Why AI regulation will look like privacy regulation

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

You are a walking repository of data. Outside of your residence or vehicle, walking down a street, shopping in a store, or visiting any type of public event or meeting, you potentially lose your privacy and cross the line between the status of private person and that of a virtual public figure. You may be filmed or photographed, your image may be transported to a storage silo anywhere in the world, your voice may be recorded, and your appearance in public view may be noted. This is the world we live in in 2022.

When you go online to make a purchase, it opens a whole new door to more of your personally identifiable information (PII). You will invariably voluntarily offer strangers your name, address, phone number, email address, and possibly more detailed information about yourself. Apparently, this data remains private between you and the provider. “Apparently” is the key word here, however; you never really know how much of your PII remains legitimately private.

Anything above can become data and be on your file somewhere in the world, whether you like it or not. Severely exaggerated assessment? Maybe, but it's up to you to find out and act accordingly.

According to the US Department of Labor (DoL), companies may retain personal information about their employees, customers, students, patients, or other individuals, depending on the industry. PII is defined as information that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, phone number, email address, etc.). It can also mean information by which an agency intends to identify specific individuals with other data elements, such as a combination of gender, race, date of birth, geographic indicator and location. 'other descriptors.

MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Whether you want these PII to be in the hands (or databases) of many third parties is largely, but not entirely, your own decision. The DoL specifically says: "It is the responsibility of the individual user to protect the data to which they have access."

People have long been uncomfortable with how companies can track their movements online, often collecting credit card numbers, addresses and other critical information. They found it frightening to be tracked around the web by advertisements that had clearly been triggered by their online searches, leading them to constantly worry about identity theft and fraud. It's a direct result of getting PII into the hands of companies that want to profit from your travels on the web.

These concerns have led to regulations in the United States and Europe guaranteeing internet users some level of control over their personal data and images; the most important is the European Union's General Data Protection Regulation (GDPR) of 2018. Of course, these measures have not ended the debate on the use of personal data by companies; they are only a starting point for deeper and more specific laws.

A great example is the California Consumer Privacy Act, a data privacy law (enacted in 2020) that grants privacy rights to California residents, giving them options about how their personal information can be used. There's also California's Automated Decisions Systems Accountability Act (still in the legislative process...