web analytics

Experts: Federal Privacy Law Needed to Curb AI Data Misuse – Source: www.databreachtoday.com

experts:-federal-privacy-law-needed-to-curb-ai-data-misuse-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Artificial Intelligence & Machine Learning
,
Governance & Risk Management
,
Legislation & Litigation

New Bill Would Create Data Minimization Measures, Express Permission Requirements

Chris Riotta (@chrisriotta) •
July 11, 2024    

Experts: Federal Privacy Law Needed to Curb AI Data Misuse
Panelists: Ryan Calo, professor and co-director, University of Washington Tech Policy Lab; Amba Kak, co-executive director, AI Now Institute; Udbhav Tiwari, director of global product policy, Mozilla; Morgan Reed, president, The App Association

The continued lack of a comprehensive federal privacy law in the United States is allowing major technology and artificial intelligence firms to surveil and hyper-target the American public, experts testified Thursday.

See Also: Cyber Insurance Assessment Readiness Checklist

At least 140 countries around the world have some form of a national privacy law, according to Udbhav Tiwari, director of global product policy for Mozilla, who told the Senate Commerce Committee the current patchwork of state laws leads to regulatory inconsistencies and economic disadvantages for U.S. businesses.

Congress has tried – and failed – to pass a federal data privacy bill for years, even decades. Other countries, including the European Union and Canada, have established safeguards and protective measures to prevent leading tech companies – such as Microsoft, Google and Meta – from harvesting user data to train large-language learning models (see: Europe Reaches Deal on AI Act, Marking a Regulatory First).

“Now is the moment when passing such a law actually matters – before the trajectory has been set,” Amba Kak, co-executive director of the AI Now Institute, told lawmakers. “Data privacy regulation is AI regulation, and provides many of the tools that we need to protect the public from harm.”

Under a strong data privacy act, Kak said, companies operating in the U.S. would be required to determine whether the utility of new AI components outweighs the potential for harm. She said Microsoft was recently forced to backtrack its rollout of a new AI feature dubbed Recall, which provides automatic screenshot retrieval, due to concerns that hackers could steal sensitive information (see: Microsoft’s Recall Stokes Security and Privacy Concerns).

AI “fuels an insatiable demand for consumer data” while allowing companies and governments “to derive intimate details about people from widely available information,” said Ryan Calo, professor and co-director of the University of Washington Tech Policy Lab.

“American society can no longer afford to sacrifice consumer privacy on the altar of innovation,” he said.

Witnesses recommended a range of specific measures that could be included in a national privacy bill, including transparency mandates and data minimization rules that Kak said would put “reason in place of recklessness.” The U.S. currently lacks any federal law preventing companies from using data without notifying users to train large language models, while the EU’s General Data Protection Regulation and other countries’ data protection laws, such as Canada’s Personal Information Protection and Electronic Documents Act and Brazil’s General Data Protection Law, require explicit user consent.

“We’ve come so close, so many times, and yet we’ve never made it just quite across the finish line,” said Sen. Jerry Moran, R-Kan., said about congressional attempts to pass both data privacy and comprehensive federal privacy legislation. “The problems and challenges with our lack of success continue to mount.”

Sen. Maria Cantwell, D-Wash., who chairs the Senate Commerce Committee, unveiled the American Privacy Rights Act earlier this year alongside U.S. Rep. Cathy McMorris Rodgers, R-Wash. The bill includes data minimization policies that restrict what companies can collect, keep and use about users. It also allows for stricter protections for sensitive data by requiring express consent for third-party transfers and requires companies to allow users to access, correct, delete and export their data.

The bill includes significant discrimination protections while allowing users to opt out of a company’s use of algorithms to make decisions about credit, housing and employment opportunities, among other civil rights measures. Cantwell said Thursday the legislation would prevent private data from being bought or sold without approval and ensure companies “implement these laws and help stop this kind of interference.”

The panelists acknowledged that the U.S. has managed to supersede other countries in its development of AI technologies thanks in part to underregulation, but they warned that the lack of stringent data privacy laws could lead to significant issues around privacy violations and diminished public trust.

Morgan Reed, president of the application industry group The App Association, said the U.S. economy could fare better on the global stage “if Congress were to enact a strong, preemptive federal privacy framework that bolsters trust in cutting-edge AI tools while curbing mismanagement of personal data.”

“The privacy risks AI poses are outgrowths of existing privacy issues,” Reed said. “With AI, these same challenges emerge, but on a larger scale and with greater intensity on the foreseeability factor.”

Original Post url: https://www.databreachtoday.com/experts-federal-privacy-law-needed-to-curb-ai-data-misuse-a-25751

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate