President Biden put pen to paper, enacting a comprehensive executive order that delineates the government’s strategies for overseeing and regulating artificial intelligence. Unveiled on October 30, the legislation tackles pervasive challenges like privacy, bias, and misinformation propagated by the rapidly growing multibillion-dollar AI industry. While the proposed solutions are primarily in the conceptual stage, the Executive Order Fact Sheet from the White House emphasizes the intent of U.S. regulatory bodies to both regulate and harness the diverse array of emerging and redefined technologies falling under the umbrella of “artificial intelligence.”
AI policy is like running a decathlon, where we don’t get to pick and choose which events we do,’ says White House Advisor for AI, Ben Buchanan.
The executive order from the administration specifically aims to set forth fresh benchmarks for the safety and security of AI. Utilizing the Defense Production Act, the directive mandates that companies provide US regulators with access to safety test results and crucial data when developing AI systems that might pose a “serious risk” to national economic, public, and military security. The evaluative framework for such risks and the scale of assessment are yet to be clarified. Nevertheless, compliance with safety standards, soon to be defined by the National Institute of Standards and Technology, is a prerequisite for the public release of any AI programs falling under this category.
Navigating the landscape of AI policy
Ben Buchanan, the White House Senior Advisor for AI, likens AI policy to a decathlon, emphasizing the need to address multiple facets, including safety, security, civil rights, equity, worker and consumer protections, the international dimension, and government use of AI. The executive order’s key actions involve establishing standards for AI safety, security, and trust. Companies are mandated to notify regulators of large-scale AI development and share test results in adherence to these standards before public release, ensuring safety, security, and trustworthiness in AI systems.
Early or Late ?Â
Critics argue that the Biden administration’s executive order on AI comes too late, with some asserting that many existing AI tools are already in violation of the law. Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, contends that severe forms of AI, like facial recognition, should be banned rather than regulated. He views several proposals as mere regulatory theater, allowing potentially abusive AI to persist. Ben Buchanan, White House Senior Advisor for AI, emphasizes ongoing dialogues with companies like OpenAI, Meta, and Google, expecting them to uphold voluntary commitments made earlier.
Long way to Go
President Biden called on Congress to enact bipartisan data privacy legislation, emphasizing the need to protect all Americans, particularly children, from the potential risks associated with AI technology. While certain states like Massachusetts, California, Virginia, and Colorado have introduced or enacted legislation, the U.S. lacks a comprehensive legal framework comparable to the EU’s General Data Protection Regulation (GDPR). Enforced in 2018, the GDPR imposes stringent restrictions on companies’ access to individuals’ private data and imposes substantial fines for non-compliance.
Understanding the EU’s General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) stands as a landmark in the realm of data protection and privacy laws, revolutionizing the way organizations handle personal data. Enforced by the European Union (EU) in May 2018, the GDPR was designed to empower individuals and reshape the landscape of data governance. This article delves into the key aspects of the GDPR, its objectives, and the profound impact it has had on businesses and consumers.
Key Objectives of GDPR | Key Components of GDPR | Impact on Businesses |
1. Empowering Individuals | 1. Lawful Basis for Processing | 1. Global Reach |
2. Enhancing Data Security | 2. Data Subject Rights | 2. Penalties for Non-Compliance |
3. Ensuring Transparency | 3. Data Protection Officer (DPO) | 3. Stricter Consent Requirements |
4. Enforcing Accountability | 4. Breach Notification | 4. Elevated Data Security Standards |
Key Objectives of GDPR:
- Empowering Individuals: GDPR puts individuals in control of their personal data, granting them the right to know how their information is collected, processed, and stored.
- Enhancing Data Security: The regulation imposes stringent requirements on organizations to implement robust data protection measures, ensuring the confidentiality and integrity of personal information.
- Ensuring Transparency: Organizations are obligated to be transparent about their data processing activities, providing clear and easily understandable information to data subjects.
- Enforcing Accountability: GDPR introduces a principle of accountability, requiring organizations to demonstrate compliance with the regulation and take responsibility for their data processing activities.
Key Components of GDPR:
- Lawful Basis for Processing: Organizations must have a lawful basis for processing personal data, and explicit consent from data subjects is one of the lawful grounds.
- Data Subject Rights: GDPR grants individuals several rights, including the right to access, rectify, erase, and object to the processing of their data. Organizations must facilitate the exercise of these rights.
- Data Protection Officer (DPO): Some organizations are required to appoint a Data Protection Officer to ensure compliance with the GDPR. The DPO acts as a point of contact between the organization, data subjects, and supervisory authorities.
- Breach Notification: Organizations are mandated to report data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach, and in some cases, notify affected data subjects.
- Privacy by Design and Default: GDPR promotes the integration of data protection measures into the development of systems, products, and services from the outset (Privacy by Design) and default data protection settings.
Impact on Businesses:
- Global Reach: While GDPR is an EU regulation, its impact extends globally. Organizations outside the EU that process the data of EU residents must comply with GDPR.
- Penalties for Non-Compliance: The regulation introduces severe penalties for non-compliance, with fines reaching up to 4% of the global annual turnover or €20 million, whichever is higher.
- Stricter Consent Requirements: Organizations must obtain clear and unambiguous consent for data processing activities, leading to more informed and consensual relationships with data subjects.
- Elevated Data Security Standards: GDPR mandates the implementation of state-of-the-art data security measures, raising the overall standard for data protection practices.
The EU’s General Data Protection Regulation represents a paradigm shift in data protection, emphasizing transparency, accountability, and individual rights. As businesses navigate the complexities of GDPR compliance, the regulation continues to set a precedent for global data protection standards, fostering a more secure and privacy-conscious digital landscape.