In this update, we detail the key legislative developments in the second quarter of 2021 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and federal privacy legislation. As we recently covered on May 12, President Biden signed an Executive Order to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by removing obstacles to sharing threat information between private sector entities and federal agencies and modernizing federal systems. On the hill, lawmakers have introduced a number of proposals to regulate AI, IoT, CAVs, and privacy.
In Q2, members of Congress introduced a variety of legislative proposals to regulate AI—ranging from light touches to more prescriptive approaches.
- A number of bills would provide funding for AI-related research and training. Most notably, the United States Innovation and Competition Act of 2021 ( 1260), introduced by Senator Chuck Schumer (D-NY) and which passed by the Senate, would invest more than $200 billion into U.S. scientific and technological innovation over the next five years. In particular, the bill would create the Directorate for Technology and Innovation within the National Science Foundation to research AI and machine learning, among other areas. The Artificial Intelligence for the Military Act of 2021 (S. 1776), introduced by Senator Rob Portman (R-OH), would require the introduction of curriculum for professional military education to incorporate courses of emerging technologies, like AI.
- Several bills introduced this quarter have focused on the privacy implications of AI. For instance, the Mind Your Own Business Act of 2021 (S. 1444), introduced by Senator Ron Wyden (D-OR), would authorize the Federal Trade Commission (“FTC”) to create regulations requiring covered entities to, among other requirements, conduct impact assessments of “high-risk automated decision systems” (which includes certain AI tools) and “high-risk information systems” that “pose a significant risk to the privacy or security” of consumers’ personal information. Likewise, the Algorithmic Justice and Online Platform Transparency Act of 2021 (S. 1896), introduced by Senator Ed Markey (D-MA), would require online platforms to describe to users the types of algorithmic processes they employ and the information they collected; publish annual public reports detailing their content moderation practices; and maintain detailed records describing their algorithmic process for review by the FTC.
Agencies have mirrored Congressional activities, focusing on additional investments to research AI developments and rules on the use of AI.
- The FTC released guidance suggesting that biased AI may violate: Section 5 of the FTC Act (“The FTC Act prohibits unfair or deceptive practices. That would include the sale or use of – for example – racially biased algorithms.”); the Fair Credit Reporting Act (“The FCRA comes into play in certain circumstances where an algorithm is used to deny people employment, housing, credit, insurance, or other benefits.”); and the Equal Credit Opportunity Act (“The ECOA makes it illegal for a company to use a biased algorithm that results in credit discrimination on the basis of race, color, religion, national origin, sex, marital status, age, or because a person receives public assistance.”).
- The Office of Management and Budget submitted its request for discretionary funding—$916 million, an increase of $128 million over the 2021 enacted level, to expand scientific and technological research at the National Institute of Standards and Technology (“NIST”) on AI and quantum information science. The discretionary request also establishes a new Directorate for Technology, Innovation, and Partnerships within the National Science Foundation to expedite technology development in AI and quantum information science.
Internet of Things
Federal lawmakers introduced a number of proposals focused on directing federal agencies to study technological and security challenges related to IoT, including with respect to national security, disclosures to consumers, and cybersecurity certification programs.
- Several bills introduced this quarter focus on addressing national security challenges related to IoT, such as the Internet of Things Readiness Act of 2021 (H.R. 981), introduced by Representative Suzan DelBene (D-WA-1), the Strengthening Trade, Regional Alliances, Technology, and Economic and Geopolitical Initiatives Concerning China (“STRATEGIC”) Act (S. 687), introduced by Senator James Risch (R-ID), and the Securing American Leadership in Science and Technology (“SALSTA”) Act of 2021 (H.R. 2153), introduced by Representative Frank Lucas (R-OK-3). These bills focus on developing standards for secure IoT development and create working groups focused on developing U.S. leadership in IoT development.
- Other developments this quarter focused on consumer labels for IoT devices. Representative John Curtis (R-UT-3) introduced the Informing Consumers about Smart Devices Act (H.R. 3898), which would require the FTC to work alongside industry leaders to establish guidelines for properly disclosing the potential for their products to contain audio or visual recording capabilities that would not be clearly obvious to a reasonable person. Notably, President Biden signed the Executive Order on Improving the Nation’s Cybersecurity, which directs NIST to create pilot programs to establish criteria for product labels to educate consumers about the cybersecurity capabilities of IoT devices and requires NIST to work with the FTC on such consumer labels.
