PYMNTS-MonitorEdge-May-2024

US Must Learn From Europe in Privacy, AI Regulation, Says Policy Expert

The rise of digital technologies has improved the world in untold ways. But there has been at least one casualty: privacy.

For Americans, it’s especially troubling given the lack of protection. Only three states — California, Colorado and Virginia — have adopted comprehensive consumer data privacy laws, according to the National Conference of State Legislatures.

Each statute provides the right to access and delete personal information, and opt out of the sale of personal information. In addition, it requires eCommerce websites to post a privacy policy that describes what kind of personal information is collected, what is shared, and how consumers can amend erroneous material.

In an interview with PYMNTS, Marc Rotenberg, president and founder of the Center for AI and Digital Policy, the Washington, D.C.-based nonprofit whose mission is to ensure that artificial intelligence (AI) and digital policies promote a better society, said there are widespread concerns in the United States about the misuse of personal data. As a result, he said, it is costing consumers and businesses.

“We have a lot of work to do,” he said.  “Unlike almost every modern nation in the world, the U.S. does not have a comprehensive federal privacy law. We don’t even have a privacy agency.”

While a few states have made privacy laws a priority and the Federal Trade Commission (FTC) has broad authority to protect consumers’ interests, Rotenberg said a patchwork approach won’t work.

“Like all quilts, some have holes, and some have weak threads,” he said. “A privacy law is very important, not only for consumers, but for businesses to help establish, trust and confidence in new online services.”

The need for federal action is clear, he said, because the U.S. has high levels of identity theft and data breaches. There are nationwide concerns about the misuse of personal data and economic costs on American consumers and businesses.

“I believe that privacy’s important because it’s a fundamental right,” Rotenberg said.

On combatting identity theft, Rotenberg said companies have incentives to protect their customer’s data.

“Companies are aware of facing legal risk, whether it’s a federal privacy law or a lawsuit that could be brought by customers or a client,” he said. “It would be a good practice for us to have strong privacy protection.”

One solution, Rotenberg said, is for lawmakers to craft legislation that models the General Data Protection Regulation (GDPR), the European Union’s data protection and privacy regulation.

“The GDPR is actually a good framework,” he said. “It’s been enormously influential. Many U.S. companies simply comply with it because they have customers in Europe and by complying, they satisfy the privacy requirements of Europe.”

There are GDPR-like laws in Brazil, Singapore, Saudi Arabia, and China, he added. But the measure is not without flaws.

“People have raised concerns about enforcement and applicability,” he said. “But I would like to see a law similar to the GDPR in the U.S.”

On AI, Rotenberg said his advocacy group is keeping an eye on the European Commission’s Artificial Intelligence Act proposal. It has been described as the world’s first comprehensive attempt to regulate AI. Proponents say it checks all the boxes and addresses key concerns such as data-driven or algorithmic social scoring, remote biometric identification, and the use of the technology in law enforcement, education and employment.

“Europeans are proud of the GDPR and proud of the influence it has had and hope that the AI act will have a similar influence,” he said.

The U.S. could learn much from Europe, which represents a prosperous market of 500 million consumers who can exert a great deal of influence on the regulatory landscape and on business practices through their ability to legislate, Rotenberg said.

“I think what Europe is doing is smart,” he said. “Some critics have said Europe needs to innovate and compete, which is true. But if Europe is able to accomplish both of these goals, to establish the regulatory baseline for AI, as it has for the GDPR and simultaneously promote innovation and competition … then I think Europe will continue to be a contender in the AI field.”

While there have been a variety of AI legislative proposals introduced by lawmakers, Congress has not embraced a sweeping approach to its regulation.

When it comes to the future of AI regulation in the U.S., Rotenberg said it is possible the FTC will issue rules on AI discriminatory practices.

Last spring, the agency’s Bureau of Consumer Protection’s blog signaled the department may be poised to act. It said advances in AI technology promise to revolutionize the approach to medicine, finance, business operations, media, and more. But research has highlighted how the supposed neutral tech can produce troubling outcomes including discrimination.

“I don’t know if we will get comprehensive legislation from Congress, but I think you will see actions by the various federal agencies,” Rotenberg said.

 

Sign up here for daily updates on the legal, policy and regulatory issues shaping the future of the connected economy.

PYMNTS-MonitorEdge-May-2024