This quarterly update summarizes key federal legislative and regulatory developments in the first quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in the States. In the first quarter of 2022, Congress and the Administration focused on required assessments and funding for AI, restrictions on targeted advertising using personal data collected from individuals and connected devices, creating rules to enhance CAV safety, and children’s privacy topics.
Members of Congress introduced legislation that would expand federal oversight over the use of AI in certain decision-making processes, as well as legislation that would increase resources for AI-related research and development. For example, this quarter, Senator Ron Wyden (D-OR) introduced the Algorithmic Accountability Act of 2022 (S. 3572), which would create a Federal Trade Commission (“FTC”) Bureau of Technology and would direct the FTC to promulgate regulations requiring covered entities to (1) perform impact assessments on deployments of any “automated decision system” (defined as any system, software, or process, including those derived from AI, the result of which serves as a basis for human judgment) used to make a critical decision (defined broadly as a decision or judgment that has “any legal, material, or similarly significant effect on a consumer’s life” related to the cost or availability of certain topics such as education, utilities and transportation, financial service, healthcare, or “any other service” that is established through rulemaking) and (2) submit summary reports of those impact assessments to the FTC. Only Democrats, however, have cosponsored the bill. In a closely divided Congress, it will remain difficult to move any legislation without bipartisan support. What that dynamic in mind, negotiations are likely to continue throughout this Congress in an attempt to reach a bipartisan agreement on the use of AI, particularly as it relates to advertisement targeting using algorithms.
Additionally, Congress has focused on efforts to increase AI funding. For example, the America COMPETES Act of 2022 (H.R. 4521), which passed the House this quarter, incorporates the AI-related provisions of several other bills introduced in the last year that aim to increase support for AI research. The House and the Senate are expected to conference on the COMPETES Act and the United States Innovation and Competition Act of 2021 (S. 1260), which will result in compromise legislation. These funding provisions are expected to be part of the final bill.
Internet of Things
Federal lawmakers have introduced legislation addressing the intersection between connected devices and targeted advertising. For example, Senator Cory Booker (D-NJ) and Representative Anna Eshoo (D-CA-18) introduced the Banning Surveillance Advertising Act of 2022 (S. 3520; H.R. 6416) this quarter, which would prohibit “advertising facilitators” (defined as a person that receives monetary consideration “or any other thing of value” to disseminate an advertisement, and collects or processes personal information to disseminate an advertisement) from using personal data to target advertisements to individuals or a connected device associated with the individual. The bill would provide the FTC with rulemaking authority, and the FTC would be empowered to enforce violations through its Section 5 authority.
Additionally, this quarter, federal regulators continued to engage with IoT-related policy across the federal government, particularly in the Federal Communications Commission (“FCC”) and the National Institute of Standards and Technology (“NIST”). For example, the FCC on January 10, 2022 announced a commitment of $361,037,156.16 million to support 802 schools and 49 libraries as part of its Emergency Connectivity Fund. The schools and libraries are approved to receive nearly 654,000 connected devices and more than 313,000 broadband connections. Relatedly, consistent with its obligations under Executive Order 14028 on “Improving the Nation’s Cybersecurity,” NIST published a whitepaper in coordination with the FTC and other agencies to initiate cybersecurity labeling pilot programs that will enable consumers to make informed decisions about IoT products. The whitepaper provides recommendations on consumer IoT product label criteria, label design and consumer education considerations, and conformity assessment considerations. Specifically, the whitepaper recommends coupling a binary label (a “seal of approval” type of label indicating a product has met a baseline standard) with additional information accessible online for interested consumers.
Connected and Autonomous Vehicles
The Department of Transportation (“DOT”) continued to engage on issues related to CAVs, particularly by (i) releasing a first-of-its-kind final rule amending the Federal Motor Vehicle Safety Standards (“FMVSSs”) to account for automated driving systems and (ii) seeking input on the projects and issues that should be considered by the Non-Traditional Emerging Transportation Technology (“NETT”) Council, a newly established entity under Section 25008 of the Infrastructure Investment and Jobs Act:
- In March 2022, the DOT’s National Highway Traffic and Safety Administration (“NHTSA”) issued a final rule which amends the occupant protection FMVSSs to account for vehicles that are equipped with Automated Driving Systems (“ADS”) and do not contemplate traditional manual controls associated with human drivers. Inapplicable or inaccurate terminology such as “driver’s seat” and “steering wheel” is adjusted with the overarching goal of resolving any ambiguities stemming from applying the FMVSSs to ADS-equipped vehicles. Lastly, the final rule amends the standards in order to maintain the level of safety that is currently provided to occupants in traditionally-designed vehicles.
- The DOT is seeking public comments in connection with the NETT Council, an internal DOT body tasked with identifying and resolving jurisdictional and regulatory gaps that hinder the deployment of emerging technology such as autonomous vehicles, hyperloop, and other such innovations. The DOT posted a Request for Comments (“RFC”) to the Federal Register to seek input on the types of projects, issues, and topics that should be considered by the NETT Council, with the comment period ending on April 8, 2022.
Federal lawmakers also engaged on CAV-related issues. The House Transportation and Infrastructure subcommittee held a hearing in early February, “The Road Ahead for Automated Vehicles,” in which experts, labor leaders, and industry representatives highlighted the need to increase consumer trust in CAVs and called for a national framework to facilitate the safe deployment of CAVs.
On February 28, 2022, the California Public Utilities Commission (“CPUC”) issued its first “Drivered Deployment” permits to Cruise LLC and Waymo LLC, allowing for passenger service in CAVs with a safety driver present. The CPUC uses the term “drivered” to refer to CAVs with safety drivers present, while those without safety drivers are referred to as “driverless”. For more information on this development, see this post from Inside Tech Media.
Legislators and the Executive branch have expressed interest in children’s privacy this quarter. For example, President Biden’s State of the Union address focused on children’s privacy online, specifically asking Congress to introduced legislation aimed at children’s privacy protections. On the Hill, “The Kids Online Safety Act,” (S. 3663) introduced by Senator Richard Blumenthal (D-CT) and co-sponsored by Senator Marsha Blackburn (R-TN), would create requirements for new safeguards, tools, and transparency requirements for minors online. Notably, the bill would create a “duty to act in the best interests of a minor” that uses the covered entity’s (defined broadly as any commercial software or online application likely to be used by a minor) products or services. The bill would also require covered entities to conduct annual independent audits of the risk of harm to minors on their service and issue a public report based on its findings. For more information on this bill, see this post from Inside Privacy.
Additionally, the Utah legislature passed a comprehensive data privacy bill this quarter, which will go to the governor next for his signature. The bill provides consumers right access and deletion rights, as well as rights to opt-out of the “sale” of personal information, “targeted advertising,” and processing of sensitive data. If signed by the governor, the Attorney General will have authority to enforce the law’s requirements. For more information on this bill, see this post from Inside Privacy.