Learn more about what the recent FTC rulings mean for the nuances of responsibilities when it comes to AI, the importance of customer data protection, and the role of consent in deploying AI
Lauren Diethelm
AI Content Marketing Specialist
February 21, 2024
In the ever-evolving landscape of AI regulation, recent rulings from the Federal Trade Commision (FTC) have shed light on crucial aspects that impact providers, deployers, and users of AI systems. As AI technology advances and more regulations continue to pass, it’ll become increasingly important to understand the impact of these rulings.
Here, we’ll dive into six key takeaways from the recent FTC rulings and what they mean for your own AI governance program.
There’s a lot of emphasis placed on providers and developers of AI systems (conducting conformity assessments, etc.), but recent rulings from the FTC serve as a reminder that deployers need to be paying just as much attention.
Things like considering and assessing risk, testing and documenting systems, vetting third party vendors, and regularly monitoring systems for change in accuracy are all things that deployers of AI systems need to be aware of.
Deployers of AI systems also have an additional responsibility: to ensure their employees are adequately trained on the AI policies put in place. Giving users the opportunity to opt out of their data being used in an AI system, for instance, is a requirement for the use of many different AI systems – but is rendered almost useless if the employees responsible for implementing the removal of that data aren’t aware of where, when, or how to do it.
Regardless of the type of AI you’re planning on governing in your organization, it’s important to remember and have a plan documented for your role and the responsibilities associated with it.
Recent rulings from the FTC have carried different levels of consequences. The orders have varied from addressing the moral obligations to protect consumers from the harms caused by bias all the way through to creating concrete policies, informing employees of those policies, and ensuring ongoing enforcement.
The variance in these considerations means that AI governance is nuanced – there’s no one response to a breach of trust when it comes to AI, and governance committees need to be prepared to think through every angle and potential consequence before deploying a system.
Recent rulings and a warning to AI companies more broadly all stress the importance of protecting customer data – including making disclosures where appropriate, not selling or sharing private data, and getting consent for its use, among other things.
These decisions also serve as a reminder that AI systems devour data. And though regulations for AI are still developing, AI systems and companies, including model-as-service companies, aren’t exempt from the existing laws that protect privacy and the use of data more broadly. This may seem obvious to most privacy professionals, but these recent rulings show that diligence is always required.
These recent orders from the FTC also remind companies considering the use of AI-assisted biometric technology that they need to think through:
These considerations extend past biometric tech, which in many use-cases is considered prohibited use by the EU AI Act anyway. Regardless of the type of AI system being used or the risk level associated, all AI systems are using data provided by or connected to real people.
Companies using AI need to ensure that they give users on both ends clear transparency into what data is collected, how it’s used, and, perhaps most importantly, clear and understandable steps for how users can opt out.
The most recent guidance from the FTC reminds all companies, and AI companies in particular, that informing consumers of changes to their data policies through surreptitious or retroactive amendments may be unfair or deceptive.
This means that simply checking the box of alerting consumers of changes to your policies isn’t enough – the method of that alert matters perhaps just as much. To be a meaningful effort in transparency, the consent you gather from your consumers can’t be artificial consent; it must be communicated clearly and understandably to those users.
The FTC’s actions in all these cases also throw into relief the patchwork system that’s in place for AI regulation now – but that doesn’t mean companies can’t be held accountable.
Consent and transparency are essential in deploying AI systems, and in the absence of a comprehensive federal law for AI, the FTC is prepared to weigh in, monitor, and enforce compliance with existing privacy laws to ensure both those requirements are met.
All these rulings underscore the intricate and evolving nature of AI governance. As organizations continue to embrace AI, they must recognize the shared responsibility between providers and deployers, prioritize the protection of customer data, and meticulously consider the consequences of their AI actions.
This guide will help you ensure you’re thinking through every angle of using AI systems as you’re setting up your AI governance program. To learn how OneTrust can help you begin your work with AI governance, request a demo and speak with an expert today.
Webinar
This webinar will explore the key privacy pitfalls organizations face when implementing GenAI, focusing on purpose limitation, data proportionality, and business continuity. Attendees will gain insights into how to navigate these challenges through strong data governance, version control, and detailed model documentation to ensure compliance and mitigate risks.
Webinar
This webinar will explore the how AI is affecting the data landscape, focusing on how data teams can extend common data practices to support AI’s unique use of data.
eBook
Download our guide to building an AI project intake workflow that balances risk and efficiency, complete with a checklist for thorough, informed assessments.
Checklist
Download our AI Project Intake Checklist to guide thorough assessments and ensure secure, compliant, and effective AI project planning from start to finish.
