Congress should take up legislation on both privacy and artificial intelligence (AI), BSA | The Software Alliance CEO Victoria Espinel told House lawmakers during the first in a planned series of hearings focused on AI.
Taking substantial action on both issues is necessary and would help to promote trust and technological adoption, Espinel told members of the House Energy and Commerce Subcommittee on Innovation, Data, and Commerce in a hearing Wednesday on Capitol Hill. The Energy and Commerce Committee announced a plan to hold a series of AI briefings this fall.
“The United States needs both a comprehensive federal privacy law and a federal law that creates new rules for companies developing and using high-risk AI systems,” Espinel said in her opening statement to the committee. “Action on both priorities will help promote the responsible use of digital tools, and protect how consumers’ data is used.”
Focus on Roles and Responsibilities
The hearing was the first in an AI-focused series, but the seventh hearing to discuss privacy this year, with lawmakers continuing to weigh updating a bipartisan comprehensive privacy bill that overwhelmingly passed the Energy and Commerce Committee last Congress. As Congress considers the next steps on both privacy and AI, Espinel urged the Committee to calibrate regulations to companies’ unique roles, distinguishing between obligations for controllers and processors of data in the privacy space, and between developers and deployers of high-risk AI systems.
“In privacy, there is widespread recognition that laws must distinguish between companies that decide how and why to process a consumer’s data and the service providers that handle data on behalf of other businesses,” Espinel told the committee. “In AI, there is a similar dynamic. Some companies develop AI, some companies deploy AI. Our companies do both – and both need to have obligations. This Committee recognized the importance of these distinctions as you advanced privacy legislation last year, and we look forward to continuing to work with you.”
The controller-processor and developer-deployer distinctions have been a cornerstone of BSA’s advocacy on privacy and AI issues before Congress, US state legislatures, and other world governments and global policymaking institutions. Read more about company-specific obligations in BSA’s Controllers and Processors: A Longstanding Distinction in Privacy and AI Developers and Deployers: An Important Distinction.
Focus AI Benefits
Several committee members highlighted the tremendous potential of AI for industries like construction and healthcare, as well as the broader economy. Espinel echoed the sentiment that setting thoughtful rules for high-risk AI systems and consumer data will help to promote the benefits of technology and advance the digital transformation of the US economy.
“I agree with what I think is your premise: that passing AI legislation will help increase adoption,” Espinel said about passing privacy and AI legislation. “I think it will help increase trust in technology and increase adoption of AI in ways that will be beneficial to our society.”
Outlook for AI and Privacy
The hearing was led by Subcommittee Chair Gus Bilirakis (R-FL) and Ranking Member Jan Schakowsky (D-IL) with strong participation from subcommittee members and members of the full committee, including Chair Cathy McMorris Rodgers (R-WA) and Ranking Member Frank Pallone (D- NJ). There was widespread engagement among committee members and multiple suggestions that the American Data Privacy Protection Act the Committee passed last year will be updated and reintroduced.
“As AI becomes more powerful, privacy protections become more important,” Espinel said in response to a question about the importance of data protection legislation. “That makes the need for federal privacy legislation even more urgent. But I would also say we need legislation on high-risk uses of AI.”
The hearing also covered topics including data security, discrimination and bias, and high-risk uses of AI. Espinel addressed these and other issues throughout her testimony and in her written comments filed with the committee. Espinel testified earlier this fall before a key Senate Commerce subcommittee as legislators in that chamber consider their own approach to AI.
During a time of focus on both AI and privacy, the testimony reinforced BSA’s voice as a leader in enterprise software policy when policymakers are focusing on drafting legislation that bolsters innovation. Ahead of Wednesday’s hearing, Espinel published a letter to the editor in Financial Times advocating for laws that require companies to actively mitigate risk at every step in the development of an AI system.
Watch the full testimony below.
