There's rarely a quiet week in data protection — and this one was no exception. Below are two developments from the past seven days that caught my eye.
Story #1: The European Commission consults on AI for financial services
This week the European Commission launched a "targeted consultation" on the development and use of AI in the financial services sector.
The Commission says that responses from industry will support its "assessment of market developments and risks related to AI and in the implementation of the AI Act in the financial sector". So if you want to inform the development of AI policy in the European Union, now is the opportunity to do so. The Consultation closes on 13 September 2024.
In practice, not all firms will want to provide the Commission with an insight into their use of (or thinking about) artificial intelligence. Indeed, we are seeing many financial services clients moving cautiously on AI — and rightly so. For now, there is benefit to being in the peloton.
But even if that's the case for your organisation, the Consultation document is still useful reading. Indeed, completing the questionnaire solely for the purpose of internal level-setting and accountability will be a useful exercise, whether it (1) plays a supporting role in an already developing governance framework, or (2) is one of the first steps you take in documenting your firm's thinking about AI.
The Consultation begins with a series of general framing questions. Are you using or planning to use AI (including general purposes AI)? How are you doing that? What are its challenges, risks and benefits? Have you developed an AI governance structure?
For firms that are still grappling with the uses cases for AI in financial services, the list on page 5 of the document provides a useful starting point. The examples of challenges and risks of AI on the following page are similarly helpful. Clearly, these lists are non-exhaustive — but they do hit on many of the themes we hear about from, and discuss with, clients.
The Consultation then considers specific use cases in the banking and payments, market infrastructure, securities, insurance and pensions, and asset management sectors. If you work in financial services, there is almost certainly something in here for you.
One aspect of the industry that the Consultation does not address when discussing asset management is investing in businesses that use AI. Many of the themes and issues described in the document apply to acquisition targets, and assessing those companies' use and reuse of data and machine learning technologies has become an increasing focus of the diligence process.
Ropes & Gray hosts a series of peer-to-peer roundtables, using Chatham House Rules, for individuals with responsibility for or involvement in AI at their organisation. If you are interested in joining one of our upcoming asset management/private equity-focused sessions, please do drop me a line.
Story #2: What do the UK general election manifestos say on data, AI and technology?
Last week the Conservative, Labour and Liberal Democrat parties published their manifestos ahead of the UK's General Election, on 4 July 2024. What are each party's policies in the areas of (1) data protection, (2) artificial intelligence, (3) cybersecurity, (4) digital regulation, and (5) facial recognition?
Click here for a graph prepared by Ropes & Gray comparing the parties' respective policies.
Most notably, given that debates around governing AI have featured heavily in the news cycle this year, the Labour Party appears not to favour strict regulation, other than in relation to a handful of large technology firms (i.e., those developing the most powerful AI models).
This stance puts Labour in the middle ground between the UK's current light-touch regulatory framework and the prescriptive, broad-brush rules contained in the European Union's AI Act. However, it also looks to be a more permissive approach than Labour has previously indicated that it will take, particularly in respect of AI in the workplace.
Besides AI, the two main parties — i.e., the Conservatives and Labour — are generally silent on data protection reform, and each have a different focus for digital regulation more broadly.
Election manifestos are not legally binding and usually do not spell out the specifics of how policy commitments will be delivered in practice. "Campaign in poetry, govern in prose," as the saying goes. A government's agenda is also subject to change, including to reflect wider political, economic and societal developments. Nevertheless, these manifestos gives a reasonably clear indication of each party's intended direction of travel on the regulation (or not) of data and technology.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.