March 6, 2023
Ms. Stephanie Weiner
Acting Chief Counsel
National Telecommunications and Information Administration
U.S. Department of Commerce
1401 Constitution Avenue, NW
Washington, DC 20230
Re: NTIA– 2023–0001
Dear Ms. Weiner:
This letter is submitted on behalf of Business Roundtable, an association of chief executive officers of America’s leading companies. As major employers in every state, Business Roundtable CEOs lead companies that support 37 million American jobs and almost a quarter of U.S. GDP. Our companies—who represent every sector of the U.S. economy, including technology, communications, retail, financial services, health, public safety and security, manufacturing, hospitality, insurance and others—rely on data and data-driven processes and solutions every day to deliver, improve and market innovative products and services across the United States and around the world. Consumer trust and confidence are essential elements of our businesses and our relationship with our customers, including customers from disadvantaged communities.
We appreciate the opportunity to participate in the Request for Comment (the “Request”) released by the National Telecommunications and Information Administration (“NTIA”) on January 20, 2023, relating to whether and how commercial data practices can lead to disparate impacts and outcomes for marginalized or disadvantaged communities. NTIA issued the Request with the laudable goal of examining how privacy may intersect with considerations of justice for marginalized or disadvantaged communities, and determining what solutions may be appropriate.
Business Roundtable member companies take data privacy and security very seriously. Our companies also understand that many American consumers may not feel in control of their personal data and how it is collected, used, shared, and protected, and that this concern may be greater in marginalized communities.
Consistent with consumer expectations and responsible business practices, our member companies already undertake significant efforts to limit the collection, use, and sharing of consumer data, and to protect the security of such data. For example, our member companies maintain robust data privacy and security compliance programs, implement internal and external privacy policies, provide consumers with meaningful notice and opportunities for consent, and train employees to emphasize the importance of keeping their customers’ data confidential and secure. In addition, Business Roundtable member companies are at the forefront of responsible innovation, developing and implementing best practices regarding how new technologies such as artificial intelligence (“AI”) should be utilized by businesses in ways that mitigate the potential for unfair bias.
In January 2022, Business Roundtable launched the “Roadmap for Responsible Artificial Intelligence,” an initiative to guide the responsible development and use of AI. The Roadmap provides a set of principles to guide businesses as they implement Responsible AI and reflects the perspectives and real-world experiences of companies from every sector of the economy, including AI developers, deployers and end users. Alongside the Roadmap, Business Roundtable also released a set of policy recommendations to encourage AI governance, oversight and regulation that build public trust in AI while enabling innovation and promoting continued U.S. leadership. Additionally, Business Roundtable recently published a collection of case studies demonstrating the many ways that companies are leveraging AI and data to operationalize Responsible AI principles and directly benefit consumers and communities.
Business Roundtable believes that the goals articulated in the Request would be most effectively achieved through the enactment of comprehensive federal privacy legislation that provides Americans, including disadvantaged communities, with data privacy and security protections that apply throughout the United States, for which Business Roundtable has strongly advocated. A national, uniform consumer privacy law would ensure that consumers in California are provided the same privacy protections as those in New Hampshire, an outcome which cannot be achieved through a state-by-state approach or a federal rulemaking that would not apply holistically to the entire internet ecosystem.
In terms of the key attributes of a national privacy framework, NTIA should carefully consider whether certain proposals, including restrictive data minimization, collection limitations or external audits would restrict beneficial uses of consumer data or divert resources that could be used to benefit consumers, including those from disadvantaged communities. Many businesses rely on consumer data to provide valuable products and services on which consumers have come to rely, and that restrictive rules might prohibit. For example:
- Financial services firms and their customers rely on superior data-enabled fraud detection tools that help prevent millions of unauthorized transactions every year. The accuracy of fraud tools is data-driven, which is why such tools have been granted exemptions under the Gramm-Leach-Bliley Act (“GLBA”).
- Health care innovations that improve patient outcomes are enabled through data collection and exchange consistent with prevailing restrictions under the Health Information Portability and Accountability Act5 (“HIPAA”).
- Energy companies collect and analyse data to assist consumers and enterprises in optimizing energy efficiency and reducing carbon footprints.
- The cybersecurity community leverages security data to provide effective, real-time cybersecurity security solutions.
- Retail firms use customer data to manage customer loyalty and rewards programs, and to ensure that inventories track changing customer demand.
Regardless of sector, a national framework for data-driven technologies, including AI, should focus on principles-based requirements which provide a flexible approach that can evolve as the technologies evolves.
NTIA’s Request addresses important societal questions, and policymakers will take NTIA’s recommendations seriously. Our hope is that these recommendations reflect solutions that will ensure a community’s data rights are not affected by state boundaries and take into account the beneficial uses of consumer data. In the sections that follow, we provide answers to specific questions posed in the Request.