👋 Hi, Luiza Jarovsky here. Welcome to the 111th edition of this newsletter on AI policy & regulation, read by 28,500+ subscribers in 140+ countries. I hope you enjoy reading it as much as I enjoy writing it.
⏰ Last call to register: the summer cohorts of our AI Bootcamps on the EU AI Act and Emerging Challenges in AI, Tech & Privacy start next week! More than 800 people have attended our training programs, which are live, remote, and led by me. Don't miss them! *Students, NGO members, and independent professionals receive 20% off.
📍 Tracking AI legislation
➡️ As new AI laws are introduced worldwide, staying up to date with them is not an easy task.
➡️ With that in mind, below are 14 AI legislation trackers: 7 focusing on global AI legislation and 7 focusing on US State AI legislation. Bookmark them & never miss new AI law updates:
🌎 Global AI Legislation Trackers:
➵ White & Case: "AI Watch: Global regulatory tracker" - Bookmark
➵ IAPP: Global AI legislation tracker - Bookmark
➵ Institute for the Future of Work: "Tracking international legislation relevant to AI at work" - Bookmark
➵ Runway Strategies: "Global AI Regulation Tracker" - Bookmark
➵ OECD: National AI policies & strategies - Bookmark
➵ Raymond Sun: "Global AI Regulation Tracker" - Bookmark
➵ Legal Nodes: "Global AI Regulations Tracker" - Bookmark
🇺🇸 US State AI Legislation Trackers:
➵ Husch Blackwell: 2024 AI State Law Tracker - Bookmark
➵ National Conference of State Legislatures: AI 2024 Legislation - Bookmark
➵ IAPP: US State AI Governance Legislation Tracker - Bookmark
➵ Locke Lord: Artificial Intelligence Legislation Tracker - Bookmark
➵ BCLP: US State-by-State AI Legislation Snapshot - Bookmark
➵ MultiState: Artificial Intelligence Legislation - Bookmark
➵ White & Case: AI Watch: US regulatory tracker - Bookmark
🚨 Additional resources on AI governance:
➵ AI Training: If you are focusing on advancing your AI governance career, check out our 4-week Bootcamps at the AI, Tech & Privacy Academy (two upcoming cohorts starting next week).
➵ AI Governance Jobs: For AI governance and privacy job opportunities, join thousands of people who receive our weekly job alerts.
🇪🇺 Meta is having a hard time in the EU
➡️ Meta's "pay or consent" model has been deemed unlawful from data protection and competition standpoints in the EU. Will Meta's business model survive there? Here's what you need to know:
➡️ In April, after noyb's complaint and the Norwegian, Dutch, and Hamburg Data Protection Authorities’ request, the European Data Protection Board (EDPB) issued an opinion that goes against Meta's actions. According to the official EDPB opinion:
"The offering of (only) a paid alternative to the service which includes processing for behavioural advertising purposes should not be the default way forward for controllers. On the contrary, when developing the alternative to the version of the service with behavioural advertising, controllers should consider providing data subjects with an ‘equivalent alternative’ that does not entail the payment of a fee, such as the Free Alternative Without Behavioural Advertising (…)"
➡️ Last week, the saga advanced to the field of competition law. In a press release, the EU Commission stated that they take the preliminary view that:
"Meta's 'pay or consent' advertising model is not compliant with the Digital Markets Act (DMA) as it does not meet the necessary requirements set out under Article 5(2). In particular, Meta's model:
➵ Does not allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the “personalised ads” based service;
➵ Does not allow users to exercise their right to freely consent to the combination of their personal data."
➡️ Meta can now defend itself and reply in writing to the EU Commission's preliminary findings.
➡️ If the EU Commission decides that Meta is not compliant with the DMA, it can impose fines of up to 10% of its total worldwide turnover. In case of repeated infringement, fines can go up to 20%.
➡️ Things got complicated for Meta in the EU, and it's unclear how their business model will survive there.
🇧🇷 Meta is also having a hard time in Brazil
➡️ The Brazilian Data Protection Authority ordered Meta to stop processing personal data to train AI. Here's what you need to know:
➡️ According to the decision, in Brazil, Meta must immediately:
➵ suspend the validity of the part of its new privacy policy dealing with using personal data to train AI; and
➵ stop the processing of personal data to train AI, including personal data from non-users.
