Dave Farber
2018-11-05 23:44:12 UTC
Date: November 6, 2018 8:36:04 JST
Subject: (For IP) Intel Corporation project to develop a U.S. privacy law
Dave-
Our AI and Privacy Policy Team at Intel has a project that your IP list may find interesting. We have drafted a proposed privacy bill and have asked for both experts and the public to comment on it at http://usprivacybill.intel.com . This is an experiment in participatory democracy to use technology to bring out some of the discussion that normally happens behind closed doors and let everyone take part. I have included below some background on the project and an overview of the bill. I am interested to know what members of the list think of our proposal.
Why Pass a US Federal Privacy Law?
Effective privacy regulation is critical to allow technologies like artificial intelligence to help solve the worldâs greatest challenges. The combination of advances in computing power, memory and analytics create the possibility that technology can make tremendous strides in precision medicine, disease detection, driving assistance, increased productivity, workplace safety, education and more. At Intel we are developing many of these technologies and are focused on integrating artificial intelligence capability across the global digital infrastructure. At the same time, we recognize the need for a legal structure to prevent harmful uses of the technology and to preserve personal privacy so that all individuals embrace new, data-driven technologies. At Intel we know that privacy is a fundamental human right and robust privacy protection is critical to allow individuals to trust technology and participate in society.
What the US needs is a privacy law that parallels the countryâs ethos of freedom, innovation and entrepreneurship. That law needs to protect individuals and enable for the ethical use of data. As noted above, the use of data by new technologies such as artificial intelligence will help us solve some of the most vexing global problems while spurring economic growth. That ethical use of data will be critical as we use the data to train artificial intelligence algorithms to detect bias and enhance cyber security. In short, it takes data to protect data. The US needs a law that promotes ethical data stewardship, not one that just attempts to minimize harm. A non-harmonized patchwork of state legislation will cause companies to default to restrictive requirements and the result will decrease the likelihood of realizing technologyâs great potential to improve lives.
How is the proposal structured?
The law uses the Fair Information Practice Principles (FIPPs) from the Organization for Economic Cooperation and Developmentâs (OECD) Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. The OECD FIPPs are âthe Global Common Language of Privacyâ and many of the privacy laws around the world are based on them. For the past few years, Intel has worked on a âRethinking Privacyâ initiative to take the OECD FIPPs and show how they can be implemented in law differently to promote the innovative and ethical use of data.
Collection Limitation
The law encourages organizations to create new mechanisms for individuals to provide meaningful consent for data use. Most uses of data will require a risk/benefit analysis that will restrict an organization from using data in a way that creates undue risk for individuals. However, in many situations, individuals may be ok with these risks, and will want to have the benefits of the use of the data. This bill encourages organizations to create mechanisms where those individuals can make informed choices.
Data Quality
As artificial intelligence tools are deployed across more industry sectors, it will be critical that the data used to train those algorithms has adequate diversity and volume. For example, for precision medicine, it is critical that the algorithms are trained with sufficient data from ethnic and racial minorities. This is one reason that international data flows are so important. This bill allows for the access to the data that creates better quality in the algorithms, while also requiring organizations to measure that data quality and adjust for any deficiencies.
Purpose Specification
It is critical that organizations state their purposes for collecting and processing data. The law makes clear those purposes must be described narrowly and specifically.
Use Limitation
Our proposal requires organizations to analyze the risks and benefits from the use of data. It also requires organizations to control the uses of data from the entities to which it transfers data.
Security Safeguards
The bill requires organizations to adopt reasonable measures to protect personal data.
Openness
Research shows that for the most part people do not read privacy policies. However, privacy policies can play a useful role to describe how an organization uses personal data. Our proposal requires three types of policies to foster that understanding: 1. An explicit notice when particularly sensitive data is being collected, which will enable better informed consent, 2. A thorough report of the organizationâs use of personal data, to enable regulators and advocates to better understand the entityâs practices, and 3. Publication of the traditional privacy policy, but with more detailed information on the purposes of data collection.
Individual Participation
It is critical to understand when organizations have data, and for the individuals to whom that data relates to have an ability to object when that data is either incorrect or when its use will disproportionately cause harm.
Accountability
The law encourages organizations to implement robust privacy programs that will decrease the risk of data misuse and security breaches.
How will the law be enforced?
Robust, harmonized and predictable enforcement is necessary. The US Federal Trade Commission (Commission) has decades of experience protecting privacy. What the Commission needs are: 1. More resources, 2. Authority to oversee all industry sectors, 3. A clear mandate to develop guidance and regulations to communicate to organizations how they should implement the FIPPs, and 4. The ability to enforce meaningful but fair sanctions. Our proposal provides all four of those elements, while also preserving a role for State Attorneys General to apply sanctions in situations where the Commission declines to start an enforcement action. The law uses those sanctions as a way to further encourage organizations to demonstrate their accountability, by allowing those entities that adopt robust privacy programs to have a safe harbor from civil penalties.
To view the complete text and participate in the discussion go to http://usprivacybill.intel.com
David A. Hoffman
Associate General Counsel and Global Privacy Officer
Intel Corporation
202-330-3945
Intel Public Policy Blog: http://blogs.intel.com/policy
Utilize the power of Mooreâs Law to bring smart, connected devices to every person on Earth.
