Podcast - Tips For Maintaining FTC Compliance When Using AI

In this episode of "Clearly Conspicuous," consumer protection attorney Anthony DiResta shares best practices for compliance with Federal Trade Commission (FTC) rules and regulations when using artificial intelligence (AI). Mr. DiResta's discussion outlines eight essential pillars for effective compliance management: governance, substantiated marketing, transparency, data integrity, security, staff training, continuous monitoring and special precautions for high-risk AI uses. He emphasizes the importance of truth in advertising, informed consent, ethical data handling and ongoing vigilance in adapting to regulatory changes when companies advertise or promote their AI services or products.

Podcast Transcript

Good day and welcome to another podcast of Clearly Conspicuous. As we've stated in previous sessions, our goal in these podcasts is to make you succeed in this current regulatory and governmental environment, make you aware of what's going on with the federal and state consumer protection agencies and give you practical tips for success. It's a privilege to be with you today.

Compliance Best Practices When Using AI

I want to lay out an FTC compliance best practices template for AI. So folks, I believe there are eight critical pillars involved for compliance management.

1. There's governance and accountability. You have to assign responsibility. That is, designate an AI compliance officer or team and also ensure C-suite and board oversight for AI governance. Then there's document decision-making, maintain records of how AI tools are selected, developed and deployed, and then keep detailed logs of compliance reviews and risk assessments.
2. There has to be truthful and substantiated marketing. Be sure to substantiate all AI-related claims. Therefore, avoid vague or exaggerated statements like "powered by AI," unless technically accurate and meaningful. And back performance claims with verifiable evidence — that is testing, benchmarks and studies. Avoid AI washing. Do not label conventional automation or rule-based systems as AI to gain a competitive advantage. Also disclose limitations. Clearly explain what the AI system can and cannot do and include disclaimers about accuracy, limitations or human oversight, if applicable.
3. There's got to be consumer transparency and informed consent. First, disclose the use of AI. Inform users when they're interacting with or being evaluated by an AI system or technology. Avoid simulating human interaction in a deceptive way. For example, a chatbot pretending to be human. Next, it's helpful to obtain meaningful consent. Clearly inform users of what data will be collected and how AI will use it. Don't bury disclosures in dense terms and conditions and explain decision-making. For consequential decisions — for example, hiring, credit or pricing — provide a meaningful explanation of how the decision was made.
4. Data integrity and fairness. Ensure data accuracy. Train AI models on high-quality representative data. Regularly review for errors, bias or outdated information. Mitigate bias and discrimination — that is conduct fairness audits, particularly in sensitive applications, especially finance, employment and health, use debiasing techniques and diverse training data where possible, and implement feedback loops. Allow users to dispute or appeal AI decisions, and monitor outputs continuously for adverse or unfair impacts.
5. Secure sensitive information. Implement strong safeguards around personal and biometric data, and align with data security standards. Then minimize data collection, follow data minimalization principles, collect only what is necessary for the function and, finally, set retention limits. Define and enforce time limits for storing training and operational data.
6. Internal training and policies. Train staff on AI compliance — that is provide legal, marketing and technical teams with up-to-date training on FTC expectations. Then establish ethical guidelines. Develop internal policies that reflect both legal obligations and ethical principles for AI use. Then monitor vendor and third-party tools. Ensure that vendors and third-party AI tools comply with FTC standards and are properly vetted.
7. Continuous monitoring and readiness. Monitor regulatory developments. Stay abreast of FTC guidance, enforcement actions, and policy statements. Track emerging standards — that is, like NIST AI Risk Management Framework or ISO AI Guidelines. Conduct periodic compliance audits. Perform routine internal audits of AI systems and marketing practices. Prepare documentation for potential FTC inquiries or investigations. And finally, develop a crisis response plan. Have a playbook in place for responding to consumer complaints regulatory inquiries or media scrutiny.
8. Special considerations for high-risk use. Biometrics and surveillance is very risky. Comply with the FTC's biometric information policy and avoid using facial recognition or voice analysis without express informed consent. Then there's children and teen users. Comply with COPA and exercise heightened care when AI interacts with or collects data from minors. Then there is generative AI and deepfakes. Label AI-generated content appropriately and avoid deceptive simulation of humans — deepfake videos used in advertising, for example.

Concluding Thoughts

So folks, here's the key takeaway. AI technology and claims about its efficacy, its use and its benefits are being looked at closely by the FTC. Compliance management techniques are required when companies advertise or promote their AI services or products. So ladies and gentlemen, please stay tuned for further programs as we identify and address the key issues and developments and provide strategies for success. I wish you continued success and a meaningful day.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.