Artificial intelligence concerns the automation of intelligent behavior. The pathway to creating intelligent machines, applications, or systems relies on mimicking human mental skills, such as pattern recognition and natural language processing. Machine learning involves the processing of data and may require the use of big data, including personally identifiable information (PII) or other regulated data collected from users, consumers, employees and individuals.
While these tools can provide the basis for quick, easy, and accurate collection and analysis of personal data, AI/ML may inadvertently demonstrate the bias and potentially expose businesses to legal liability under anti-discrimination, labor, and other federal laws and international standards. Because of these risks, a robust governance program is important step to take before an AI/ML system is deployed.
Octillo has a team of experienced lawyers to guide companies through the legal landscape and the exciting opportunities that come along with implementing AI/ML systems. Octillo works with clients to devise meaningful policies and procedures for the use of AI/ML, including compliance policies and algorithmic integrity protocols.
Our attorneys have first-hand experience innovating with emerging technologies. Octillo Member, Myriah V. Jaworski, Esq. CIPP/US, CIPP/E has been quoted by Law.com on the legal challenges associated with AI technologies.
Regulatory Framework for Use of AI/ML Systems: From Privacy Laws to Anti-Discrimination Requirements
Depending on its AI/ML system and use, a business may need to evaluate its exposure to a number of federal laws and international standards.
Octillo works with clients to evaluate the use of AI and automated decision making and any related data privacy requirements under the California Consumer Privacy Act (“CCPA”) or the European Union’s General Data Protection Regulation (“GDPR”).
Further, Octillo works with businesses to evaluate an AI/ML system’s compliance with anti-discrimination laws, including Title VII of the Civil Rights Act, Age Discrimination in Employment Act, Fair Credit Reporting Act and other laws, as applicable, and to assist in auditing the AI tool for disparate impact and algorithmic bias.
Octillo monitors FTC guidance and decisions, and pending federal and state proposals such as the Algorithmic Accountability Act, as well as state privacy and security laws which regulate PII, for potential impact to AI/ML systems.
Algorithmic Integrity & Auditing AI/ML Systems
Octillo’s technical staff works with businesses to deploy procedures to enhance algorithmic integrity, including conducting algorithmic audits, metrics, and standards for mitigation. Technical analysis conducted by Octillo identifies and recommends specifications for accuracy, fairness (including bias and discrimination), reliability, transparency/accountability, and privacy/security.
Octillo attorneys understand and work with AI/ML standards, including National Institute of Standards and Technology (“NIST”) Plan for Federal Engagement in Developing Technical Standards and the EU’s Ethics Guidelines for Trustworthy AI, and The Partnership on AI to Benefit People and Society.
Octillo works with businesses to develop AI Integrity Policies which identify selected standards for deployment of AI/ML system in a specific use case, and to identify procedures for AI Development, Testing, Validation and Implementation.
AI Licensing and Third-Party Contracts
Licensing or commercializing AI/ML systems may require negotiation of AI Addendum to address licensing rights and liability schemes, and Octillo’s SaaS contract team works with clients to revise existing business contracts, MSAs, End User Licensing Agreements or contracting protocols.
External Policies & Data Subject Rights
Octillo also works with clients on Data Subject Rights protocol to develop a communication strategy for responses to inquiries relating to the business use of AI/ML systems, and the development of an in-house functions to which consumer inquiries may be directed.
Internet of Things
Personal and business privacy should contemplate the Internet of Things (IoT). IoT devices are fully integrated into our home and business using devices, vehicles, appliances and other electronically embedded products. In these exciting digital times, integrating IoT without managing the data and operational risks they pose could result in otherwise avoidable data breaches and security incidents to a business. Octillo understands IoT technologies and advises clients on best management practices for their use and integration.
Healthcare Emerging Technologies (Robotics, IoT, Biometrics)
The health sector is experiencing a surge in the implementation of innovative products and services caused by the COVID-19 pandemic. One key consumer-facing area is telehealth. Over the last year, consumer adoption of telehealth services has more than doubled while more healthcare providers are expected to adopt virtual health care services. Other emerging technologies in the healthcare space include (1) the use of robots to aid in surgical procedures, (2) care robots that provide support to the elderly and disabled, and (3) autonomous robots that deliver medications and other sensitive health materials within the hospital setting.
Federal laws such as HIPAA and HITECH may regulate both the data and the parties involved in the healthcare chain. State health laws and technology laws, such as biometric laws and IoT laws, may also apply along with breach notification laws.
Minimizing potential data risks associated with emerging technologies require navigating a complex system of domestic and global data protection laws that no company should tackle on its own.
Octillo’s Health Law Team of experienced lawyers helps guide companies through the legal landscape and the exciting opportunities that come along with implementing new technologies.