How to prepare for the AI Bill of Rights
Organizations need to prepare now for the new regulations and frameworks that will be coming in the next several months from efforts like the AI Bill of Rights.
Late last year, President Biden announced a plan to double down on data privacy by controlling the use of technology by creating a Blueprint for an AI Bill of Rights. Specifically, the effort focused on Artificial Intelligence (AI) and Automation and included technology like sensors, RFID tags, computer vision, and associated solutions.
The AI Bill of Rights provides some guidelines and helps frame what the US government deems to be a responsible and ethical use of consumer rights, privacy, and protections technology. Currently, this is an opt-in program where the government only provides recommendations and support, and there are no penalties for non-compliance. As time progresses and the Blueprint moves from guideline to regulation, we will likely see significant penalties for infractions like those for General Data Protection Regulation (GDPR) or California’s Consumer Privacy Act (CCPA). The current guidelines are relatively straight forward and look very similar (at an initial glance) to those protections offered under other national data privacy legislation – specifically GDPR. Regulations like GDPR afford a safe and effective way to reasonably protect personal information and can provide other means to protect the population, remove bias, and give more control to the individual over their personally identifiable information. However, organizations will still need to strike some sort of balance between the pressure to monetize consumer data while protecting the individual.
An organization’s approach to data protection often depends on the value it assigns to short-term profits versus longer-term loyalty. A company focused on short-term profits may be tempted to extract and sell as much personal data as customers will tolerate by taking the minimum precautions to comply with data privacy regulations. The downside of this strategy is increased risk exposure. A passive data privacy strategy may leave a company vulnerable to breaches and lawsuits — potentially leading to fines, damaged good will, costly redevelopment efforts, and a battered share price. Additionally, business risk losing customers who perceive a cavalier attitude about privacy and feel justified in defecting to a competitor. Organizations that focus on regulation compliance can see competitive advantages such as brand loyalty. From an economic perspective, organizations that decide to become “early adopters” also have the luxury of taking their time to develop an architecture and environment that supports regulatory compliance rather than having to meet a deadline, allowing for a more controlled resource spend.
Organizations stand to gain a competitive advantage by viewing regulations like GDPR as an opportunity rather than a burden. Protecting customers’ personal data helps to build trust and loyalty, ultimately increasing market share and wallet share. Stricter data privacy and protection measures with better standards will help to increase organizational data flow and allow for better cross-organization and regional collaboration and communication. As we look forward to the future, the global partnership on AI that was formed in 2020 between the EU and the USA will continue to provide guidance on Algorithmic discrimination protections, data privacy, etc. The EU AI act is due to be completed in 2024.
Efforts to protect, sustain and enhance trust in AI as a critical corporate asset must focus on ensuring that human interactions (or interference) do not corrupt the integrity of the AI solution(s). Organizational leaders should leverage a holistic approach to AI design that incorporates ethical and behavioral governance as a core component for the AI model design. This approach must be flexible, scalable, and sustainable, as between January 1 and December 31 of 2023, five new data privacy laws will come online in the US. With California, Virginia, Utah, Connecticut, and Colorado all releasing their own data privacy laws, organizations have a huge amount they need to assimilate and act on in order to become compliant and avoid penalties. The new state regulations largely mirror CCPA with common provisions around the right to access and delete personal information and to opt out of the sale of this data.
Trust, once lost, is extremely hard to restore. This applies to most things in our lives, from the products and services we buy and consume to the vehicles we drive and the prescriptions we rely upon in our daily lives. It is essential to always adapt the AI solutions we design and deliver to effectively counter the constantly changing ways that those who are not driven by ethical standards may try to advance their own gain at the expense of another. Organizations need to prepare now for the new regulations and frameworks that will be coming in the next several months. Now is the time to align yourself with a partner that understands the criticality of AI and has a proven track record of governance to meet the challenges imposed by governmental regulators in the future. We must position commerce to leverage AI, and businesses must understand the governance requirements to take advantage of new markets.