Smarter Data Regulation Needed to Prevent Misuse

The American Privacy Rights Act (APRA) is designed to simplify privacy regulations and implement new consumer protections. Nevertheless, this endeavor is expected to encounter the same obstacles that have impeded previous attempts at data regulation. The data's origin and the entity that collects it are frequently the focus of current regulations. For example, the General Data Protection Regulation (GDPR) regulates data pertaining to EU citizens, whereas the Health Insurance Portability and Accountability Act (HIPAA) applies to data collected by healthcare organizations in the United States. This emphasis on the regulation of data as a distinct entity results in both overregulation and underregulation.

The proposed solution is to shift the focus from the data itself to the consequences of its misuse. The EU's AI Act exemplifies this approach by imposing different regulations based on the application of the AI tool. For example, commercial chatbots face less stringent rules compared to AI tools used in critical sectors like defense or healthcare. An AI algorithm evaluating mortgage applications must avoid bias based on factors such as sex, race, or age, not because of AI-specific laws, but due to existing anti-discrimination laws. To protect privacy without stifling innovation, the focus should be on regulating the outcomes we care about, rather than the data itself. This approach promises a more effective and balanced framework for data regulation.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

Read more