whyframeshot - stock.adobe.com
AI tests limits of data privacy regulation
OpenAI CEO Sam Altman spoke about where data privacy guardrails are needed and where there might be room to rework privacy approaches.
WASHINGTON -- As generative AI advances and enables new capabilities and user interactions, a reimagined approach to data privacy regulation may be required.
That's according to businesses and privacy experts at the IAPP Global Privacy Summit 2025 this week.
As the overlap between AI and data privacy grows, it raises new questions about adapting guardrails and enabling innovation. Data privacy laws like the European Union's General Data Protection Regulation and U.S. state laws such as the California Consumer Privacy Act aim to give consumers more control over their data and how companies use it.
During a keynote discussion on April 24, OpenAI CEO Sam Altman said adapting data privacy regulation for new AI capabilities will be necessary in some instances. He used generative AI systems like ChatGPT as an example, noting that users speak to the models about "their most private problems."
"In other contexts, if you talk to a therapist, or a doctor, or a lawyer, we have a concept of privilege," he said. "We don’t have that yet for AI systems. And yet, people are using it in a similar way. That is a place where society will have to come up with a new framework relatively soon."
However, Altman emphasized that "this is a moment where we need new ways to think about privacy given the shifts in the technology landscape."
"This is the time in the last couple of decades that feels like it most needs additional conceptions for what privacy means," he said. "That's going to take a partnership between society, regulators and companies."
Technological change emphasizes innovation
Bojana Bellamy, president of the Centre for Information Policy Leadership, said during a panel discussion about evolving governance over data and privacy that society is at an "inflection point" for how technology is used and integrated.
She said business leaders need to remain agile during this time of technological change.
"That disruption is certainly making big waves globally," she said. "It is making waves for governments who are thinking very carefully about what the governmental, industrial policy in digital and data looks like. It is making waves for lawmakers who are creating rules for this new world or perhaps revising and rethinking the rules we've got today."
Bellamy said the technology wave is also affecting companies, causing data privacy, AI and digital regulation professionals to pause and consider how best to navigate "this massive disruption in a way that doesn't burn our organization but enables us to flourish and ride this wave of innovation."
Panelist Rob Sherman, vice president and deputy chief privacy officer at Meta, agreed that there is a "paradigm shift in the way that we think about data, governance and risk because the role technology is playing in society is changing."
One way to view the technological shift is how AI is beginning to function as a top layer over "everything," Sherman said. He used Meta's AI-enabled Ray-Ban glasses as an example.
During a recent workshop with accessibility experts in India, one of the participating experts was blind and used the glasses to navigate a room. The expert then asked the glasses to describe people in the room. However, due to India's data privacy regulations, the glasses are restricted from processing personal information about other people without their consent.
"Is that the right answer? It is the way we designed the glasses to work, so in that sense they work as intended," he said. However, for a blind person, it means they are unable to access that situation in a way "that is the same as what I can as a sighted person," Sherman said.
Cameron Kerry, visiting fellow at the Brookings Institution and a speaker on a summit panel about federal data privacy law, said setting standards that allow for such applications enabled by AI will be important. He said it's something most data privacy laws have not figured out.
"What has not yet been solved for is how do you do the edge cases and allow for context," he said.
Shift in approach to regulation
Though companies have dealt with a "regulatory tsunami of regulation" in data use, data privacy and AI globally over the last several years, Bellamy said the agenda is shifting as countries focus more on enabling innovation.
"We live in this new world where governments are saying, 'how do I enable data-driven innovation and economic growth through this AI layer,' and 'how do I deliver benefits to my population,'" she said.
Meta's Sherman said it's critical for companies, experts, regulators and policymakers to have ongoing conversations to reach an understanding that "we have a shared goal in promoting positive outcomes and avoiding negative outcomes."
"The best way to achieve both of those is to be dynamic and talk about it and iterate together," Sherman said. "I can't conceive of another way of being successful in this moment."
Makenzie Holland is a senior news writer covering big tech and federal regulation. Prior to joining Informa TechTarget, she was a general assignment reporter for the Wilmington StarNews and a crime and education reporter at the Wabash Plain Dealer.
