A US “Data Bill of Rights”?

On October 8, the White House Office of Science and Technology Policy published an OpEd in Wired magazine calling for a “Bill of Rights for an AI-Powered World” and opening a public consultation. This is significant signalling from the White House, and it could be seen as sign of hope that that the continually stalled attempts for a much needed reform of US Federal privacy laws may see some movement once again. A strong signal from the executive branch and a public consultation like this could potentially help build enough momentum to push against the political obstructionism in the legislature. (I live in hope. There has been a lot of good work done by congress members before in drafting federal privacy legislation, but despite strong bipartisan support for better privacy laws from the public, the bills drafted have not passed.)

It’s early days for this, and the focus – as of yet – is still limited by sectoral thinking. It’s focused primarily on “AI” technologies, particularly what in EU terms we’d call use of biometric data for identification, and automated decision making. But, this is a significant step.

The OpEd authors, Eric Lander and Alondra Nelson, are specifically situating the questions of data use in a human rights framework directly relevant to US political framing. This may not seem as significant to those of us in the EU who are used to considering data use in the human rights framework of data protection instead of a property rights and ownership framework, but it is a big deal for White House officials to frame the conversation this way.

Lander and Nelson echo Warren and Brandeis’s landmark “The Right to Privacy”.

“Throughout our history we have had to reinterpret, reaffirm, and periodically expand these rights. In the 21st century, we need a “bill of rights” to guard against the powerful technologies we have created.”

They frame the need for data rights in terms of harms to people’s rights and freedoms, defining data rights in a way that resonates with an American cultural touchstone. While they raise questions of privacy and transparency, they don’t limit it specifically to these issues. They call for a number of first steps: The development of a “Bill of Rights”, clarifying the rights and freedoms that “expect data-driven technologies to respect”, and suggesting a few ideas that might sound familiar from GDPR. The right to information, rights around automated decision making, and “pervasive and discriminatory surveillance”.

They also call for the development of principles to govern the use of such technologies. (When it comes down to it, the principles already developed . . . in the Fair Information Processing Principles in the US Privacy Act of 1974, Convention 108+, and the Data Protection principles developed in EU data protection law, are a good place to start for those.)

What actually gets done with these principles will be another question. Lander and Nelson recognise this, and suggest a few possibilities:

“Possibilities include the federal government refusing to buy software or technology products that fail to respect these rights, requiring federal contractors to use technologies that adhere to this “bill of rights,” or adopting new laws and regulations to fill gaps. States might choose to adopt similar practices.”

There’s a long way to go, but this is an encouraging move.