Global DPA conference in Bermuda debates AI harms and regulation

The Global Privacy Assembly (GPA) which convenes this week in Bermuda debated yesterday what privacy regulation is supposed to achieve for AI and how to avoid AI harms.

US Federal Trade Commissioner, Rebecca Slaughter, said that the existing privacy laws apply in the context of AI, as also stated recently by the G7. AI is new but some of the problems that is creates are not new, she said.

While the US has been waiting for decades to see whether a federal level privacy law will emerge, the FTC can use its powers on AI in the context of regulating unfair deceptive practices.

She said that the FTC is very focused on moving away from a consent only approach in today’s data drive world. She stressed accountability and said that some of the recent FTC orders require organisations to post a data retention schedule publicly, and destroy an algorithm model in addition to the data.

“We may need new laws. But we will not avoid doing the work while we wait for [a federal privacy] law to be passed.”

John Edwards, UK Information Commissioner, said AI technologies enter a marketplace that is already regulated for data protection. Fairness, transparency and explainability already form part of legal frameworks that can be deployed.

Edwards explained the ICO’s work in this area, including issuing guidance such as an AI risk toolkit. The new innovation advice service will address companies’ queries in 10 working days. In addition, the ICO runs a Regulatory Sandbox.

There is no excuse for not considering the harms and risks of these technologies. We are now moving on to enforcement, and have recently issued a preliminary enforcement notice on Snap regarding its AI chatbot, he said.

“We have had failures in regulating social media. So we have learned from that in the UK and formed a Digital Regulation Cooperation Forum. We can thus give coordinated views with other regulators, and are next forming a multiagency sandbox service.”

Bringing together more than 130 data protection and privacy regulators worldwide, the Global Privacy Assembly (GPA) is a forum that seeks to provide leadership in data protection and privacy.

The conference continues today in Bermuda. See the agenda.

PL&B moderated a session on Caribbean privacy laws, the opening session of the conference.