✳ Is data minimization compatible with AI? More APRA analysis. ✳ A couple of weeks ago, I was asked to debate this question at the grand launch of the FPF Center for Artificial Intelligence https://lnkd.in/eRbkYKj9. (Full program here:
https://lnkd.in/e3c8Z6V6). I was charged with arguing the proposition that “data minimization is *not* compatible with AI.” Samir Jain from CDT argued that it was. Samir beat me handily (the audience voted at the beginning and end of the debate). But I share my arguments here given their relevancy to the APRA.
***
APRA has a strong data minimization mandate, which I think is wrongly structured and far too strict to allow economic progress and innovation. In short, I think a privacy law should allow legitimate business activity and provide guardrails around the edges; whereas APRA prohibits all business activity except for a list of permitted exceptions.
***
In the debate, I made 3 arguments: factual, policy and legal.
***
✅ Factual argument: Not only is data minimization incompatible with the development of AI, it’s anathema to the development of *intelligence*. The very essence of AI, indeed of intelligence, is the ability to discover new patterns, correlations and trends in data. Limiting data (think, the Catholic church’s geocentric model) = limiting intelligence (Gallileo looking out to the stars).
***
✅ Policy argument: A strong data minimization mandate assumes privacy is more important than any other societal value, including innovation, safety, national security, medical research, efficiency, anything really! Maybe it is and maybe it isn’t. But I don’t think we’ve publicly debated and come around to the conclusion that privacy is more important than everything else.
***
✅ Legal argument: APRA states companies may not collect/process PII beyond what is necessary, proportionate and limited to provide a specific product or service requested by an individual. That’s incredibly harsh. Even GDPR, which is considered strict, has the important safety valves of “consent” and “legitimate interests”. APRA doesn’t. Instead, it provides a list of exemptions, enumerated permitted uses. But what about the *un*enumerated uses? That’s where progress and innovation takes place. Years before they “arrived”, would we have enumerated mobile phones, social media, gig economy, crypto, AI itself?
Indeed, APRA’s data minimization language flips the law on its head: instead of providing that everything is allowed except what’s forbidden, it says everything is forbidden unless allowed. That’s not the structure of U.S. law.
Partner, Goodwin
1wAnd noting that this is at a retreat of an organization whose leader is world renowned for his fine hair.