The European Union is arguably a world leader when it comes to privacy regulation, thanks to the General Data Protection Regulation (DGPR) and other initiatives like the Data Act or the European Governance Data Act. In artificial intelligence (AI), despite falling behind the two superpowers, China and the United States, the EU is designing a comprehensive regulatory framework on AI.
The United States doesn’t have yet federal laws in privacy and AI — most of the existing legislation is at state level — but in the last months, there have been several legislative and regulatory developments in these areas that suggest federal legislation may not be far away.
Artificial Intelligence
The different AI legislative initiatives in the U.S. seek to address the development and use of AI systems, in particular risks related to algorithmic bias and discrimination.
On May 12, Senator Michael Bennet introduced the Digital Platform Commission Act of 2022 (S. 4201), which would create a new federal agency, the Federal Digital Platform Commission, in charge of developing regulations for online platforms that facilitate interactions between consumers, as well as between consumers and entities offering goods and services.
Interestingly, the bill, in addition to regulating platforms, requires online platforms’ algorithms to be “fair, transparent and without harmful, abusive, anticompetitive or deceptive bias.”
Read more: Bill Would Create New US Big Tech Regulator
Another bill that may regulate companies’ algorithms is the bipartisan American Data Privacy and Protection Act (H.R. 8152), introduced by a group of lawmakers led by Representative Frank Pallone. As the name rightly suggests, this bill regulates mostly privacy and data, but it would also require large data holders to conduct “algorithmic impact assessments” on algorithms that may cause potential harm to an individual. The bill doesn’t prohibit the use of AI or algorithms, but it seeks to impose some obligations on companies to share information about how their algorithms work — and if they may cause any harm, how they are planning to mitigate the risk to individuals.
Federal regulators are also active in AI regulation. Last month, in June, the Federal Trade Commission (FTC) sent a report to Congress warning about the use of AI tools to combat online harm. The FTC has also previously warned of the potential biases associated with AI, and the regulator is exploring new rules for this sector. The National Institute of Standards and Technology (NIST) has also released several reports on this space. The first one provides guidance for managing risks in the design, development, use and evaluation of AI systems. The second aims to provide guidance to mitigate harmful bias in AI systems.
See also: Commerce Department’s NIST Unit Seeks Comment on Draft AI Rules for Finance Sector
Privacy Data
After years of political stalemate over federal privacy legislation, Republicans and Democrats reached an agreement to introduce legislation in this space. The American Data Privacy and Protection Act was introduced on June 23, and it represents the most comprehensive legislation yet at federal level to regulate privacy.
The bill would regulate entities that collect, process and transfer data, and they would only be able to conduct these activities “to what is reasonably necessary and proportionate.” The bill would also prohibit the collection and processing of certain particularly sensitive data, except for some cases. Consumers would also have rights of access, deletion, correction and portability of their data.
Despite the bipartisan agreement, several hurdles remain for this bill to become law, like deciding whether individuals could sue companies for data violations. But one thing seems clear: the U.S. is closer to having federal legislation on privacy and AI.
Read more: Data Privacy Bill Passes US House Panel
For all PYMNTS TechREG coverage, subscribe to the daily TechREG Newsletter.