🦅 The AI Act and the rapid rise of AI governance
Plus: the AI Act has a problem (and it's not what most people think)
👋 Hi, Luiza Jarovsky here. Welcome to the 82nd edition of this newsletter! Thank you to 80,000+ followers on various platforms and to the paid subscribers who support my work. To read more about me, find me on social, or drop me a line: visit my personal page. For speaking engagements, fill out this form.
✍️ This newsletter is fully written by a human (me), and I use AI to create the illustrations. I hope you enjoy reading as much as I enjoy writing it!
A special thanks to MineOS, this edition's sponsor:
After the busiest year in American data privacy yet, there is a lot to pour over in preparation for the growing compliance demands in the US. To make the 8 new state-level laws easier to digest for busy professionals, the expert team at MineOS put together an in-depth guide summarizing each law, including compliance requirements, data rights, and unique aspects. This comprehensive guide will help you direct your data privacy & governance programs for future success - get it for free here.
📢 Support this newsletter: become a monthly sponsor and reach thousands of privacy & AI decision-makers throughout the year. Get in touch.
🦅 The AI Act and the rapid rise of AI governance
Contrary to what most people say, AI might be one of the biggest drivers of new job opportunities in the months ahead. And not only for engineers and data scientists. Here's why:
As EU officials finalize the AI Act and virtually every country in the world is putting effort into AI governance and regulation, it becomes clear that the next few years will bring massive regulatory changes to the tech sector.
As we get ready to leave the "AI wild west" behind and start building the "AI regulatory infancy," a group of AI professionals becomes essential. Besides engineers and data scientists, the AI field will desperately need professionals focused on:
AI privacy compliance
From my point of view, the professional revolution around AI will be similar to what happened in the field of privacy & data protection. In the last few years, the field has grown, matured, and specialized so much that there are constantly new job openings in a variety of different positions. I think this will happen in the AI field too.
When researchers say that AI involves a lot of human work, directly and indirectly, soon it will also mean the numerous professionals needed to make sure AI systems comply with existing laws (which will be many), respect privacy by design, follow industry practices in terms of consumer safety, are transparent, trustworthy, fair, and accountable.
Luiza's Newsletter is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
In parallel to that, there will be a demand for professionals who help build, maintain, and grow this new ecosystem of professionals (similar to what happens in privacy & data protection today).
I've been constantly thinking about it, and when people say that AI will replace jobs, to some extent, it might be true, but there will be many AI-related jobs created. And for some people, this might be a great time for a career transition.
With that in mind, we've gathered this list of AI-related jobs, which if you take a closer look, go much beyond machine learning engineers and data scientists. Check it out.
Get ready for the rise of the AI governance career (and perhaps consider transitioning before everyone else does).
🔵 The AI Act is coming
After long hours discussing the AI Act's provisions, on December 8, the Council presidency and the EU Parliament’s negotiators reached a provisional agreement on the proposal for the AI Act. (Congratulations to everyone involved!)
However, an important reminder is that we don't have the final text yet. According to the Council of the EU's press release:
"(...) work will continue at technical level in the coming weeks to finalise the details of the new regulation. The presidency will submit the compromise text to the member states’ representatives (Coreper) for endorsement once this work has been concluded. The entire text will need to be confirmed by both institutions and undergo legal-linguistic revision before formal adoption by the co-legislators."
So despite the urge and buzz around the topic, there is NO final text yet.
🚨 AI Act + Data Protection
As the final text of the AI Act is being finalized, one important topic is the interaction between "AI law" and data protection law. For example, there will be situations in which both the GDPR and the AI Act will be applicable. We can expect various challenges, among them:
What "human oversight" and "human intervention" will mean in practice in the context of automated decision-making;
When and how "data protection impact assessment" and "conformity assessment" will take place;
How to coordinate fines, including maximum amounts, when an event triggers both a GDPR-related and an AI Act-related penalty.
This is an emerging topic that will have meaningful consequences for privacy and AI compliance, and it is still not clear how the intersection between the two fields will work out in practice.
Above is an infographic to help clarify this intersection and the upcoming challenges.
💛 Enjoying the newsletter? Share it with friends and help us spread the word. Let's reimagine technology together.
🧠 AI-based neurotechnology and cognitive liberty
Unpopular opinion: cognitive liberty will be one of the most important topics in the coming years, and most people have no idea what it is.