-------------------------------------------Subject: (For IP) Intel Corporation project to develop a U.S. privacy law
Dave-
Our AI and Privacy Policy Team at Intel has a project that your IP list may find interesting. We have drafted a proposed privacy bill and have asked for both experts and the public to comment on it at http://usprivacybill.intel.com . This is an experiment in participatory democracy to use technology to bring out some of the discussion that normally happens behind closed doors and let everyone take part. I have included below some background on the project and an overview of the bill. I am interested to know what members of the list think of our proposal.
Why Pass a US Federal Privacy Law?
Effective privacy regulation is critical to allow technologies like artificial intelligence to help solve the worldâs greatest challenges. The combination of advances in computing power, memory and analytics create the possibility that technology can make tremendous strides in precision medicine, disease detection, driving assistance, increased productivity, workplace safety, education and more. At Intel we are developing many of these technologies and are focused on integrating artificial intelligence capability across the global digital infrastructure. At the same time, we recognize the need for a legal structure to prevent harmful uses of the technology and to preserve personal privacy so that all individuals embrace new, data-driven technologies. At Intel we know that privacy is a fundamental human right and robust privacy protection is critical to allow individuals to trust technology and participate in society.
What the US needs is a privacy law that parallels the countryâs ethos of freedom, innovation and entrepreneurship. That law needs to protect individuals and enable for the ethical use of data. As noted above, the use of data by new technologies such as artificial intelligence will help us solve some of the most vexing global problems while spurring economic growth. That ethical use of data will be critical as we use the data to train artificial intelligence algorithms to detect bias and enhance cyber security. In short, it takes data to protect data. The US needs a law that promotes ethical data stewardship, not one that just attempts to minimize harm. A non-harmonized patchwork of state legislation will cause companies to default to restrictive requirements and the result will decrease the likelihood of realizing technologyâs great potential to improve lives.
How is the proposal structured?
The law uses the Fair Information Practice Principles (FIPPs) from the Organization for Economic Cooperation and Developmentâs (OECD) Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. The OECD FIPPs are âthe Global Common Language of Privacyâ and many of the privacy laws around the world are based on them. For the past few years, Intel has worked on a âRethinking Privacyâ initiative to take the OECD FIPPs and show how they can be implemented in law differently to promote the innovative and ethical use of data.
Collection Limitation
The law encourages organizations to create new mechanisms for individuals to provide meaningful consent for data use. Most uses of data will require a risk/benefit analysis that will restrict an organization from using data in a way that creates undue risk for individuals. However, in many situations, individuals may be ok with these risks, and will want to have the benefits of the use of the data. This bill encourages organizations to create mechanisms where those individuals can make informed choices.
Data Quality
As artificial intelligence tools are deployed across more industry sectors, it will be critical that the data used to train those algorithms has adequate diversity and volume. For example, for precision medicine, it is critical that the algorithms are trained with sufficient data from ethnic and racial minorities. This is one reason that international data flows are so important. This bill allows for the access to the data that creates better quality in the algorithms, while also requiring organizations to measure that data quality and adjust for any deficiencies.
Purpose Specification
It is critical that organizations state their purposes for collecting and processing data. The law makes clear those purposes must be described narrowly and specifically.
Use Limitation
Our proposal requires organizations to analyze the risks and benefits from the use of data. It also requires organizations to control the uses of data from the entities to which it transfers data.
Security Safeguards
The bill requires organizations to adopt reasonable measures to protect personal data.
Openness
Research shows that for the most part people do not read privacy policies. However, privacy policies can play a useful role to describe how an organization uses personal data. Our proposal requires three types of policies to foster that understanding: 1. An explicit notice when particularly sensitive data is being collected, which will enable better informed consent, 2. A thorough report of the organizationâs use of personal data, to enable regulators and advocates to better understand the entityâs practices, and 3. Publication of the traditional privacy policy, but with more detailed information on the purposes of data collection.
Individual Participation
It is critical to understand when organizations have data, and for the individuals to whom that data relates to have an ability to object when that data is either incorrect or when its use will disproportionately cause harm.
Accountability
The law encourages organizations to implement robust privacy programs that will decrease the risk of data misuse and security breaches.
How will the law be enforced?
Robust, harmonized and predictable enforcement is necessary. The US Federal Trade Commission (Commission) has decades of experience protecting privacy. What the Commission needs are: 1. More resources, 2. Authority to oversee all industry sectors, 3. A clear mandate to develop guidance and regulations to communicate to organizations how they should implement the FIPPs, and 4. The ability to enforce meaningful but fair sanctions. Our proposal provides all four of those elements, while also preserving a role for State Attorneys General to apply sanctions in situations where the Commission declines to start an enforcement action. The law uses those sanctions as a way to further encourage organizations to demonstrate their accountability, by allowing those entities that adopt robust privacy programs to have a safe harbor from civil penalties.
To view the complete text and participate in the discussion go to http://usprivacybill.intel.com
David A. Hoffman
Associate General Counsel and Global Privacy Officer
Intel Corporation
202-330-3945
Intel Public Policy Blog: http://blogs.intel.com/policy
Utilize the power of Mooreâs Law to bring smart, connected devices to every person on Earth.
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181105184422:B62542B2-E154-11E8-AF2A-BDF7100353AE
Powered by Listbox: https://www.listbox.com