Somewhere in Canada right now, a real estate agent may be uploading a client’s purchase agreement and personal identification into an AI tool to save twenty minutes. They likely do not realize they have just exposed themselves — and their brokerage — to potential liability.
That is not a scandal yet. But it could become one.
The compliance conversation in real estate has been slow to catch up to artificial intelligence, and even slower to ask the question that matters: what happens to client data when it passes through these tools, and who is responsible? Most industry discussion about AI focuses on productivity — better listing descriptions, faster market analysis, and easier social media content. Those are useful, but the urgent issue is privacy and the protection of confidential client information.
What fiduciary duty actually requires
When a client signs a representation agreement in Canada, they enter a fiduciary relationship with their agent, not a routine service contract. “Fiduciary” is often used loosely in the industry, so it’s important to be precise: agents owe clients the highest standard of loyalty and care under Canadian law.
A core element of that duty is protecting confidential information. A client’s financial details, motivations, personal circumstances and identity documents are disclosed within a relationship that carries a legal obligation of confidence. That information does not belong to the agent, and it certainly does not belong to a technology platform governed by foreign terms of service.
When an agent uploads client information to a consumer AI tool to process documents or populate records, they transmit confidential data to a system outside the control of the agent and brokerage. Many consumer AI platforms reserve rights over submitted data and may use it for model training depending on settings and plan levels. Most mainstream consumer AI infrastructure was not built with Canadian real estate compliance or privacy requirements in mind. Using those tools for client records could expose agents and brokerages to accusations they failed to adequately protect confidential client information.
The AI companies have already warned against it
Complicating matters, the platforms themselves often draw boundaries around acceptable use.
Anthropic, the company behind Claude, publicly advises users not to use its products to process personal data. Many agents — and some brokerages recommending these tools — may never have read that guidance.
Some argue that local or desktop tools avoid this risk because data never leaves the device. That defense has limits: many plug-and-play AI solutions still rely on cloud processing and third‑party infrastructure, even if they appear integrated into local workflows. The true exception is a fully air-gapped, in-house server running a self-hosted model — which is rare for most brokerages and agents.
Others point to settings that purportedly prevent conversations from being used to train models and assume that solves the problem. It doesn’t. Those settings address post-transmission uses; they do not prevent the initial transmission, storage, or disclosure. Once data reaches the platform’s servers, the control is already diminished.
In February 2026, the U.S. District Court for the Southern District of New York, in United States v. Heppner, found that a user of a publicly available AI platform had no reasonable expectation of confidentiality for attorney-client privilege purposes, citing platform terms and third‑party disclosure structures. While U.S. case law does not bind Canadian courts, the reasoning signals risk for any profession handling confidential client information through consumer AI systems. A session containing a client’s agreement of purchase and sale or identity documents does not necessarily vanish when the agent closes a browser.
A wave of purpose-built tools is coming
Consumer AI platforms are only part of the picture. A more complex issue is the growing suite of tools built on those platforms for real estate professionals — many marketed as compliance-forward solutions.
These tools are appearing quickly. Some are developed and sold by agents or brokerages, concentrating liability in ways many have not yet considered. When a brokerage develops, endorses, or deploys a tool that processes client documents and that tool transmits data contrary to fiduciary obligations, liability does not rest with the agent alone. The brokerage that created, recommended, or profited from the tool may also be exposed.
This is not a critique of a single product but an emerging pattern: a gap between privacy-forward branding and verifiable practice. Public-facing claims are easy to make; published data processing agreements, clear terms of service, and transparent explanations of data flows and retention are harder to find. Agents and brokerages concerned about compliance should demand that level of transparency before uploading any client documents.
Where the law currently leaves us
Canada’s existing federal privacy law, PIPEDA, dates from 2000 and was not designed with modern AI in mind. It addresses digital data generally but does not adequately cover scenarios where personal information is transmitted to large language models operating under foreign terms of service.
Legislation that might have modernized this framework did not survive recent political changes. The Consumer Privacy Protection Act and the Artificial Intelligence and Data Act (AIDA) stalled when Parliament was prorogued in January 2025, and subsequent developments mean AIDA will not return in its original form. There is no clear timeline for new federal rules.
Regulatory bodies such as RECO have not published comprehensive AI governance guidance specific to client data handling, and major Canadian real estate associations have not released detailed industry-wide standards on this issue.
This is not an attack on regulators: lawmaking takes time while technology advances rapidly. But the absence of updated rules does not eliminate liability. Fiduciary duties exist independent of AI-specific legislation, and the obligation to protect client information remains in force regardless of new tools.
What brokerages should do right now
The regulatory vacuum calls for internal policy. Brokerages cannot wait for federal legislation or provincial regulators to set the rules. By the time official guidance arrives, exposure may already exist across hundreds of client files.
Platform terms and security postures change rapidly. A setting that seems protective today may disappear tomorrow, and an agent who uploaded a client’s purchase agreement last month has no control over future changes. That is why a brokerage AI policy is not optional.
An effective brokerage AI policy does not need to be complex. It should address a few essential questions: which tools or AI models are permitted for client representation; which categories of information are strictly prohibited from being entered into external AI systems; and how agents will be trained and audited on the policy.
Those answers determine where liability falls if something goes wrong. Brokerages that have considered and documented these issues are in a defensible position. Those that have not are relying on luck — and luck eventually runs out.
Brokerages that adopt clear AI policies today are fulfilling a long-standing responsibility: setting standards before an incident forces the conversation. The window to act is open now, but it will not remain so indefinitely.