September 28, 2022

Volume XII, Number 271

Advertisement

September 28, 2022

Subscribe to Latest Legal News and Analysis

September 27, 2022

Subscribe to Latest Legal News and Analysis

September 26, 2022

Subscribe to Latest Legal News and Analysis

NIST Publishes AI Risk Management Framework and Updates on Bias in AI

Advancements in artificial intelligence (AI) have led to a wide range of innovations in many aspects of our society and economy, including in a wide range of industry verticals such as healthcare, transportation, and cybersecurity. Recognizing that there are limitations and risks that must be addressed, AI has garnered the attention of regulators and legislators worldwide.

In 2020, Congress directed the National Institute of Standards and Technology (NIST) to develop an AI Risk Management Framework with the public and private sectors.  Last week, pursuant to its mandate, and following initial requests for information and workshops on AI it held in 2021, NIST released two documents relating to its broader efforts on AI. First, it published an initial draft of the AI Risk Management Framework on March 17. Public comments on the framework are open through April 29. In addition, the agency is holding a public workshop March 29-31.  Second, it updated a special publication, Towards a Standard for Identifying and Managing Bias in Artificial Intelligence. While it is unclear whether NIST’s efforts will lead to a broader consensus or federal legislation on AI, the Federal Trade Commission (FTC) and state legislatures are already focused on it in the immediate term.

As we have previously reported here on CPW, the FTC is focused on AI and has indicated consideration of promulgating AI-related regulations.  Though statements by Commissioner Wilson seem to have casted doubt on the Commission’s likelihood of issuing AI-focused regulations in the first half of this year, its recent settlement in the Weight Watchers case reinforces the agency’s commitment to consumer privacy and related issues and the effects that AI has on them.

AI and State Privacy Laws

AI is also a focus at the state level as well. Starting in 2023, AI, profiling, and other forms of automated decision-making will become regulated under the broad and sweeping privacy laws in California, Virginia, and Colorado, providing corresponding rights for consumers to opt-out of certain processing of their personal information by AI and similar processes.  We can expect to see AI and profiling concepts fleshed out substantially in regulations promulgated pursuant to the California Privacy Rights Act (CPRA). As of now, the CPRA is very light on details regarding profiling and AI, but seemingly will require businesses, in response to consumer requests to know/access “to include meaningful information about the logic involved in such decision-making processes” – in other words, information about the algorithms used in AI and automated decision-making. For now, we can expect to see regulations issued pursuant to the Colorado Privacy Act as well (in Virginia, it’s less clear as the Attorney General was not given rulemaking authority). Organizations should understand the requirements as to AI, profiling, and automated decision-making in these quickly approaching privacy regimes, and continue to pay attention as rulemaking in California and Colorado progresses.

© Copyright 2022 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 80
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kyle R. Fath Cybersecurity Attorney Squire Patton Boggs New York Los Angeles
Of Counsel

Kyle Fath is counsel in the Data Privacy & Cybersecurity Practice. He offers clients a unique blend of deep experience in counselling companies through compliance with data privacy laws, drafting and negotiating technology agreements, and advising on the privacy, IT, and IP implications of mergers & acquisitions and other corporate transactions. His practice has a particular focus on the the ingestion and sharing of data by way of strategic data transactions, data brokers, and vendor relationships, the implications of digital advertising (as companies look toward...

212-872-9863
Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...

216-479-8070
Advertisement
Advertisement
Advertisement