- Another proposal focuses on cybersecurity certification programs for IoT devices. Senator Ed Markey (D-MA) introduced the Cyber Shield Act of 2021 (S. 965), which would create a voluntary cybersecurity certification program for IoT devices, including laptops, cameras, and cell phones.
Connected and Autonomous Vehicles
Federal lawmakers focused legislative proposals on the safe deployment of CAVs, including proposals focused on federal frameworks for CAVs and requirements for CAV development.
- Representative Bob Latta (R-OH-5) introduced the Safely Ensuring Lives Future Deployment and Research Act (“SELF DRIVE Act”) (H.R. 3711), which would create a federal framework to assist agencies and industries deploy CAVs around the country and establish a Highly Automated Vehicle Advisory Council within the National Highway Traffic Safety Administration (“NHTSA”).
- Other proposals focus on technical requirements for CAVs. The Surface Transportation Investment Act of 2021 (S. 2016), introduced by Senator Maria Cantwell (D-WA), would require new automobiles to be equipped with (i) an automatic braking system that alerts the driver if the distance to a vehicle or object is closing too quickly and a collision is imminent and (ii) an automated lane departure system that warns the driver to maintain the lane of travel and course corrects in the event a driver fails to do so.
- Lawmakers have also introduced grant programs this quarter to encourage the development of CAVs. The Surface Transportation Advanced through Reform, Technology, and Efficient Review (“STARTER”) Act 2.0 (H.R. 3341), introduced by Representative Sam Graves (R-MO-6), would establish new competitive grant programs related to connected vehicle deployment and the safe integration of automated driving systems.
There were a number of updates related to CAV safety in the regulatory space as well:
- In early June, the Department of Transportation released its Spring regulatory agenda, which emphasized creating a safe and predictable environment for CAVs by requiring rigorous testing standards for CAVs and setting up a national incident database to document crashes involving CAVs. Related to this database, NHTSA issued an order on June 29 requiring manufacturers and operators of vehicles equipped with certain automated driving features to repot certain crashes to the regulatory agency.
- In response to an Advance Notice of Proposed Rulemaking (ANPRM) – Framework for Automated Driving System Safety, NHTSA received public comments on the key components that can meet the need for motor vehicle safety while enabling vehicle decisions for the four primary functions of automated driving systems: sensing, perception, planning, and control.
Legislators introduced a number of privacy bills in Q2, including comprehensive data privacy proposals with new consent requirements and new approaches to enforcement, and other bills focused on specific topical areas related to privacy, such as the Fourth Amendment and children’s privacy.
- A number of bills introduced this quarter focus on consent requirements in a comprehensive data privacy framework. One of these proposals, the Information Transparency and Personal Data Control Act (H.R. 1816), introduced by Representative Suzan DelBene (D-WA-1), would require affirmative, express consent to sell, share, or disclose sensitive personal information, and covered entities would be required to provide consumers with the option to opt-out of the use of their non-sensitive personal information at any time. Relatedly, Senator Jerry Moran (R-KS) introduced the Consumer Data Privacy and Security Act (S. 1494), which would require covered entities to provide consumers with a means to withdraw consent at any time.
- Other federal privacy legislative proposals this quarter would give the FTC and state attorneys general authority to enforce the law, though one proposal would create a new, independent Data Protection Agency to enforce federal privacy in the U.S. The Data Protection Act of 2021 (S. 2134), introduced by Senator Kirsten Gillibrand (D-NY), would prohibit unfair, deceptive, or discriminatory data practices, and the agency would review the privacy implications of any merger that involves the data of at least 50,000 users.
- Other data privacy legislative proposals introduced this quarter focused on specific topical areas, such as the Fourth Amendment and children’s privacy. The Fourth Amendment is Not for Sale Act (S. 1265), introduced by Senator Ron Wyden (D-OR) and a bipartisan group of 19-co-sponsors, would limit the federal government’s ability to purchase or obtain data, including metadata, from data brokers. The Children and Teens’ Online Privacy Protection Act (S. 1628), introduced by Senator Ed Markey (D-MA), would amend the Children’s Online Privacy Protection Act to prohibit companies from collecting information on children aged 13-15 without their consent. The bill also would ban targeted advertising directed at children, would require the creation of an “erase button” to allow users to delete a child’s personal information, and would establish a Youth Marketing and Privacy Division at the FTC.