Representatives from big tech companies had a clear message for U.S. policymakers: If they want to regulate AI, they need to implement an overarching federal data privacy law.
Data privacy protections are a dominant component when considering what should be included in AI regulation, said David McIntyre, vice president of marketing for Perceive, an AI startup. McIntyre spoke on a panel about AI policy during CES 2024.
While the European Union and other countries have adopted data privacy laws, the U.S. has yet to adopt a federal data privacy law. As a result, at least 12 U.S. states have adopted comprehensive data privacy legislation as of Nov. 2023. Others have passed narrower laws, leading to a regulatory patchwork for companies to adhere to -- something business leaders fear could affect how AI is regulated.
"Privacy is completely intermingled with this AI discussion," McIntyre said. "It's really important that those two are kept as a matched pair."
Danyelle Solomon, senior director of U.S. AI policy at Microsoft, agreed and called on policymakers to act.
"We in the U.S. could really use a federal data privacy law," Solomon said during the panel discussion. "Our hope is federal lawmakers will take the opportunity to do that."
Patchwork data privacy laws a challenge for businesses
The U.S. needs alignment on not just data privacy but AI regulation as well, said Addie Cooke, global cloud AI policy lead at Google. She pointed to the data privacy jumble as a warning.
"We've seen states say, 'Congress, if you're not going to act, we're going to pass a privacy law,' and we get the patchwork," she said during the AI policy panel. "So it's just another reason to think about a national privacy law. We don't want to do [a patchwork] for AI too."
McIntyre said the patchwork of regulation becomes an "incredibly large burden" for SMBs that don't have the same resources or legal teams as their enterprise counterparts.
"The more we can make it consistent, the more accessible the market becomes to smaller and smaller companies," he said.
Melanie Tiano, director of federal regulatory affairs at T-Mobile, said during a data privacy panel that the company is tracking more than 30 data privacy-related bills throughout multiple states. While not all the bills offer comprehensive privacy legislation, they do present a challenge for even large companies to keep up with.
If the policymakers move on a federal data privacy law, Tiano said making sure the U.S. data privacy law supersedes any state law will be necessary to create consistency for U.S. business compliance strategies.
"It's easier for businesses to comply fully with the laws when you have one law that you know what is expected," she said during the panel discussion. "Without preemption, a federal law would just add to [the burden]."
Protecting small businesses from stringent regulation
One positive aspect of seeing multiple U.S. states pass their own data privacy laws has been learning about different types of data privacy models and finding the right balance between compliance certainty for businesses and consumer protection, said Simone Hall Wood, privacy and public policy manager at Meta.
"You see things like organizational accountability and strong individual rights as common themes that are quite important that I think should probably be a part of any data protection framework," she said during a data privacy panel at CES 2024.
Tim KurthChief counsel, House Subcommittee on Innovation, Data and Commerce
Last year, the U.S. House Committee on Energy and Commerce voted to pass data privacy legislation, which advanced further than any previous data privacy legislation in the U.S. but failed to make it to the House floor for a final vote. However, the committee plans to continue working on a federal data privacy law in 2024, said Tim Kurth, chief counsel for the House Subcommittee on Innovation, Data and Commerce, during the data privacy panel.
Kurth said Congress has learned from existing data privacy models, including the EU's GDPR and data privacy laws in California.
However, the model for a federal data privacy law would likely look different to protect from some of the harms those data privacy regulations have caused small businesses, he said.
"The numbers out of the EU and GDPR really hurt startups, really hurt innovation," Kurth said. "California too, by their own economic reporting, there's a huge burden to small businesses and others. We want to see all these companies flourish, not just these big guys."
Makenzie Holland is a news writer covering big tech and federal regulation. Prior to joining TechTarget Editorial, she was a general reporter for the Wilmington StarNews and a crime and education reporter at the Wabash Plain Dealer.