Child, Health and Location Data Top AI Enforcement 'Hit List', Says Lawyer

“Large companies are always going to be targeted more than smaller companies,” said Li, “but there are definitely certain types of data and processing that are that regulators are playing paying close attention to.”

Children’s data is a big one, the AI and privacy attorney said. “If you have a lot of minors on your system, or you collect a lot of minors’ data, you're definitely going to be high up on the target list.” Health care and precise geolocation data are also on the “hit list” for regulators, she said.

AI developers should pay attention to child online safety laws in California and elsewhere, said Li. “In the past, a lot of AI developers and AI systems were able to skirt requirements regarding kids online safety laws or kids age assurance laws by saying, ‘Hey, we don't target children [or] direct activity to children, and so we fall outside of the scope of some of these kids online safety or kids privacy requirements.’"

“This is definitely going to change, and we're seeing laws that are ensuring that this will change in the future,” she said.

One example is a new California law (AB-1043) that will set up a system whereby app stores must obtain age data from users and pass it on to developers, said Li. “If you never intended your application to be used by children, and now you'll be receiving this age bracket data in a year, what are you going to do with those users?” One option is “to kick them off your platform.” Another is “to obtain parental consent” and “go through … some of the steps for the first time regarding kids online safety or children's privacy.”

Federal preemption of state AI or privacy laws is “very unlikely,” Li said. “As we probably saw from the latest negotiations on passing a budget, Congress is pretty deadlocked on passing policy. And even though we've been pushing for a federal privacy law for years now … that hasn't happened either.”