A much-anticipated bipartisan privacy bill called the American Data Privacy Protection Act (ADPPA) is making progress in Congress. This legislation aims to put certain protections around artificial intelligence (AI) algorithms, data privacy, and data collection. If the ADPPA or similar legislation passes, all Americans will be protected by a single comprehensive privacy law. At the same time, it will greatly impact businesses, especially the mid-market and software-as-a-service (SaaS) startups which may have limited resources to meet compliance.
To understand more about ADPPA and how it will impact businesses in 2023, we sat down with Mike O’Malley, Senior Vice President of Strategy for SenecaGlobal. With over 20 years of cybersecurity, cloud, and SaaS experience, Mike currently works with clients to help improve security solutions and assist with implementing new and innovative security solutions. What is the ADPPA and how will it impact my business?
The ADPPA is a new legislation focused on data privacy that includes regulations for how AI algorithms function. Companies will have to disclose what data they collect, how they intend to use it, and how long they intend to retain it. This bill seeks to provide consumers with data privacy rights and establish a means for ensuring compliance with these rights. One of the bill’s elements focuses on data minimization, meaning that businesses can only collect and use data that is necessary as detailed in the bill.
Although ADPPA may not pass this year, it represents a major shift with lawmakers prioritizing consumer data privacy regulations. If it’s not the ADPPA, there will likely be another piece of legislation around AI privacy that passes soon.
Who will be most affected by this privacy legislation?
Most companies that use AI algorithms will be affected by ADPPA, but the mid-market will likely be most affected. As opposed to larger companies, these businesses typically lack the budget and personnel to maintain comprehensive security practices. As a result, many small and midsized businesses are turning to third parties for guidance to assess how to develop and audit AI algorithms in anticipation of needing to be compliant with data regulations.
How do businesses become compliant? Who will be enforcing compliance?
ADPPA will be enforced by the Federal Trade Commission (FTC). Companies that fail to demonstrate that they’ve done their best to safeguard customer data could face stiff fines and penalties. Businesses will have to prove that their algorithms are safe, non-intrusive, and non-discriminatory and performing as designed. As soon as it becomes law, the FTC will require that businesses submit comprehensive reports demonstrating that AI algorithms work as described. Businesses will also need an auditor to assess these algorithms.