On Thursday, September 22, 2022, Executive Director Yesim Sayin testified at the D.C. Council Committee Committee on Government Operations & Facilities Hearing on Bill 24-558, the “Stop Discrimination with Algorithms Act of 2021 .” You can read her testimony below, or download a PDF copy.
Good afternoon, Chairman White, and members of the Committee. My name is Yesim Sayin, and I am the Executive Director of the D.C. Policy Center—an independent non-partisan think tank advancing policies for a strong, competitive, and vibrant economy in the District of Columbia. Thank you for the opportunity to testify on Bill 24-558.
In my reading, Bill 24-558 contains three parts. The first part—sections 3 through 6—is regulatory: it describes how entities that develop various scores to measure, for example, creditworthiness, employability, insurance eligibility, fraud risk, etc. using algorithms and large data sets must behave. It also regulates how entities that use such scoring mechanisms developed by third parties must behave. The second part—Section 7—describes compliance verification, and Section 8—outlines enforcement.
The D.C. Policy Center believes in reducing racial inequities. As such, we think that the algorithms and mechanisms that can influence employment, housing, health care, and other services should exclude sources of bias. We also welcome transparency in how these scoring systems are created, and in how decisions are made. However, this bill as it is written is too broad in saying which businesses are subject to its requirements, while simultaneously being not specific enough on how to identify discrimination in algorithms.
This bill should not move forward before the regulatory parts of it is properly examined and the implications understood.
As drafted, the regulatory requirements would create uncertainty and a regulatory burden on a large number of D.C. businesses, including businesses or organizations whose area of work is completely disconnected from algorithms and other scoring mechanisms. Under B24-558, any individual, firm, corporation, partnership, cooperative, association, or any other legal entity or group of individuals, however organized, will be subject to the regulatory and compliance requirements if they possess or control personal information on more than 25,000 District residents. This information can be something that is automatically collected – such as IP addresses or MAC addresses. For example, a retailer with online presence may be in violation of the law if they use a third-party screener in hiring sales clerks, and do not disclose this, or notify the job applicants in a manner required in Section 6 of the bill every time they reject a job applicant. A home remodeling company with a large mailing list can be in violation if it does not annually file a report with the Office of the Attorney General on how they make decisions on the creditworthiness of their clients. This will create large regulatory burdens for businesses while not addressing the issue of discrimination in algorithms.
Additionally, inclusion of business entities with a gross receipts of $15 million will force over 1,000 D.C. establishments (and nearly 6,000 establishments in the metropolitan Washington area) to file reports or notify their users, even though most of these companies operate in areas not related to algorithms. The most recent data we have suggest that over 50 entertainment venues, restaurants, and hotels, over 60 construction companies, a similar number of retail establishments, and nearly 200 professional services companies would be subject to regulation under to this bill,1 even when their main business activity is unrelated to the bill’s objectives.
Adding such regulatory confusion and uncertainty will act like a tax, reducing interest to do business in D.C. This may reduce economic opportunity for D.C. residents by reducing their employment, credit, or insurance options—an outcome that counters the stated goal of the bill.
Even if the bill were modified to limit its applicability to entities that specifically develop various forms of scoring based on algorithms, it needs careful consideration and specifics on what practices are banned, and how these determinations will be made. Importantly, the bill provides a rigid regulatory approach that does not allow for the co-evolution of practices and rules in an area that is rapidly developing. Importantly, the bill does include describe what practices are allowed to create regulatory certainty.
The audit requirements under the bill can be helpful if the scope of the bill is properly narrowed down. However, it would be important to get industry feedback on what types of internal audit and control systems are already in place.
This compliance verification and enforcement are intertwined with potentially problematic conflicts.
The bill allows OAG to operate both as a regulatory entity—an activity which could be argued to be beyond its scope—and a prosecutor. Under the provisions of the bill, the OAG can both bring civil action, as the prosecutor for the city, and issue penalties for violation of the law, more like to a regulatory entity. Further, the collected penalties, or settlement funds would go to the Litigation Support Fund, which is under the OAG’s control.
This is a problematic combination of regulatory and prosecutorial duties. For example, if a business does not agree with OAG’s penalty decision, would it seek relief in administrative court or in the Superior Court? Would OAG then be its own lawyer or hire an outside firm? If this bill moves forward, the District should separating prosecution functions from regulatory compliance functions.
Thank you for the opportunity to testify and I welcome your questions.