‘Parker,’ with AI conversations, could save businesses from giant fines imposed by GDPR, PIPEDA legislation
July 4, 2018
A chatbot named Parker will help clients of the global law firm Norton Rose Fulbright navigate new rules around how companies handle their customers’ personal information.
The launch of the bot continues the steady incursion of artificial-intelligence-powered software into the Canadian legal market.
Parker, a computer program that simulates human conversation, will guide clients in determining their exposure and obligations under new data breach laws and new regulations that will come into effect on Nov. 1 under the Personal Information Protection and Electronic Documents Act (PIPEDA).
“Breach reporting requirements already exist in some Canadian jurisdictions, such as in Alberta, and in Ontario with regards to personal health information,” Ryan Berger, the Vancouver-based co-chair of Norton Rose’s data and privacy group, said. “The new PIPEDA breach notification requirements are going to significantly expand the scope of organizations and situations in which breach reporting and notification is made compulsory by legislation.”
Parker was first launched in Australia, and was subsequently modified to answer questions about the new European data protection law, the General Data Protection Regulation (GDPR), which came into effect in May. Parker’s GDPR version is primarily aimed at multinational businesses who need to determine whether and how the new law applies to them.
“Parker is a tool built on the IBM Watson platform that helps organizations understand whether they are subject to certain privacy laws,” Berger said.
Nick Abrahams, global head of technology at Norton Rose, and his Sydney colleague Edward Odendaal developed the first Parker in anticipation of major changes in the Australia data protection notification regime that came into force in late February.
The first 24 hours of Parker’s Australian debut drew more than 1,000 conversations. As of mid-June, the number had grown to 5,976.
“Generally, the average number of messages per conversation varies between four and six questions,” Berger said. “Taking an average of three minutes per conversation, Parker Australia has provided clients and potential clients with just shy of 300 hours of legal information.”
For its part, the GDPR Parker rang up 3,826 conversations in the first six weeks or so after its release. Just how many of the conversations involved Canadian businesses is not known. What is known is that the GDPR has extensive extra-territorial reach that could expose non-compliant Canadian (and other foreign) businesses to fines of up to $30 million.
“Any company, wherever it is in the world, that offers products or services in the EU, whether it has a physical establishment there or not, must comply with the GDPR regarding the processing of personal information,” Chantal Bernier, Canada’s interim privacy commissioner from 2013 to 2014, and now counsel at Dentons Canada LLP, said. “The GDPR also applies to any organization wherever located that monitors the behaviour of EU residents.”
Indeed, even companies that don’t face the EU on the client or customer side may find themselves dealing with the GDPR. “Very locally focused organizations who have service providers from the EU are suddenly being confronted with requests to update agreements or clauses so they comply with the GDPR,” Berger said.
Complying with the GDPR, however, is like shooting at a moving target.
“Not even the European lawyers who are heavily engaged with the regulation know exactly how it will be enforced,” says Éloïse Gratton, a partner in Borden Ladner Gervais LLP’s Montreal and Toronto offices.
Hopefully, programs like Parker will help law firms and their clients with the transition.