Privacy is a key issue in AI regulation, especially in a sensitive area such as healthcare. The United States (US) has taken a sectoral approach to protecting privacy that presents limitations when it comes to AI. Privacy protections in clinical contexts, research arenas, commercial and consumer contexts and public health all vary. AI relies on vast quantities of data that travel from one context to the other, draws inferences that were never present in the data and can be used in unforeseen ways. Further, even the sectoral approach has its limitations - for example, in the public health sphere, private entities that lead the AI ecosystem are left unregulated, while in the commercial context, AI privacy regulation relies on policies that companies write themselves. A better approach would focus on protections that rely on the nature of the data involved.

Citation
Craig Konnoth, AI and Data Protection Law in Health, in Research Handbook on Health, AI and the Law, Edward Elgar, 111–129 (2024).