The European Union and the United States are taking too very different approaches to regulating Artificial Intelligence, with the EU considering the AI Act while the US enforces existing laws and moves to simultaneously advance dedicated AI regulation.
Here are some key details:
Federal Trade Commission (FTC)
- Has been enforcing, (Everalbum and the recent Amazon cases) with fines, required deletion and disgorgement of data.
- Per Federal Trade Commission commissioner Alvaro Bedoya: “Machine learning is no excuse to break the law. The data you use to improve your algorithms must be lawfully collected and … retained.”
- Joint statement on AI reiterated dedication to enforce.
- Statement of biometrics and AI reiterated enforcement of misleading statements re reliability /efficacy; required disclosures; evaluation of downstream vendors; training & monitoring.
- No surreptitious and unexpected collection or use of biometric information (nod to the AI Act FR bans?).
Consumer Financial Protection Bureau (CFPB)
- Reiterated that federal consumer financial laws and adverse action requirements apply regardless of the technology being used and that you can’t hide behind an excuse of complexity. You are accountable for your tech.
- Issued sweep regarding background checks (and AI use) in tenant background screening
Department of Justice (DOJ)
- Indicated that it will take action when AI is used for discrimination (e.g. in the context of Fair Housing)
Equal Employment Opportunity Commission (EEOC)
- Reiterated in Title VII guidance that employers are responsible for AI tools that discriminate. They must vet the vendors and test the tool (whether use of the procedure causes a selection rate for individuals in the group that is “substantially” less than the selection rate for individuals in another group).
- Monitoring on an ongoing basis is required
White House AI Bill of Rights
- Proactive protective design
- Protection from algorithmic discrimination
- No dark patterns and meaningful disclosure
- Heightened oversight for surveillance tech
New York Automated Employment Decision Tools (AEDT)
- Regulates automated decision making tools in hiring and employment
- Requires a third party bias audit with prescriptive regulations
- Requires detailed disclosure and data retention limitation
CA, CO and (Almost) All New State Privacy Laws
- Address profiling and automated decision making, requiring an assessment/opt out.
- Require a Data protection impact assessment (DPIA) for uses of sensitive information like biometrics, geolocation and certain types of profiling. That is all prevalent with AI.
General Data Protection Regulation (GDPR)
- Third-party bias audit + public disclosure + ongoing monitoring
- DPIA
- Detailed privacy disclosure
- Data retention policy
- Opt-out of automated decision making/human intervention