In most instances, the entities developing and using AI are also subject to the relevant data protection laws since the vast amounts of data ingested by the AI models often contains personal information.
Some of the common obligations under the data protection laws that may be applicable to entities dealing with AI systems include privacy notice to the consumers, lawful basis of processing personal data, data subject rights, personal data breach notification, cross-border data transfer requirements, etc.
Recently, at multiple instances, the data protection authorities have taken enforcement actions against companies developing and using AI in violation of data protection laws. Following are some of the recent enforcement actions:
In the United States, through a lawsuit brought by the American Civil Liberties Union (ACLU) under the Illinois’s Biometric Information Privacy Act (BIPA), Clearview AI consented to stop selling its AI facial recognition algorithm system in the United States to most businesses and private firms across the U.S. The company also agreed to stop offering free trial accounts to individual police officers, which had allowed them to run searches outside of police departments’ purview.
Although it is important to keep abreast of the AI-specific laws and regulations, the businesses must also ensure compliance with the applicable requirements under existing legal frameworks. Businesses may be subject to various sector-specific laws and regulations while developing and deploying AI and AI-enabled technologies.
For example, a business operating in the US and developing/ deploying AI solutions must ensure the AI solution is not unfair or deceptive to the consumers within the meaning of Section 5 of the Federal Trade Commission Act (FTC Act). As identified above while discussing the US’s AI regulatory approach, the FTC has released specific guidelines for businesses on how their development and use of AI can be unfair and deceptive under the FTC Act. Likewise, businesses operating in specific sectors e.g., healthcare, financial services, education, etc. might be subject to obligations under different sector-specific laws and regulations both at federal and state levels.
In another example, in the AIDA Companion document, the Government of Canada identified a number of existing laws that apply to the use of AI in Canada, including the following:
Therefore, while it is imperative for the businesses to remain vigilant and up-to-date on the new AI laws and regulations, they must also maintain compliance with existing legal frameworks while developing and using AI.
[email protected]
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128