Privacy and AI law haven’t been sitting still; there have been many new developments. Recently I had a discussion with Jodi Daniels (Red Clover Advisors) about what has been happening.
Here is an excerpt from the interview. Click here to view the full discussion.
DS: This year has been a very interesting year in privacy and AI law. A lot is going on, but in a way it kind of feels also that not a lot has happened as much as it has in previous years. If you had to sum up this year, how would you characterize all that’s going on in privacy law?
JD: Well, in our pre-show, it’s a good thing no one listened to me at the beginning of the year from a gambling point of view because I thought we were going to get to about 25 state laws and we didn’t. What happened is a lot of states were kind of waiting to see what was going to happen. We have a few that were introduced. Where I think we are is the states that passed a privacy law have gone deep. They’ve gone into enforcement. We have coalitions and consortiums amongst the states to really collaborate. There’s also been a focus on amendments: “I have a law—what did we miss the first time around?” Let’s go a little deeper, maybe add kids’ data, clarify health, add some rules and regulations. Globally, there have been other laws introduced, but sort of with the same theme—trying to look at what we already have and where we can clarify, especially now that GDPR has been around for seven years. So that’s like first or second grade of where we are. That’s how I’d summarize it—we’re amending what we already have and building on that foundation. Especially in the United States, we’re really collaborating amongst the different states.
DS: I think that for a lot of companies, they were hoping that the federal government would come through and pass a federal privacy law to address some of the patchwork problems. I was always skeptical of that. I always thought that getting Congress to do anything is hard enough, let alone something complex. Now it seems that’s a far-off hope—Congress can’t even do basic things. So, I think that’s very unlikely to happen. Is there anything on a more subject-specific level happening federally with certain types of data like neural data or children’s data? Do you think there’s a possibility when Congress ever gets started again?
JD: I share your sentiment. I’ve never believed a thoughtful, meaningful federal law was likely. I’ve always considered it a political dart—it might happen if there’s enough political power on either side to make it work. Some people have introduced privacy
laws time and time again, and while there’s momentum, I still see it as a dart. Maybe it will happen someday.
Where I do see commonality is with kids’ data. We’ve seen talk of “COPPA 2.0,” and several introductions around protecting children’s data. I always joke, “Don’t mess with grandma, don’t mess with kids.” Health is another one. If I were to predict, it would start with kids, then maybe updates to health data, because what we had from HIPAA so long ago isn’t aligned with how health data is used, shared, and sold today. Those would be the two areas I’d watch. I’m not sure it will get as specific as neural data; that might be part of a push to expand health coverage more broadly, but it’ll likely start with kids.
Click here to watch the entire interview.
* * * *
Professor Daniel J. Solove is a law professor at George Washington University Law School. Through his company, TeachPrivacy, he has created the largest library of computer-based privacy and data security training, with more than 180 courses.
Subscribe to Solove’s Free Substack
A supplement to Solove’s regular newsletter with more in-depth discussions