➡️ In case of non-compliance, Meta will have to pay a penalty of R$50,000 (~$9,200) per day of non-compliance, given the stated "imminent risk of serious and irreparable (or difficult to repair) damage to data subjects' fundamental rights."
➡️ Meta has five business days to comply.
➡️ The Brazilian Data Protection Authority's decision is inspired by the Irish Data Protection Authority's recent request to Meta to pause its plans to train its AI models using data from EU/EEA users.
➡️ The Irish Data Protection Authority acted after noyb's complaints, which I have been covering in recent weeks. You can read more about it in my article about the topic, in which I discuss Meta's AI practices.
➡️ A reminder that Meta's statement after the request of the Irish Data Protection Authority to stop using personal data from EU users to train AI was:
“We’re disappointed by the request from the Irish Data Protection Commission (DPC), our lead regulator, on behalf of the European DPAs, to delay training our large language models (LLMs) using public content shared by adults on Facebook and Instagram — particularly since we incorporated regulatory feedback and the European DPAs have been informed since March. This is a step backwards for European innovation, competition in AI development and further delays bringing the benefits of AI to people in Europe.”
➡️ It looks like Brazil is following EU's footsteps regarding the scrutiny on Meta.
💡 Generative AI patents
➡️ The World Intellectual Property Organization – WIPO published the "Patent Landscape Report on Generative AI," and it's a must-read for everyone in AI. Below are the (quite impressive) key findings:
"➵ 54,000 GenAI-related inventions (patent families) were filed, and more than 75,000 scientific publications were published between 2014 and 2023.
➵ The growth is rapid, with the number of GenAI patents increasing eightfold since the 2017 introduction of the deep neural network architecture behind the Large Language Models that have become synonymous with GenAI.
➵ In 2023 alone, over 25% of all GenAI patents globally were published, and over 45% of all GenAI scientific papers were published.
➵ GenAI patents still currently only represent 6% of all AI patents globally.
➵ The top 10 GenAI patent applicants are: Tencent (2,074 inventions), Ping An Insurance (1,564 inventions), Baidu (1,234 inventions), Chinese Academy of Sciences (607), IBM (601), Alibaba Group (571), Samsung Electronics (468), Alphabet (443), ByteDance (418), Microsoft (377).
➵ The top five inventor locations are China (38,210 inventions), US (6,276 inventions), Republic of Korea (4,155 inventions), Japan (3,409 inventions), and India (1,350 inventions).
➵ Image and video data dominate GenAI patents (17,996 inventions), followed by text (13,494 inventions) and speech/music (13,480 inventions). GenAI patents using molecule, gene and protein-based data are growing rapidly (1,494 inventions since 2014) with 78% average annual growth over the past five years.
➵ GenAI patents span across a diverse range of sectors, including in life sciences (5,346 inventions), document management and publishing (4,976 inventions) and over 2,000 inventions in each of business solutions, industry and manufacturing, transportation, security, and telecommunications.
➵ In the future, GenAI can help design new molecules, expediting drug development. It can automate tasks in document management and publishing, be increasingly used in retail assistance systems and customer service chatbots, and enable new product design and optimization, including in public transportation systems and autonomous driving."
➡️ Read WIPO's report here.
💻 Course AI Assistants: Legal & Ethical Implications
➡️ Check out our July on-demand course: AI Assistants: Legal & Ethical Implications. In this 50-minute self-paced course, I discuss the definition, classification, and some of the emerging legal and ethical implications behind AI assistants. Through recent examples, I highlight broad ethical questions that should be at the forefront of advanced AI assistants' development process.
➡️ Paid subscribers of this newsletter get free access to our monthly on-demand courses. If you are a paid subscriber, request your code here. If you are a free subscriber, you can upgrade to paid here.
➡️ For a comprehensive AI training program, register for the July cohort of our 4-week Bootcamp on Emerging Challenges in AI, Tech & Privacy.
