Biden Administration Plans New Privacy Policies for AI and Data Brokers

January 3, 2025

The Biden administration is taking significant steps to address privacy concerns related to the use of artificial intelligence (AI) and data brokers by federal agencies. Driven by the increasing risks posed by AI technologies when applied to vast amounts of data obtained from commercial data brokers, the administration aims to enhance transparency and safeguard personal information. This initiative represents a proactive stance on addressing the complex privacy implications of AI and its integration with data-driven systems across government operations, ultimately seeking to reinforce the protection of citizens’ information amidst rapidly advancing technological landscapes.

Addressing Privacy Concerns in Federal Data Procurement

The administration plans to publish a request for information (RFI) to gather feedback on potential privacy risks associated with the government’s use of commercially available information. Richard Revesz, head of the Office of Information and Regulatory Affairs at the Office of Management and Budget (OMB), emphasized the lack of transparency in current practices, which raises significant privacy concerns. The focus is particularly on the privacy risks amplified by AI technologies. AI’s capability to infer sensitive information about individuals from data broker repositories, including political affiliations or sexual orientation, further underscores the need for updated guidance in this realm.

Calli Schroeder, senior counsel and global privacy counsel at the Electronic Privacy Information Center, highlighted the extensive use of data broker information laden with personally identifiable information (PII), necessitating protective measures in governmental use of such data. As concerns escalate, more comprehensive measures are required to safeguard citizens from potential misuse or accidental disclosure of their private information. Given the extensive usage of these data sets, mitigating risks by establishing robust privacy protocols is posited to be essential in government practices moving forward. This forward-thinking approach aligns with the administration’s dedication to bolstering privacy in an increasingly data-centric regulatory landscape.

The Role of AI in Government IT Systems

The RFI also addresses the issue of information regarding individuals’ devices and locations, a topic that gained considerable attention when the Trump administration was reported to have used cellphone location data for immigration and border enforcement. Despite existing legal and policy frameworks that guide the governmental use of PII, Richard Revesz notes that privacy concerns related to commercial AI containing PII might suggest the need for further steps to apply privacy law and policy frameworks to mitigate risks accentuated by advanced technology. The need for regulatory enhancements reflects the administration’s commitment to addressing emerging challenges posed by AI technologies combined with sensitive data.

As part of his AI-focused executive order on privacy risks linked to data brokers, President Joe Biden directed the OMB to assess which commercial AI (CAI) data federal agencies purchase and how they use it. Among the questions the OMB seeks feedback on are potential changes to existing guidance, policies, or procedures that agencies should adhere to, how agencies share information about their use of such data with the public, and whether data quality provisions should be included in agreements with third-party data suppliers. These measures are intended to ensure a higher standard of data protection and to establish transparent practices regarding the handling and usage of AI-derived information by government entities.

Exclusions and National Security Considerations

The document clarifies that national security use cases involving CAI are outside the scope of this RFI, focusing instead on more civilian-centric applications of AI and data. The practice of collecting personal data has long been contentious, particularly within the intelligence community and agencies with cybersecurity or law enforcement mandates overlapping national security domains. A government report released the previous year indicated that the intelligence community often acquires extensive amounts of Americans’ data with minimal oversight, posing substantial privacy threats. Some acquisitions include social media data, further complicating the privacy landscape and heightening the need for more stringent regulatory controls.

Personal data collected from digital platforms like social media is frequently packaged by data brokers and sold, including to U.S. intelligence agencies. This practice has raised alarms among lawmakers and privacy advocates, contending it circumvents the Fourth Amendment, which prohibits unreasonable searches and seizures. Privacy-centric lawmakers have proposed sweeping reforms to limit such activities, including requiring warrants for any searches involving collected communications data that include discussions with U.S. persons. Although such amendments received support, they were ultimately unsuccessful when reauthorizing foreign spying powers under Section 702 of the Foreign Intelligence Surveillance Act. This Act allows agencies such as the FBI and NSA to warrantlessly target foreigners overseas, accessing communications data that might include exchanges with their American correspondents, thus sparking controversy for lacking reciprocal privacy protections for Americans.

Ethical Frameworks and Civilian Agency Practices

In May, the Office of the Director of National Intelligence unveiled a framework to guide spy agencies on ethical practices for using commercially procured data. The framework emphasizes implementing protective procedures for easily identifiable American data. Civilian federal agencies also frequently utilize data from external sources. For example, credit bureaus are often relied upon to verify identities online, despite the government already possessing significant authoritative information like social security numbers. This reliance on external, often less comprehensive data sources indicates a significant gap in the government’s current data utilization strategies, further supporting the administration’s focus on reform.

Anti-fraud and oversight experts lament the statutory challenges that hinder seamless data sharing among federal agencies, pointing towards a reliance on less comprehensive commercial data. A recent government report suggested that federal agencies might benefit from leveraging their internal information to reduce dependence on external incomplete commercial datasets. This recommendation underscores a progressive trend toward self-sufficiency within governmental operations concerning data utilization. By focusing on internal data resources, agencies can potentially enhance the accuracy and reliability of their data analytics efforts, ultimately leading to more robust privacy practices and reduced vulnerabilities in their operational frameworks.

Moving Toward Transparency and Privacy Safeguards

The Biden administration is making significant efforts to tackle privacy concerns related to the use of artificial intelligence (AI) and data brokers by federal agencies. Recognizing the escalating risks posed by AI technologies when used with large datasets acquired from commercial data brokers, the administration aims to improve transparency and protect personal information. This initiative highlights a proactive approach to addressing the intricate privacy issues associated with AI and its integration into data-driven systems within government operations. By doing so, the administration seeks to strengthen the protection of citizens’ information in the face of rapidly advancing technological landscapes. This move demonstrates a commitment to ensuring that the deployment of AI in government activities does not compromise individuals’ privacy rights. Amid the accelerating pace of technological innovation, the administration’s actions seek to balance the benefits of AI with the essential need to safeguard personal data and uphold the trust of the American public.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later