AI deciders targeted for regulation in California
California regulators have published draft rules for automated decision making.
Broad and sweeping guidelines would govern consumer access and opt-out rights regarding use of the algorithms by businesses collecting personally identifiable data including biometrics.
Business advocates say what has been released is unworkably vague. If approved, the regulations would be nestled in California’s Consumer Privacy Act, or CCPA.
The agency’s draft defines automated decision-making technology as “any system, software, or process,” which is indeed broad. A representative of tech lobby organization NetChoice told Bloomberg Law that flipping a coin would fit the bill as neatly as profiling.
As part of the proposed rules, a business would have to tell consumers before they use a biometric or other AI decision-making service and that they can opt out of the AI and get more information about it. They would also have to perform risk assessments for each system that poses a significant risk to people’s privacy by processing their information.
The examples of effected systems provided in the California Privacy Protection Agency’s announcement include facial recognition for consumer behavior analysis and profiling for behavioral advertising. Monitoring worker productivity with keystroke logging or speech recognition is also explicitly identified as falling under the proposed regulation.
There are exceptions available to some businesses that appear to be highly contextual.
Members of the board at California’s privacy agency will hold a public meeting meet to discuss the draft rules on December 8. There is no date yet set for binding votes, although the process is expected to end next year.