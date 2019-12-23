By Leif-Nissen Lundbaek, CEO of XAIN

The year 2008 brought with it a turning tide in American politics. Barack Obama was elected the first African American president in history. Under Obama’s leadership, Democrats took both houses of Congress in what could only be seen as a rebuke of a decades-long conservative hegemony, launched by Ronald Reagan and crushed by George W. Bush’s largely unpopular Iraq War.

Yet some things stayed the same. Shortly after Obama took office, the new president made efforts to spearhead progressive reforms through congress -- the centerpiece of which was healthcare. While many applauded the Democratic effort to reshape America’s healthcare system in the mold of European social welfare models, others feared government involvement in such a private sphere of life. The spectacle brought back a recurring theme that has played an integral role in America’s politics since its founding -- a theme that argues the New World shouldn’t follow in the footsteps of the Old.

With regards to data privacy, though, the United States can and should follow Europe’s lead. As America grapples with data breach after data breach, its counterpart across the Atlantic has already constructed a global framework to ensure individual citizens a standard degree of privacy in its General Data Protection Regulation (GDPR), which took effect in 2018.

Designed to harmonize data privacy laws across Europe, GDPR establishes several privacy rights that aren’t federally protected in the U.S., one of which requires companies to inform users of their data practices and receive explicit permission before collecting any personal information. That might seem like an obvious requirement for any national policy on data privacy. But the U.S., as many Americans might be surprised to learn, doesn’t have such a policy.

America’s federal inaction on the matter might not be so baffling considering a major cornerstone of Americanism has historically been characterized by a disposition toward individualism. Where Europeans have looked to government to solve their problems, citizens of the U.S. have formed charities, associations, and other organizations to handle things on their own, figuratively pulling themselves up by their bootstraps. At least, that’s how many Americans see it. It’s why social liberalism’s beloved rallying cry, “keep government out of the bedroom,” resonates so deeply in the states.

But what happens when government isn’t the one intruding on your privacy? What really, some might wonder, are the risks of surrendering your personal data to a third party?

The extent to which Americans really care about the answers to those questions has been subject to much debate, but a 2014 Pew Research Center report suggests widespread distrust of third parties accessing consumer data. The survey found that some 80 percent of social media users said they were concerned about advertisers and businesses accessing the data they share on social media. Even more telling is that 64 percent expressed a desire for government to do more to regulate advertisers. In the case of data privacy, it seems Americans fear a lack of regulation more than they fear government involvement.

And they should, considering the risks an unfettered tech “wild west” entail. Personal data reaching the wrong hands could mean identity theft, blackmail, or even physical harm. Former NSA and CIA director Michael Hayden famously illustrated the latter possibility succinctly: “We kill people based on metadata.”

Advancements in the field of artificial intelligence, along with the advent of AI-powered technologies like “deepfake,” drive the stakes even higher. Perhaps those who were apathetic to the prospect of identity theft on paper won’t be as meek in the face of being sued over doctored video footage of themselves saying something they didn’t.

The solution to deepfakes and data breaches, though, isn’t to make the technology that spawns them disappear -- that will never happen. Artificial intelligence has many positive applications and is positioned to shape the future every industry, from healthcare to finance to defense. As much of machine learning largely depends on aggregating personal data, it follows that the only solution to AIs flaws is for the U.S. to adopt its own federal data privacy regulations, similar to Europe’s GDPR.

Still, there are Americans that fume at the suggestion that the words “federal” and “regulations” belong in the same paragraph -- even if their personal data is at stake. The U.S. is a large place, their argument goes, and different states should have the legal ability to define data privacy the way they see fit.

And they do -- the let-the-states-decide version of events is already playing out. California led the first initiative, with the California Consumer Privacy Act (CCPA) set to take effect in 2020. The law gives California residents the right to request the data that companies collect on them, demand that it be deleted, and opt out of having their data sold to third parties. New York’s version of the initiative, the New York Privacy Act, would take California’s law a step further, giving New Yorkers the right to sue companies directly over privacy violations. It has yet to materialize, though other states such as Maine and Nevada have already passed their own data privacy legislation.

The problem with allowing each state to have its own set of rules is that it creates an uneven and confusing legal environment, too onerous for companies doing business in the U.S. to handle.

Europe is quite large as well, and the architects of GDPR took that fact into account when designing the privacy protection standards. It is true that GDPR applies across the entirety of the European Union, but individual countries are allowed to make small changes to adapt the protections to their region. It’s a one-size-fits-all approach, just not to the extent that a libertarian might imagine. As such, GDPR serves as a prime example for future federal data privacy regulations in the U.S.

Legislation will never eliminate data breaches -- identity theft, blackmail, and deepfake aren’t going away anytime soon. The goal is to ensure consumer’s personal information is appropriately collected, used, and protected by companies to minimize risk and to ensure consumers are aware of the personal data being collected.

GDPR has proven data privacy regulation is inevitable. All companies that seek to do business within the EU must comply, even if those companies are based abroad. That means big tech -- the Apples, Googles, and Facebooks -- all comply already. Standardized federal data privacy regulations in the U.S. are the next logical step in government’s race to keep up with tech. America leads the world on many fronts -- there’s no shame in following Europe’s lead just this once.

About Leif-Nissen Lundbaek, CEO of XAIN

Academically trained as a mathematician, Leif-Nissen Lundbaek’s work focuses mainly on algorithms and applications for privacy-preserving artificial intelligence. In 2017, Leif developed the eXpandable AI Network (XAIN) as a cyber-security protocol that combines AI with privacy paradigms. Since then, his company has won multiple awards, such as the Porsche’s first-ever Innovation Contest, and worked successfully with many blue-chip companies. Leif-Nissen received his M.Sc. in Software Engineering at The University of Oxford with distinction as well as an M.Sc. in Mathematics at Heidelberg University.

About XAIN:

XAIN, the eXpandable AI Network, is a Berlin-based technology company that specializes in privacy-preserving training solutions for AI applications. The platform is the first commercial solution to provide GDPR compliance for AI applications by enabling training via the distributed approach of federated machine learning (FedML). XAIN began as a research project at Oxford University and Imperial College London by CEO Leif-Nissen Lundbaek and CTO Professor Michael Huth. Its research has been published in peer-reviewed international journals. In 2017, XAIN won the 1st Porsche Innovation Contest. A year later, XAIN was named one of Germany’s most innovative startups by Forbes magazine. The company received seed investment funding of €6 million, led by venture capital fund Earlybird, and has recently announced a strategic investment by IOTA’s Co-Founder Dominik Schiener.

