Artificial Intelligence & Machine Learning
,
Governance & Risk Management
,
Legislation & Litigation
House Committee Told to Relaunch Data Privacy Effort Launched Last Year
Congressional regulation of artificial intelligence should begin with a national privacy law, members of a House panel said in a message laced with dark warnings about allowing China to effectively set global expectations for the collection and use of data powering algorithms.
See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations
The U.S. Congress has debated passage of a national privacy law for more than two decades. Late last December, the House Energy and Commerce Committee approved a bipartisan proposal dubbed the American Data Privacy and Protection Act, but the bill had little chance of becoming law, given its timing. Many privacy advocates criticized the proposal, and Senate Democrats and Republicans are not showing signs of achieving consensus.
Congress and industry have since voiced renewed urgency over regulating data collection and use, given tech giants’ race to incorporate generative AI following the splashy late 2022 public debut of OpenAI’s ChatGPT large language model (see: US Lawmakers Warned That AI Needs a ‘Safety Brake’).
“It is critical that America, not China, is the one addressing those challenges, and leading in AI’s development and deployment. The best way to start is by laying the groundwork to protect people’s information with a national data privacy standard,” said Rep. Cathy McMorris Rodgers, the Washington Republican who chairs the House Energy and Commerce Committee. The Subcommittee on Innovation, Data, and Commerce convened a hearing Wednesday on AI regulation.
A “lack of nationwide protections around what data companies can collect, sell, and use to train these AI systems should concern every American,” said committee Ranking Member Frank Pallone. “We cannot continue to allow companies to develop and deploy systems that misuse and leak personal data and exacerbate discrimination,” the New Jersey Democrat said.
Statements from members were echoed by witnesses. The prospect of China’s authoritarian government leaping ahead of the United States to set de facto global standards is a common worry even as some AI experts says that censorship requirements imposed by Beijing hamstring China’s AI development (see: Expert: Keep Calm, Avoid Overhyping China’s AI Capabilities).
“As a democracy, the U.S. has the opportunity to take global leadership for setting the trajectory for innovation that respects privacy, upholds competition and data minimization,” said Amba Kak, executive director of the AI Now Institute, a policy research organization.
Raffi Krikorian, CTO of Emerson Collective and former vice president of engineering at Twitter, told the committee that AI highlights the failure of the dominant “notice and consent” paradigm underlying data collection. Notice and consent requires companies to display a privacy policy and asks users to agree with them, typically withholding access to an online service unless they obtain consent.
“Privacy notices and user consent are failing us,” Krikorian said. Users don’t understand the tradeoffs of voluntarily surrendering their data to social media and other online players. “There needs to be increased incentives for application developers to push the boundaries on explaining to users, upfront, what they are consenting to and how their data will be used.”