HTLJ
Introduction
Samuel Warren and Louis Brandeis proffered the concept of an individual’s protection in his “full person” not just that of his property; “a man’s house is his castle,” and there’s also a man’s “right to be let alone.”[1] Warren and Brandeis once said, “[r]ecent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right ‘to be let alone’.”[2] The technology at that time that was advancing and invading privacy was “instantaneous photographs” and the “newspaper enterprise” that “invaded the sacred precincts of private and domestic life….” [3] As discussed by Warren and Brandeis, the increasing complexity of life and advancement of civilization has also increased the essential need for individuals to have solitude and privacy.[4] Respectively, that need has only expanded with the continued increasing intensity and complexity of life in a modern world propelled by advancing technology.
As a result of advancing technology and the growing economic interest in personal data, personal information is collected, stored, and processed at an unprecedented level, making privacy increasingly important in the daily lives of both businesses and individuals.[5] One way in which the collection of personal information has accelerated at such a rate is the increased development and utilization of artificial intelligence (AI).[6] In 2020, each human being created 1.7 megabytes of new data every second.[7] The worldwide spending on cognitive and AI systems is anticipated to increase to $77.6 billion in 2022 from $24 billion in 2018.[8] Businesses turn to AI systems not only because of its ability to rapidly collect and process data but also due to its deep learning ability, in which self-learning algorithms enable the system to learn and adapt.[9] With a few pieces of new data, these algorithms can merge this new data with other data to generate second and third generations of data about an individual, raising concerns about consent, transparency, and personal autonomy.[10] With the enormous amount of personal data consumed, stored, and processed by AI in combination with the growing number of businesses utilizing these AI services, how can individuals be sure their privacy is being protected?
In Recent News: Google Settles For $391 Million For Tracking Location Practices
Consider for instance the recent settlement announced by Attorney General Josh Shapiro of Pennsylvania with Google for a $391 million settlement over location tracking practices relating to Google Account settings.[11] The settlement is reported to be the largest multistate privacy settlement in U.S. history.[12] The investigation revealed Google was tracking individuals’ movements even when those individuals had explicitly opt-ed out of Google’s location tracking systems.[13] As part of the settlement, and among other requirements, Google has agreed to increase transparency of its practices to consumers, including: showing additional information to users whenever they turn to an account setting “on” or “off”; making key information about location tracking unavoidable for users (i.e., not hidden); and creating an enhanced webpage where users may obtain detailed information on the types of location data Google collects and how it’s used.[14] AI is a key part of Google’s mapping system. They have recently partnered with a company called DeepMind, an Alphabet AI research lab, to improve the accuracy traffic prediction capabilities.[15] Lawsuits concerning privacy, which predominantly result in settlements like this, especially with companies that are as pervasive as Google, make individuals increasingly concerned about data privacy regulations. However, although the concern is high, individuals continue to utilize these services, like Google Maps with location tracking enabled. Why?
The Privacy Calculus
The U.S. characterizes AI as innovation.[16] AI is a profoundly innovative advancement in technology that provides numerous benefits to a wide array of fields. AI invades a certain level of privacy because it requires copious amounts of data, much of which is derived from individuals. However, even though individuals have frequently expressed concerns about such invasive technologies, such as AI, they do very little to protect their personal data.[17] Individuals, more often than not, deem the invasion of privacy by AI systems as either necessary or a sacrifice they are willing to make for convenience or efficiency. This theory is called the “Privacy Calculus”, that stems from the phenomenon known as the privacy paradox, which is a risk-benefit calculation utilized by individuals attempting to decide whether to disclose personal data to an AI system.[18]Many individuals decide the benefits ultimately outweigh the risks of providing their personal data.[19] However, many individuals do not realize that these AI systems consist of algorithms that take their personal identifying information and pair it with other information at their disposal to aggregate a more complex picture of the individual.[20] Furthermore, what is done with this information is typically not widely known by individuals because it is most often buried deep within a business’s privacy agreement, which many of us do not read. The risks associated with AI systems and their self learning algorithms are not being weighed in these daily risk-benefit privacy calculus tests. Another exacerbation of the privacy problem is that although businesses know the general customers are not well-read on privacy and data, only the minimum that is required of businesses to protect user or consumer privacy is carried out. Therefore, lawsuits like the one involving Google, will only continue to occur, if not, with more frequency. But as individual users and consumers, we can become more informed and make choices accordingly.
