Arkansas privacy bill proceeds, but without coverage of AI and biometrics

Arkansas’ privacy bill is moving ahead, but may have lost some of its potency, according to a report from MLex.

Senate Bill 258 originally included broad coverage of AI and biometrics, but the Senate Committee on Transportation, Technology and Legislative Affairs only passed it after significant amendments, based on concerns raised by businesses who said the bill was too broad.

The piece quotes privacy consultant Josh Bryant, who helped draft the bill, and says “we’ve made substantial changes. All of the AI stuff is gone. All of the biometric stuff is gone. This amendment will give the bill a good 15-page haircut.” The amendments removed a “significant portion under the section of lawful basis of processing, including conditions for processing personal data.” The only requested change not granted is the inclusion of a 60-day “cure period” prior to enforcement.

The Arkansas Digital Responsibility, Safety, and Trust Act is modeled on Texas’ data privacy law, and borrows language from the General Data Protection Regulation (GDPR) in the EU. But critics said the inclusion of language on AI and biometrics was unprecedented, and would make the state an outlier in terms of the severity of its privacy law.

Renzo Soto, an executive director at TechNet, says that “the only state right now of the 19 states with a comprehensive data privacy law that is an outlier from the rest of them is California.” Soto says Caifornia’s law has led to “massive, massive costs on business.”

The AI provisions may yet survive, however, as the bill’s sponsor, Republican Senator Clint Penzo, has considered splitting the bill, so that privacy and AI each have their own legislation.

Last week, a U.S. District Court judge nixed Arkansas’ proposed age assurance law, calling it a hatchet job on free speech.

Article Topics

Arkansas  |  biometric data  |  biometrics  |  data privacy  |  legislation  |  United States