• AI RULES
  • Posts
  • Judge Praises AI Legal Strategy

Judge Praises AI Legal Strategy

Buckle Up, My AI Legal Homies! AI's Legal Odyssey Hits Warp Speed 🚀

The gavel’s coming down on tech giants, new rules are being penned across the globe, and guess what? We’re here to navigate the chaos with you. From the courtroom antics involving big tech’s data dilemmas to groundbreaking regulations from Africa to the EU, we’ve got it all. Fasten your seatbelts, it’s time to zoom through the whirlwind of AI’s legal revolution. Are you ready? Let’s goooooo!

On the docket today:

  New here? → Subscribe

Image created using DALL-E 3.

In the Northern District of California, Judge Vince Chhabria acknowledged the plaintiffs' innovative approach in their lawsuit against Google Analytics for unauthorized data collection from healthcare provider websites. The plaintiffs included in their complaint an image showing Google Bard's response to inquiries about the appropriateness of using Google Analytics on websites covered by HIPAA and California's Confidentiality of Medical Information Act. Google Bard provided detailed explanations on why Google Analytics should not be used by healthcare providers, citing privacy concerns. Judge Chhabria found this use of AI-generated responses "very awesome," yet he also noted skepticism towards the viability of other claims in the lawsuit.

Key points:

  • Google Bard's Response: The plaintiffs used Google Bard to generate responses about the use of Google Analytics on healthcare websites, highlighting potential privacy issues.

  • Legal Claims: Allegations include violations under the federal Electronic Communications Privacy Act, California's Unfair Competition Law, the California Comprehensive Computer Data Access and Fraud Act, and the California Invasion of Privacy Act.

  • Consent and Harm: The lawsuit raises questions about user consent and the impact of alleged privacy breaches.

Image created using DALL-E 3.

Domino's Pizza is facing a proposed class action lawsuit filed in the Northern District of Illinois, alleging unauthorized collection of voiceprints through its artificial intelligence telephone ordering system. The suit, which implicates both Domino's and ConverseNow Technologies Inc., raises concerns regarding the Illinois Biometric Information Privacy Act (BIPA) compliance, specifically the collection, use, and storage of biometric data without customer consent.

Key Points:

  • BIPA Compliance: The lawsuit claims Domino's and ConverseNow collected voiceprints without obtaining explicit consent from customers, potentially violating BIPA requirements.

  • Application of AI: The case focuses on the use of AI technology for identifying customers through voice patterns, examining the legal boundaries of technological advancements in customer service.

  • Relief and Damages: Plaintiffs are seeking injunctive relief, statutory damages, and attorney fees, highlighting the legal and financial stakes of the lawsuit.

  • Consumer Notification: Allegations suggest a failure to properly inform customers about the collection and use of their biometric data, as mandated by BIPA.

  • Data Retention Policies: The suit criticizes the defendants' practices regarding the retention and destruction of biometric data, challenging their compliance with statutory time limits.

Image created using DALL-E 3.

The Tech Hive Advisory recently unveiled a report on AI and data regulation across Africa, showcasing the continent's proactive stance in navigating the complex landscape of artificial intelligence governance. This comprehensive analysis spans 55 African nations, revealing a diverse range of regulatory approaches and commitments to data protection and AI oversight.

Highlights from the Report:

  • National AI Strategies: Out of the 55 countries surveyed, five have adopted specific national strategies dedicated to AI development and governance. This indicates a strategic approach to harnessing AI for national development.

  • AI Governance Bodies: Fifteen countries have taken steps to establish AI governance frameworks by forming task forces, expert bodies, agencies, councils, or committees, illustrating a commitment to structured AI oversight.

  • Legislative Efforts on AI: Six nations, including Egypt, Ghana, Kenya, Nigeria, Uganda, and Zimbabwe, are at various stages of enacting AI laws, signaling a move towards comprehensive legal frameworks for AI.

  • Sector-Specific Regulation: A few countries are opting for a sector-specific approach to AI regulation, with Mauritania, Nigeria, Kenya, and Tanzania leading this trend, highlighting the versatility in regulatory strategies.

Data Protection Laws

  • Adoption of Data Protection Laws: A significant majority, with 37 out of the 55 countries, have enacted laws to protect data privacy, underscoring the importance of data protection in the digital age.

  • Enforcement Bodies: 29 countries have gone a step further by establishing or designating bodies to enforce data protection laws, ensuring accountability and compliance.

  • Protection from AI Decision-Making: Remarkably, 33 countries have included provisions in their data protection laws to safeguard individuals from being subject to algorithmic decision-making, showcasing a foresight into the potential risks of AI.

  • Fairness in Data Processing: 30 nations have explicitly defined fairness as a principle of data processing within their laws, emphasizing the ethical considerations in the use of data.

Reflections:

This report highlights the dynamic and varied efforts across Africa to regulate AI and protect data. The inclusion of protections against algorithmic decision-making and the emphasis on fairness in data processing laws set a noteworthy precedent, offering lessons for Western countries in crafting their own regulations.

Image created using DALL-E 3.

European tech journalist, Luca Bertuzzi, has leaked a confidential draft Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law from the Council of Europe. This proposed legal instrument aims to establish common principles and rules governing activities throughout the lifecycle of AI systems in order to preserve human rights, democracy and the rule of law while promoting responsible innovation.

Key points about the draft Convention:

  • It would require parties to take legislative, administrative or other measures to ensure AI activities respect human rights, democracy, and the rule of law, with the measures graduated based on assessed risks.

  • It sets out principles parties must implement appropriately, such as transparency, accountability, non-discrimination, privacy protection, and respect for human dignity.

  • Parties would have to identify, assess and mitigate risks AI systems pose to human rights, democracy and the rule of law, including considering potential bans or moratoria on certain AI uses.

  • The Convention would directly apply to public authorities and private entities acting on their behalf.

  • For other private sector AI activities, parties would need to take measures addressing risks/impacts aligned with the Convention's purposes, potentially including applying its rules to private actors.

  • It provides for remedies for AI human rights violations, procedural safeguards like notification of AI system use, and oversight mechanisms.

  • A Conference of Parties is established to facilitate implementation, with ability to adopt amendments and final provisions on entry into force, reservations, and dispute settlement.

  • The binding treaty would be open for voluntary signature by Council of Europe members, participating non-members and the EU, requiring ratification by 5 such signatories including 3 Council of Europe states to enter into force.

Imaged created using DALL-E 3.

In a significant shift from its previous regulatory stance, the Ministry of Electronics and Information Technology (MeitY) in India has issued a new advisory that encourages generative AI developers to self-regulate. This move comes as a response to evolving technologies and the need for a flexible framework that fosters innovation while addressing potential risks. Under the new guidelines, developers are no longer required to seek government approval before releasing AI models, but they are advised to label any under-tested or potentially unreliable AI-generated outputs for users in India.

Key Points:

  • Emphasis on Self-Regulation: The advisory marks a departure from mandatory government approval, urging developers to adopt self-regulation practices by labeling the outputs of under-tested or unreliable AI models.

  • Labeling and Consent: It is recommended that AI-generated content that could be misused, such as in creating deepfakes, should be clearly labeled to indicate its potential fallibility. A "consent popup" or similar mechanism should inform users about the unreliability of the content they are interacting with.

  • Balancing Innovation and Risk: The advisory aims to strike a balance between encouraging technological innovation and mitigating the risks associated with the deployment of AI technologies. This approach reflects a more flexible regulatory environment conducive to growth and experimentation.

  • Impact on AI Development and Adoption: The removal of the requirement for government approval is expected to expedite the integration and market introduction of AI models and services by major companies. This could enhance the intelligence of services and applications, promoting wider adoption of AI technologies.

  • Ongoing Regulatory Evolution: Acknowledging the nascent stage of the AI ecosystem in India, the advisory suggests that regulations will continue to evolve. The government aims to adjust its approach as the technology and its applications develop further.

  • Guidelines for Deepfakes and Misinformation: The advisory also addresses the concern of deepfakes and misinformation by suggesting that such content be labeled or embedded with unique metadata to identify the source of creation or modification.

  • Compliance with Existing Laws: Developers are reminded that non-compliance with the IT Act 2000 and IT Rules could lead to legal consequences, underscoring the continued importance of adherence to existing legislative frameworks.

@lawyerswhowine

That’s all for today!

Catch ya’ll on LinkedIn