Webinar
This webinar will uncover the top 5 data sharing challenges organizations face and demonstrate how advanced data governance solutions can streamline processes, improve data quality, and enhance compliance, allowing organizations to discover the full potential of their data assets.
White Paper
Download this white paper to learn how to adapt your data governance program, by defining AI-specific policies, monitoring data usage, and centralizing enforcement.
Report
Getting Ready for the EU AI Act, Phase 1: Discover & Catalog, The Gartner® Report
Webinar
This webinar unpacks California’s approach to AI and emerging legislations, including legislation on defining AI, AI transparency disclosures, the use of deepfakes, generative AI, and AI models.
eBook
Download this coauthored eBook by OneTrust and Protiviti to learn how organizations are building scalable AI governance models and managing AI risks.
Report
Download this 2024 Forrester Consulting Total Economic Impact™ study to see how OneTrust has helped organizations navigate data management complexities, generate significant ROI, and enable the responsible use of data and AI.
Webinar
Join us for a webinar on the latest updates and emerging trends in global privacy regulations.
eBook
Download this eBook to explore strategies for trustworthy AI procurement and learn how to evaluate vendors, manage risks, and ensure transparency in AI adoption.
eBook
Learn why discovering, classifying, and using data responsibly is the only way to ensure your AI is governed properly.
Webinar
Join our webinar to gain practical, real-world guidance from industry experts on implementing effective AI governance.
Webinar
Join our webinar and learn about the EU AI Act's enforcement requirements and practical strategies for achieving compliance and operational readiness.
Video
Learn how OneTrust AI Governance acts as a unified program center for AI initiatives so you can build and scale your AI governance program
Webinar
Whether your AI is sourced from vendors and third parties or developed in-house, AI Governance supports informed decision-making and helps build trust in the responsible use of AI. Join the live demo webinar to watch OneTrust AI Governance in action.
Webinar
Discover the EU AI Act's impact on your business with our video series on its scope, roles, and assessments for responsible AI governance and innovation.
Webinar
As innovation teams race to integrate AI into their products and services, new challenges arise for development teams leveraging third-party models. Join the webinar to gain insights on how to navigate AI vendors while mitigating third-party risks.
Resource Kit
Download this resource kit to help you understand, navigate, and ensure compliance with the EU AI Act.
Webinar
In this webinar, we'll navigate the intricate landscape of AI Governance, offering guidance for organizations whether they're developing proprietary AI systems or procuring third-party solutions.
eBook
Discover the ISO 42001 framework for ethical AI use, risk management, transparency, and continuous improvement. Download our guide for practical implementation steps.
Webinar
Join OneTrust experts to learn about how to enforce responsible use policies and practice “shift-left” AI governance to reduce time-to-market.
Webinar
Join out webinar to hear about the challenges and solutions in AI governance as discussed at the IAPP conference, featuring insights and learnings from our industry thought leadership panel.
Webinar
Colorado has passed landmark legislation regulating the use of Artificial Intelligence (AI) Systems. In this webinar, our panel of experts will review best practices and practical recommendations for compliance with the new law.
Webinar
In this webinar, we’ll break down the AI development lifecycle and the key considerations for teams innovating with AI and ML technologies.
Report
Download the full OCEG research report for a snapshot of what organizations are doing to govern their AI efforts, assess and manage risks, and ensure compliance with external and internal requirements.
Report
In this 5-part regulatory article series, OneTrust sponsored the IAPP to uncover the legal frameworks, policies, and historical context pertinent to AI governance across five jurisdictions: Singapore, Canada, the U.K., the U.S., and the EU.
Webinar
In this webinar, we’ll look at the AI development lifecycle and key considerations for governing each phase.
Webinar
This webinar will provide insights for navigating the pivotal intersection of the newly announced OMB Policy and the broader regulatory landscape shaping AI governance in the United States. Join us as we unpack the implications of this landmark policy on federal agencies and its ripple effects across the AI ecosystem.
Webinar
In this webinar, we’ll discuss the evolution of privacy and data protection for AI technologies.
Resource Kit
What actually goes into setting up an AI governance program? Download this resource kit to learn how OneTrust is approaching our own AI governance, and our experience may help shape yours.
Interactive Tool
This self-assessment will help you to gauge the maturity of your privacy program and understand the areas the areas of improvement that can further mature your privacy operations.
Webinar
Learn the challenges AI technology poses for the (re)insurance industry and gain insights on balancing regulatory compliance with innovation.
Webinar
Watch this session for insights and strategies on buiding a strong data protection program that empowers innovation and strengthens consumer trust.
Webinar
Get the latest insights from global leaders in cybersecurity managment in this webinar from our Data Protection in Financial Services Week 2024 series.
Webinar
Join the first session for our Data Protection in Financial Services Week 2024 series where we discuss the current state of AI regulations in the EU.
White Paper
Download this white paper to explore key drivers of AI and the challenges organizations face in navigating them, ultimately providing practical steps and strategies for setting up your AI governance program.
Webinar
Join OneTrust and PA Consulting as they discuss key global trends and their impact on the UK, reflecting on the topics from IAPP DPI London.
Webinar
In this webinar, we’ll discuss key updates and drivers for AI policy in the US; examining actions being taken by the White House, FTC, NIST, and the individual states.
In-Person Event
Learn how privacy, GRC, and data professionals can assess AI risk, ensure transparency, and enhance explainability in the deployment of AI and ML technologies.
AI Governance
See the latest OneTrust platform features that improve on customers' ability to build trust, ensure compliance, and manage risk.
Webinar
In this webinar, OneTrust DataGuidance and experts will examine global developments related to AI, highlighting key regulatory trends and themes that can be expected in 2024.
eBook
Data privacy is a journey that has evolved from a regulatory compliance initiative to a customer trust imperative. This eBook provides an in-depth look at the Data Privacy Maturity Model and how the business value of a data privacy program can realised as it matures.
Webinar
In this webinar, we’ll break down the four levels of AI risk under the AI Act, discuss legal requirements for deployers and providers of AI systems, and so much more.
Webinar
Join Sidley and OneTrust DataGuidance for a reactionary webinar to unpack the recently published, near-final text of the EU AI Act.
Data Sheet
Data privacy is evolving from a regulatory compliance initiative to a customer trust imperative. This data sheet outlines the four stages of the Data Privacy Maturity Model to help you navigate this shift.
Checklist
Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.
Webinar
In this webinar we’ll look at the AI Governance landscape, key trends and challenges, and preview topics we’ll dive into throughout this masterclass.
Webinar
OneTrust sponsored the first annual Generative AI survey, published by ISMG, and this webinar breaks down the key findings of the survey’s results.
Report
OneTrust sponsored the first annual ISMG generative AI survey: Business rewards vs. security risks.
Webinar
In this webinar, we’ll talk about setting up an AI registry, assessing AI systems and their components for risk, and unpack strategies to avoid the pitfalls of repurposing records of processing to manage AI systems and address their unique risks.
Webinar
Join Sidley and OneTrust DataGuidance for a reactionary webinar on the EU AI Act.
Webinar
Join this on-demand session to learn how you can leverage first-party data strategies to achieve both privacy and personalization in your marketing efforts.
Webinar
Join OneTrust and KPMG webinar to learn more about the top trends from this year’s IAPP Europe DPC.
eBook
Conformity Assessments are a key and overarching accountability tool introduced by the EU AI Act. Download the guide to learn more about the Act, Conformity Assessments, and how to perform one.
eBook
With the use of AI proliferating at an exponential rate, the EU rolled out a comprehensive, industry-agnostic regulation that looks to minimize AI’s risk while maximizing its potential.
Webinar
Join this webinar demonstrating how OneTrust AI Governance can equip your organization to manage AI systems and mitigate risk to demonstrate trust.
White Paper
What are your obligations as a business when it comes to AI? Are you using it responsibly? Learn more about how to go about establishing an AI governance team.
Infographic
AI Governance is a huge initiative to get started with for your organization. From data mapping your AI inventory to revising assessments of AI systems, put your team in a position to ensure responsible AI use across all departments.
White Paper
Download this white paper to learn how your organization can develop an AI governance team to carry out responsible AI use in all use cases.
eBook
We answer your questions about AI and chatbot privacy concerns and how it is changing the global regulatory landscape.
Webinar
Prepare your business for EU AI Act and its impact on the UK with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.
Webinar
Prepare for AI data privacy and security risks with our expert webinar. We will delve into the evolving technology and how to ensure ethical use and regulatory compliance.
Webinar
Join Sidley and OneTrust DataGuidence as we discuss the proposed EU AI Act, the systems and organizations that it covers, and how to stay ahead of upcoming AI regulations.
White Paper
With AI systems impacting our lives more than ever before, it's crucial that businesses understand their legal obligations and responsible AI practices.
Webinar
Join OneTrust and their panel of experts as they explore Artificial Intelligence regulation within the UK, sharing invaluable insights into where we are and what’s to come.
Regulation Book
Download this reference book and have foundational AI governance documents at your fingertips as you position your organization to meet emerging AI regulations and guidelines.
Webinar
Navigate global AI regulations and identify strategic steps to operationalize compliance with the AI governance masterclass series.
Webinar
OneTrust DataGuidance and Sidley are joined by industry experts for the annual Data Protection in Financial Services Week.