Articles Posted in Artificial Intelligence

In a judgment issued last week, the European Court of Justice invalidated the EU-U.S. Privacy Shield Program by which businesses in the United States could self-certify their compliance with a framework of principles for data protection. This judgment is the top privacy story for multinational companies this year. What does this mean for artificial intelligence companies? For AI companies using personal data to train machine learning systems, the answer is that it just got harder to import personal data from the European Union (EU) and broader European Economic Area (EEA) to the United States.

The background is that some U.S. businesses in the artificial intelligence field are importing personal data from European countries to train machine learning systems with a myriad of applications. Companies with a physical presence in the EEA, companies directing marketing efforts to EEA member states, and companies monitoring the behavior of individuals present in EEA member states are subject to the European Union’s General Data Protection Regulation. For more details, see my earlier blog post. In addition, other U.S. businesses may provide services to another U.S. business that has already imported personal data from EEA countries. Such U.S. businesses must then agree by contract to protect personal data from those countries with the same level of protection they would receive under GDPR in the EEA. Therefore, some AI companies are required, directly or indirectly, to meet GDPR standards.

GDPR allows for the free flow of personal data from EEA countries to countries that the European Commission has found to have an adequate level of data protection. So if the laws in those countries are stringent enough, then there is no barrier to exporting personal data to those countries from the EEA. And by “export,” I mean that a company in an EEA member state could, for instance, send the personal data to a vendor in one of those countries. As one example, a cloud storage provider in Canada could receive personal data from EEA companies without any GDPR-imposed restrictions. The laws in Canada are stringent enough to protect personal data. Other countries with such adequacy decisions include Argentina, Israel, Japan, Switzerland, and New Zealand.

Growing up, I used to think New York City was the capital of the world. I started life in Columbus, Ohio, and spent most of my early years in a Cleveland, Ohio suburb called Chagrin Falls. Of course, I knew that Washington, D.C. was the political capital of the nation and that the world itself didn’t have an official capital. Nonetheless, Cleveland revolved in New York’s orbit.

While Chicago was closer, my Ohio peers and I at least subconsciously thought of New York as the place to go to seek your fortune. When young people in my area of Ohio wanted to make it to the big time, they would plan a move to New York. New York was the source of much of our media, arts, theater, jazz, literature, fashion, great sports history, and so much more. And yes, we were jealous of all those Yankee World Series wins. Simply put, New York was the place to be if you wanted to live where the momentous current events were happening.

Nonetheless, my world view started to change. I taught myself how to program computers in high school and took some computer science classes in college. I heard about Steve Jobs and Steve Wozniak in Silicon Valley. The personal computer revolution was just beginning. I knew that upstart Silicon Valley companies were doing cool things and changing the world. What attracted me was the meritocratic ethos of Silicon Valley. I did not grow up as one of the old money families on the eastern seaboard, or even my hometown of Chagrin Falls. Lack of key family ties and history matters less in Silicon Valley and California generally. The perception was that everyone had an equal shot in Silicon Valley (although of course, we know that reality does not always match the Silicon Valley mythos, and structural barriers remain for many people even in the Valley).