As AI-based neurotechnology spreads, cognitive liberty, brain privacy, and freedom of thought become major issues in the context of privacy, data protection, and AI regulation.
To dive deeper and learn more:
🇮🇳 India's guidelines for prevention and regulation of dark patterns
According to India's Central Consumer Protection Authority (CCPA), dark patterns are "any practices or deceptive design patterns using UI/UX (user interface/user experience) interactions on any platform; designed to mislead or trick users to do something they originally did not intend or want to do; by subverting or impairing the consumer autonomy, decision making or choice; amounting to misleading advertisement or unfair trade practice or violation of consumer rights."
Last week, the CCPA issued its "Guidelines for Prevention and Regulation of Dark Patterns" (see also the press release). The guidelines state boldly: "no person, including any platform, shall engage in any dark pattern." (Article 4 - Prohibitions against engaging in dark patterns).
Its "Annex I" contains what they consider dark patterns, which reflect common categories proposed by researchers in the field:
bait and switch
I often discuss dark patterns in this newsletter, and you can check out previous articles in the archive. You can also check out my academic article with a proposed taxonomy for dark patterns in privacy, "Dark Patterns in Personal Data Collection: Definition, Taxonomy, and Lawfulness."
It's great to see India joining the EU, California, and others who have taken a firm stand against deceptive design practices. Hopefully, more states, countries, and regions will join.
📎 Job opportunities
🎓 Privacy managers: upskill your team
620+ professionals from leading companies have attended our interactive training programs. Each of them is 90 minutes long (delivered in one or two sessions), led by me, and includes additional reading material, 1.5 CPE credits pre-approved by the IAPP, and a certificate. Upskill your team: contact us and book a date.
📚 AI Book Club
250+ people have registered for our AI Book Club.
In our 1st meeting (this week!) on Thursday, December 14, we'll discuss "Atlas of AI" by Kate Crawford;
In the 2nd meeting on January 18, we'll discuss "The Coming Wave: Technology, Power, and the Twenty-first Century's Greatest Dilemma" by Mustafa Suleyman & Michael Bhaskar.
There will be book commentators, and the goal is to have a critical discussion on AI-related challenges, narratives, and perspectives.
The AI book club is free and will help you read more (and more motivated). Join today, and we'll send you an invitation to participate in the upcoming meetings.
🟡 NEW: Privacy, Tech & AI Bootcamp
I'm so happy to launch today our new 4-week bootcamp on privacy, tech, and AI! You can't miss it, here's why:
This is a new training program aimed at privacy upskilling and diving deeper into AI-related challenges.
The bootcamp includes four live sessions with me (one hour per week), additional reading material (around one hour per week), quizzes, and a course certificate.
Among the topics I will cover are: dark patterns in privacy, cognitive biases, privacy enhancing design, privacy advocacy, AI risks and harms, privacy issues in AI, dark patterns in AI, AI regulation, and more.
The first cohort stars on January 31 (live sessions on Wednesdays at 1pm ET/6pm UK) and it would be great to see you there!
Read more about the program and save your spot here.
🖥️ Privacy & AI live talks
On January 8, I will discuss with three leading privacy experts, Odia Kagan (Fox Rothschild), Nia Cross Castelly (Checks / Google), and Gal Ringel (MineOS), what to expect and how to get ready for 2024's privacy challenges. We'll talk about:
The hottest privacy topics for 2024 and why they will be important/impactful;
What will be the most challenging privacy issues for business and why;
How businesses can prepare in advance for these challenges and the most important practical measures organizations and professionals should be thinking about right now;
Tip(s) for privacy professionals who want to navigate 2024 successfully.
This is a free event, and if you are a privacy professional, you cannot miss it! Register using this link to be notified when it starts, participate live, comment in the chat, and receive the recording to re-watch.
*Every month, I host a live conversation with a global expert - I've spoken with Max Schrems, Dr. Ann Cavoukian, Prof. Daniel Solove, and various others. Access the recordings on my YouTube channel or podcast.
⛔ The AI Act has a problem (and it's not what most people think)
For the last few days, the trending topic in privacy and legal circles is definitely the recently announced AI Act (although, as I've highlighted above, there is no final text yet).
Despite the overall excitement, I've noticed that there are a few problematic issues that have not been raised, and we might end up with challenges that are, to some extent, similar to what we see in the data protection field. And the issue is not what most people think. I explain: