With the use of artificial intelligence ("AI") becoming more pervasive every day, it should not surprise our readers that regulators are increasingly focused on the use of AI and its associated consumer data privacy implications. For example, recently announced regulations expanding on the requirements of the New Jersey Data Privacy Act (the "NJDPA") attempt to address AI privacy concerns. Below, we briefly discuss the NJDPA, the proposed regulations concerning AI privacy, and their effects on businesses.
AI Privacy Regulations
With its use becoming commonplace, AI implicates privacy concerns that have been the focus of federal and state lawmakers and regulators. One such example of this AI privacy scrutiny is illustrated by recently proposed NJDPA regulations. Like states that have enacted their own data privacy laws, such as California, Virginia, and Florida, the NJDPA imposes data privacy obligations on companies that meet certain threshold requirements. The NJDPA applies to entities that do business in New Jersey or produce products or services targeted to New Jersey residents and during a calendar year, either: (a) "control or process the personal data of at least 100,000 consumers, excluding personal data processed solely for the purpose of completing a payment transaction; or (b) control or process the personal data of at least 25,000 consumers and the controller derives revenue, or receives a discount on the price of any goods or services, from the sale of personal data."
While companies may use collected data for internal research purposes, the NJDPA's proposed regulations explicitly state that using data to train AI shall not be considered internal research unless the consumer affirmatively consents to such use. Consent must be obtained through a disclosure that, among other things, is "understandable and accessible to consumers" and is "accurate, and not written or presented in a way that is unfair, deceptive, or misleading." The disclosure(s) must also provide a level of detail that gives consumers a meaningful understanding of how each category of personal data is used, and if the data is used for more than one purpose, the disclosure must specify each purpose containing enough detail to allow consumers to understand each said purpose.
What Do The NJDPA's AI Privacy Regulations Mean For You?
The FCC already has declared that an AI-generated call is an artificial or prerecorded voice call for purposes of the Telephone Consumer Protection Act ("TCPA"). Telemarketers subject to the NJDPA, and who utilize AI, must tread carefully to ensure that their use of consumer data does not extend to using said data to train AI, as doing so requires obtaining consumer consent beforehand through highly detailed disclosures.
Companies that use AI and/or those that incorporate AI-generated calls and/or texts into their marketing operations should consult with legal counsel to ensure that their practices comport with the latest federal and state rulemakings.
Similar Blog Posts:
Is TCPA Consent Rule Really Dead?! Maybe Not, Say 28 States
FCC Proposal Regarding Use of AI in Telemarketing
26 Attorneys General Ask for AI Telemarketing Restrictions
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.