📄 AI & Privacy paper
➡️ Daniel Solove & Woodrow Hartzog published "The Great Scrape: The Clash Between Scraping and Privacy," and it's a must-read for everyone in AI and privacy. Interesting quotes:
"On the legal front, numerous attempts have been made to combat scraping under various statutes and causes of action. The cases have involved many types of data, from intellectual property to pricing data to other forms of data, including personal data. This litigation has been ongoing for decades, but it has remained inconclusive. As Andrew Sellars describes it, “the legal status of scraping is characterized as something just shy of unknowable, or a matter left entirely to the whims of courts, plaintiffs, or prosecutors.” (page 14)
"Ultimately, privacy law cannot achieve its goals if it fails to protect publicly available personal data. In the modern world, with the internet, an unprecedented amount of personal data is being posted online. A lot of personal data is posted by individuals themselves, but also a lot of personal data about people is posted by other people or by organizations such as schools, employers, journalists, and more. If privacy law is to remain relevant today, then it must protect publicly available information. Too much personal data is publicly available and excluding it from privacy law would leave too many gaping holes in the laws’ protection." (page 45)
"In order for U.S. privacy law to achieve a workable balance with allowing scraping yet protecting privacy, the law must look beyond some of the traditional permissive approaches to regulating the collection, use, and transfer of personal data. Instead of the general approach in the U.S. as allowing organizations wide leeway to collectand use personal data in whatever way they want, the law should view the systemic, automated mass collection and use of personal data through scraping as a privilege. This view of data collection, use, and transfer is similar to the GDPR’s approach; there must be a justifiable basis for these activities. We propose turning this requirement into a privilege by conditioning data scraping in justified contexts upon the adoption of safeguards and commitments that benefit society as a whole." (page 56)
"Our proposal has three components: 1) a valid justification for scraping and substantive and 2) substantive protections to ensure the scraping is safe and avoid exploitation and purpose creep; and 3) procedural safeguards to ensure fairness and adequate representation and agency in decision-making." (page 56)
➡️ Read the full paper here.
🎙️Insights on AI governance, compliance & regulation
➡️ If you are interested in AI governance, compliance, and regulation, you can't miss my conversation with Barry Scannell on July 25. To participate live and receive the recording, register here.
➡️ To watch my previous live sessions, visit my YouTube channel.
🎤 Are you looking for a speaker in AI, tech & privacy?
I would welcome the opportunity to:
➵ Give a talk at your company;
➵ Speak at your event;
➵ Coordinate an AI training program for your team.
➡️ Here's my short bio with links. Get in touch!
🔥 AI Governance is HIRING
Below are 10 AI Governance positions posted in the last few days. Bookmark, share & be an early applicant:
1. BIP (Italy) - AI Governance Specialist - apply
2. Google (US) - Program Manager, AI Governance Infrastructure - apply
3. Digital Janet (US) - AI Governance Manager - apply
4. ByteDance (UK) - Senior Counsel (AI Governance & Tech Policy) - apply
5. adesso SE (Germany) - IT-Consultant generative AI Governance - apply
6. HTX (Singapore) - AI Masterplanning & Governance - apply
7. UNIQA Insurance Group (Austria) - Internship AI Governance - apply
8. Accenture DACH (Germany) - Responsible AI - Advisor Specialist - apply
9. ASML (Netherlands) - Legal & Compliance Lead for Technology - apply
10. Scale AI (US) - AI Policy Lead - Government Relations - apply
➡️ For more AI governance and privacy job opportunities, subscribe to our weekly job alert. Good luck!
⏰ Last call to register for our AI training programs
1. The EU AI Act Bootcamp (4 weeks, live online)
🗓️ Tuesdays, July 16 to Aug 6 at 10am PT (starts next week)
👉 Learn more & register
2. Emerging Challenges in AI, Tech & Privacy (4 weeks, live online)
🗓️ Wednesdays, July 17 to August 7 at 10am PT (starts next week)
👉 Learn more & register
📩 Subscribe to the AI, Tech & Privacy Academy's Learning Center to receive info on our AI training programs and other learning opportunities.
I hope to see you there!
🙏 Thank you for reading!
If you have comments on this week's edition, write to me, and I'll get back to you soon.
To receive the next editions in your email, subscribe here.
Have a great day.
Luiza