California has recently passed several AI-related bills that will impact privacy and data security practices in the coming years. While most provisions won't take effect for a few months, it's crucial to understand their implications. Let's break down the key points of these new laws:
AI Definitions and Personal Information
California has established a legal definition of artificial intelligence across its laws. AI is now defined as "an engineered or machine-based system that varies in its level of autonomy and that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments". Additionally, the California Consumer Privacy Act (CCPA) has been amended to clarify that consumers' personal information may exist in AI systems that output personal information.
Healthcare and AI
Starting January 1, 2025, healthcare facilities using generative AI for patient communications must:
Include a disclaimer indicating that the communication was generated by AI
Provide clear instructions on how patients can contact a human healthcare provider
AI in Entertainment
California is joining Tennessee in regulating "digital replicas" of voices and likenesses. Two key points:
Contracts will be unenforceable if an employer uses a computer-generated "digital replica" of a performer's voice or likeness instead of their in-person performance
Beneficiaries of deceased celebrities can now sue for unauthorized use of AI-created digital replicas
AI and Robocalls
The state's automatic dialing-announcing laws have been amended to require disclosure when prerecorded messages use AI-generated voices.
Transparency Requirements
Starting January 1, 2026, generative AI developers must provide consumers with notices about:
Sources of AI data
How the data is used
Number and types of data points in datasets
Presence of personal or protected information in datasets
Additionally, AI system providers must offer a free tool for the public to determine whether content was generated or modified by AI.
Conclusion
These new laws aim to increase transparency and protect consumers in the rapidly evolving AI landscape. While they may not drastically change fundamental practices, they serve as a reminder for companies to consider privacy and data security when implementing AI tools. As these laws come into effect, businesses operating in California should review their AI practices to ensure compliance.
Comments