January 27, 2023
Issue 14: The robots are here — do we let them in?
Oh hey! Welcome to The Privacy Beat Newsletter!
Here’s the gist: Come here for insights on the hottest topics in privacy according to our peers’ tweets so you can walk into any happy hour or team meeting and sound like the absolute baller you are. No current topic gets by you. Did you post a hot take you want included? Tag it #PrivacyBeatNews and see if it makes it into the next edition!
AI: Is it really coming for my job?!
AI. It’s the rage. Everyone is very excited and also very panicked. You've seen the clips of the robotic dogs. TERRIFYING! Once again, the technology is ahead of the rules. We must do something! (That's me impersonating all of us.) Rep. Ted Lieu, a Democrat from California, he's not going to take the robot revolution laying down. So he wrote a bill to regulate the technology. Here’s the thing, he used AI chatbot ChatGPT to do it.
To write the bill, according to NBC News, he used the prompt, “You are Congressman Ted Lieu. Write a comprehensive congressional resolution generally expressing support for Congress to focus on AI.” And then it did.
Lieu, who has an extensive tech background, said he is “freaked out by AI, specifically AI that is left unchecked and unregulated.”
Here's how ChatGPT works: You enter a prompt, and ChatGPT can process massive amounts of text like a human would. It’s trained on large amounts of data and can make predictions about which words should be put together to make sense. Open AI released its chatbot in November 2022, and it’s been wreaking havoc ever since.
Amazon reported it experimenting with “interviewing” ChatGPT for a software coding job, and it answered questions correctly. And schools and teachers have reported that since ChatGPT’s launch, cheating is on the rise. Stanford students reported using ChatGPT in their final exams, for example.
In the meantime, a Princeton University student concerned about how many jobs ChatGPT could kill (please not mine?) is working on an app that could detect when ChatGPT is detected.
Privacy pros have been playing with it. Some have created privacy policies – not to use, just for funsies – and others have written poems.
He likes it, he really likes it
Big news this week from the European Data Protection Supervisor on the future of U.S.-EU data sharing. As Vincent Manancourt at Politico reported this week, the EDPB, which advises the EDPB, said the agreement is “‘not the thing that we saw with Safe Harbor,’ nor does it look like Privacy Shield. “This is something new and very promising,” said EDPS Wojciech Wiewiórowski.
Joe Jones, director of research and insights at the IAPP, noted the DPAs must agree on a two-thirds basis, and they’ve got to do it by Feb. 28. The decision will be non-binding, however.
In March 2022, U.S. President Joe Biden and European Commission President Ursula von der Leyen announced the EU-U.S. Data Privacy Framework, which would supplant the now-defunct Privacy Shield. Then, in October 2022, Biden signed an executive order to add additional safeguards to U.S. intelligence activities that would allow the U.S. to meet some of the EU’s demands under the new framework.
Biden’s constraints on intelligence agencies’ data collection include that it’s only done “in pursuit of defined national security objectives” that it’s conducted only when necessary for a “validated intelligence priority,” and it’s done in a “manner proportionate to that priority.”
Biden’s order also established a Data Protection Review Court, which would take cases elevated up from a Civil Liberties Protection Officer, who’ll investigate European complaints about data misuse.
Is Schrems going to swoop in and take the new framework down as soon as it’s officially approved? Yes. Most definitely, according to this writer. He’s already said as much. His beef is with the word “proportionate” (he says that’ll be defined by European standards and not U.S. standards), and he questions the independence of the review court, since it’s established under the executive branch.
But hey, we’ve got hope for now! And isn’t temporary hope about as much as any of us can ask for in these times?
States continue to drop those bills
No sooner had I released a podcast on all of these state privacy laws dropping than had five waltzed on stage. It’s impossible to keep up! Recently, I chatted with Keir Lamont, director of U.S. legislation at FPF, and David Stauss, an attorney at Husch Blackwell, about the trends they’re seeing in the new bills.
Many of the bills are re-introductions from prior legislative sessions. In addition to comprehensive bills, states are introducing sectoral bills as well, aiming to usher in safer practices on highly sensitive data, including health, children, and biometrics.
As Stauss said in our chat, the conversation has changed in the U.S. from “Hey, who’s gonna pass a comprehensive privacy bill to who’s gonna pass a comprehensive privacy bill that goes beyond, does more than what we’ve seen today in existing privacy laws.”
For insights from the two people tracking these developments like hounds on a scent, check out this podcast chat.
If you’re keeping track, the list is now at:
Tennessee Information Protection Act (SB 73)
Oklahoma Computer Data Privacy Act (HB 1030)
New Jersey Disclosure and Accountability Transparency Act
Massachusetts Data Privacy Protection Act
Mississippi Consumer Data Privacy Act (SB 2080)
New resource for ya
How to (actually) do privacy by design: Webinar
We’ve heard about privacy by design for years. But how do you actually do it? What does privacy by design mean in practice? I recently recorded this interview with Jason Cronk (president of Institute of Operational Privacy Design), Chris Handman (TerraTrue COO), and Anthony Prestia (TerraTrue Head of Privacy).