organizations’ obligations with respect to the destruction of personal information.. 
14  privacy by design: 
That the Personal Information Protection and Electronic Documents Act be amended to make privacy by design a central principle and to include the seven foundational principles of this concept, where possible. 
15  the Privacy Commissioner’s enforcement powers: 
That the Personal Information Protection and Electronic Documents Act be amended to give the Privacy Commissioner enforcement powers, including the power to make orders and impose fines for non-compliance. 
16  the Privacy Commissioner’s audit powers: 
That the Personal Information Protection and Electronic Documents Act be amended to give the Privacy Commissioner broad audit powers, including the ability to choose which complaints to investigate.  
17  the criteria to determine the adequacy status of the Personal Information Protection and Electronic Documents Act under the General Data Protection Regulation: 
That the Government of Canada work with its European Union counterparts to determine what would constitute adequacy status for the Personal Information Protection and Electronic Documents Act in the context of the new General Data Protection Regulation. 
18  legislative amendments required to maintain the adequacy status: 
a) That the Government of Canada determine what, if any, changes to the Personal Information Protection and Electronic Documents Act will be required in order to maintain its adequacy status under the General Data Protection Regulation; and 
b) That, if it is determined that the changes required to maintain adequacy status are not in the Canadian interest, the Government of Canada create mechanisms to allow for the seamless transfer of data between Canada and the European Union. 
19  the collaboration with provinces and territories: 
That the Government of Canada work with the provinces and territories to make sure that all relevant jurisdictions are aware of what would be required for adequacy status to be granted by the European Union. xxx

Plagiarism

The New York Times features an article on controversy about potential expulsion of Eric K. Noji from the US National Academy of Medicine.
 Here is how Dr. Noji’s work is described on one of his LinkedIn pages: “So much has been said and written about the life and work of Eric Noji, a story so mythic in its epic sweep and inspirational in its chronology of service and unrelenting self-sacrifice on behalf of those who suffer that it is difficult to summarize.” Dr. Noji also, until recently, listed impressive honors: the Ordre des Palmes Academiques, presented by President Hollande of France; nomination to the Royal College of Physicians of London; the Antarctica Medal of Honor for Scientific Exploration; and an M.B.A. from Stanford. 
But the French never bestowed that award on Dr. Noji. The Royal College didn’t nominate him. There is no such prize as the Antarctica Medal of Honor for Scientific Exploration. Stanford Business School says it has no record of his existence. And some of his papers plus a book chapter were copied from former colleagues at the Centers for Disease Control and Prevention and the Agency for International Development, according to a complaint filed with the academy by Dr. Arthur Kellermann, dean of the nation’s military medical school. 
It's an echo of inventions such as that noted here, here and here ... and the debunking of CV creativity involving IT executive Jeff Papows
So he's not an orphan, his parents are alive and well. 
He wasn't a Marine Corps captain, he was a lieutenant. 
He didn't save a buddy by throwing a live grenade out of a trench. 
He didn't burst an eardrum when ejecting from a Phantom F4, which didn't crash, not killing his co-pilot. 
He's not a tae kwon do black belt, and he doesn't have a PhD from Pepperdine University.