AI and data privacy: What do US President Biden’s Executive Order and the EDPS resolution on generative AI bring to the table?

Artificial intelligence (AI) is at the forefront of the world’s technology evolution and influencing the transformation of the data protection and user privacy landscape. But the application of AI in various industries has also raised important questions about consent and what it means in the context of organizations’ ever-growing need for data, and in increasing applications of AI.

In this article, we delve into the nuances of President Biden’s Executive Order on safer AI and the European Data Protection Supervisor’s (EDPS) General Privacy Agreement (GPA) resolution on generative AI, comparing these two landmark initiatives and their impact on data privacy.

Artificial Intelligence, commonly referred to as AI, is a branch of computer science that simulates human intelligence in machines. These machines are programmed to think like humans and mimic their digital actions and thus be capable of learning, reasoning, problem-solving, perception, and understanding natural language.

AI has immense potential across various industries, from healthcare and education to transportation and entertainment. It can enhance operational efficiency, boost productivity, and drive innovation. AI is steadily becoming an integral part of our everyday life, transforming the way we work, live, and interact.

While AI promises numerous benefits, it also poses significant challenges, particularly in the realm of data privacy. AI systems typically rely on vast amounts of training data to learn and make decisions. To date, much of this data has been found to have been accessed and used without the consent of those who created or published it, raising critical questions about user privacy and data protection.

Consent management is crucial in AI as it enables obtaining and managing user consent for data processing, like in training data sets. Given the scale and complexity of data processed by AI systems, consent management plays a pivotal role in ensuring that user data is handled responsibly and ethically.

Consent management solutions, including privacy policies, also help ensure that users who become data subjects are adequately informed about what data of theirs is to be used if they consent, for what purposes, who will have access to it, and other details required by many global data privacy laws.

In October 2023, President Biden issued an Executive Order aimed at fostering the safe, secure, and reliable development and use of AI in the United States. This initiative emphasizes the crucial role of federal agencies in setting standards, issuing guidance, and monitoring AI use to safeguard business and societal interests.

Although the Executive Order doesn’t directly regulate the private sector, it influences business processes by setting expectations through federal contracts and standards set by agencies like the National Institute of Standards and Technology (NIST). Therefore, the impact of the Executive Order is likely to be significant and far-reaching.

The GPA resolution on generative AI issued by the EDPS aims to uphold data protection principles in the context of AI. It provides comprehensive guidelines for managing risks associated with AI, ensuring that AI technologies are developed and used in a manner that respects user privacy and data protection and does not violate human rights law in any way that is unfair, unethical or discriminatory.

The GPA resolution is instrumental in shaping AI governance by promoting responsible innovation and ensuring the rights of individuals. It calls for a unified, safe, and reliable approach to AI, emphasizing the importance of transparency, accountability, and fairness. It also requires that AI be designed, developed and deployed in ways that are responsible and trustworthy, based on the principles of transparency, data protection, privacy, human control democratic values.

The resolution also mentions that legal principles are the core elements of consideration for the development, operation and deployment of AI systems. These principles are:

1. Must have a legal basis that is lawful in accordance with applicable regulation(s), even if the data is publicly available.
2. Data processing in an AI system shall have a specific, explicit and legitimate purpose.
3. Data minimization requires limiting the collection, sharing, aggregation, retention and further processing of personal data.
4. Data processed must be accurate, reliable and representative.
5. Adequate transparency measures must be implemented to ensure the openness of the generative AI tools.
6. Reasonable and effective security measures must be implemented and maintained.
7. Privacy by design and default requires developers, providers and deployers of AI systems to carefully assess the envisaged processing activities, risks they may pose for the data subjects, possible measures available to ensure compliance with data protection principles and the protection of individual rights.
8. Data subjects must be informed of their rights and how to exercise them.
9. Those building, running, or using output from AI systems shall be responsible for and must be able to demonstrate compliance with applicable national regulations and international agreements.

Both President Biden’s Executive Order and the EDPS’s GPA resolution underscore the need for safe and responsible AI. They emphasize the importance of data protection, user privacy, and consent management, highlighting the role of regulatory authorities in ensuring ethical AI practices.

While both initiatives aim to promote responsible AI, they differ in their approach. President Biden’s Executive Order is more focused on setting guidelines and standards for AI development, while the GPA resolution emphasizes the implementation of data protection principles in AI.

The initiatives by President Biden and the EDPS represent significant advancements in data privacy with regards to AI. They set clear guidelines and standards for AI development and deployment, promoting responsible innovation and safeguarding user privacy.

In the context of AI, consent management platforms play a critical role in helping to ensure data privacy. These platforms help manage user consent for data processing, enabling compliance with data protection regulations and fostering trust with users.

As AI continues to evolve, so does the landscape of data privacy. Future advancements in AI will necessitate further enhancements in data protection and user privacy measures, underscoring the importance of consent management.

Regulatory authorities will play an increasingly crucial role in shaping the future of AI and data privacy. Their guidance and regulations will be instrumental in ensuring that AI technologies are developed and used responsibly and ethically.

President Biden’s Executive Order and the EDPS GPA resolution mark significant milestones in the evolution of AI and data privacy. Both initiatives not only underscore the importance of data protection and user privacy in AI but also highlight the critical role of consent management in ensuring ethical AI practices. As we move forward, these initiatives will continue to shape the landscape of AI and data privacy, promoting responsible innovation and safeguarding user interests.