The American Data Privacy and Protection Act
After years of debate, the House Committee on Energy and Commerce advanced a bill to the U.S. House of Representatives that serves as Congress’s latest attempt to create comprehensive federal data privacy legislation, which has garnered bipartisan support.[21] The bill titled American Data Privacy and Protection Act (ADPPA) was introduced to the House on June 21, 2022. [22] The ADPPA establishes requirements for how business’s, nonprofits, and common carriers handle personal data as well as limit the amount of personal data collected.[23] The ADPPA is analogous to existing comprehensive state privacy laws by covering many of the same topics in those state laws but also providing for broader coverage in certain areas.[24] The ADPPA contains a preemption provision applicable to any covered state laws, with exceptions for specific state laws pertaining to general consumer protection. Some of those states may include, California, Colorado, Connecticut, Utah, and Virginia, as states that have the most comprehensive consumer data privacy laws.[25] Because of the preemption provision, proponents of the bill say it will eliminate the current patchwork of state privacy laws and make compliance easier.[26] However, those that oppose the bill believe federal legislation pertaining to privacy protections should serve as a floor rather than a ceiling. It is likely the bill will not be considered by the House or Senate prior to the conclusion of the 117th Congress on January 3, 2023, but it may become a priority issue to pay close attention to once the new Congress reconvenes.[27] The bill represents a major step forward by Congress in a bipartisan effort to develop a national framework that would establish protections for all Americans specific to data security and data privacy.[28]
Conclusion
As an individual that conducts this risk-benefit privacy calculus on a daily basis, take a moment to think about these AI systems and your data privacy and the implications that may arise from using such services. Enhance your privacy calculus by reading the privacy agreements and becoming more informed on data privacy and your right “to be let alone.”
[1] Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193, 193-95 (1890) (discussing the inevitable development of law and the simultaneous broadening of man’s legal rights, specifically the right of privacy).
[2] Id.
[3] Id.
[4] Id.
[5] Grzegorz Mazurek & Karolina Malagocka, Perception of Privacy and Data Protection in the Context of the Development of Artificial Intelligence, 6 J. of Mgmt. Analytics 344, 345 (2019).
[6] Id.
[7] Christian Meurisch & Max Mühlhäuser, Data Protection in AI Services: A Survey, 54 ACM Comput. Surv., Mar. 2021, at 1.
[8] Sandra Maria Correia Loureiro, João Guerrerio & Lis Tussyadiah, Artificial Intelligence in Business: State of The Art and Future Research Agenda, 129 J. of Bus. Rsch. 911, 911 (2021).
[9] Adekemi Omotubora & Subhajit Basu, Next Generation Privacy. 29 Info. & Comm. Tech. L. 151, 164 (2020).
[10] Id.
[11] Attorney General Josh Shapiro Announces $391Million Settlement With Google Over Location Tracking Practices, Office of Attorney General Josh Shapiro (Nov. 14, 2022), https://www.attorneygeneral.gov/taking-action/attorney-general-josh-shapiro-announces-391-million-settlement-with-google-over-location-tracking-practices/.
[12] Id.
[13] Id.
[14] Id.
[15] Johann Lau, Google Maps 101: How AI Helps Predict Traffic and Determine Routes, Google, The Keyword (Sep. 3, 2020), https://blog.google/products/maps/google-maps-101-how-ai-helps-predict-traffic-and-determine-routes/.
[16] Mazurek, supra, at 354.
[17] Meurisch, supra, at 6.
[18] Id.
[19] Id.
[20] Omotubora, supra, at 164.
[21] Quiyang Zhao, American Data Privacy and Protection Act: Latest, Closest, yet Still Fragile Attempt Toward Comprehensive Federal Privacy Legislation, Jolt Digest (October 19, 2022), http://jolt.law.harvard.edu/digest/american-data-privacy-and-protection-act-latest-closest-yet-still-fragile-attempt-toward-comprehensive-federal-privacy-legislation.
[22] American Data Privacy and Protection Act, H.R. 8152, 117th Cong. (2022).
[23] Id.
[24] Zhao, supra.
[25] 2022 Consumer Privacy Legislation, National Conference of State Legislatures (June 10, 2022), https://www.ncsl.org/research/telecommunications-and-information-technology/2022-consumer-privacy-legislation.aspx.
[26] Zhao, supra.
[27] The American Data Privacy and Protection Act, The American Bar Association (Aug. 30, 2022), https://www.americanbar.org/advocacy/governmental_legislative_work/publications/washingtonletter/august-22-wl/data-privacy-0822wl/.
[28] Id.
