The harvesting of data via artificial intelligence, biometrics technology, and digital data collection is currently outpacing laws regulating its use according to a recent panel at the South by Southwest Conference & Festivals taking place in Austin this week.

Myriad information is created through many means, such as posting to or having profiles on social media platforms, or just by simply using a cellphone. This “digital dandruff” is collected by three main entities: law enforcement, private companies working for law enforcement agencies, and private companies hoping to sell user data, said Barry Friedman, a professor and director of the New York University School of Law Policing Project.

Friedman said the government’s collection of data needs to be kept in control through regulations. However, “we have failed to regulate surveillance in any meaningful way whatsoever and time is running out,” Friedman said.

Tracy Ann Kosa, a privacy researcher at Stanford University and adjunct faculty member at Seattle University, said current regulations on digital data gathering have all been reactive rather than proactive. Kosa said regulations should come from engineers and those who work in the field, rather than from the government, which has less understanding of the technology.

Regulations from the government can be overreaching and stifle development of new technology, said Rick Smith, CEO and founder of Axon Enterprise. Smith cited the General Data Protection Regulation, or GDPR, put into effect by the European Union. GDPR has prevented tech companies from gathering useful data to assist in the development and improvement of new technology, said Smith. Regulations have been added, such as each site warning about the collection of cookies when options on most browsers to deny access to cookies already exists.

Smith said law enforcement and others must be active in cyberspace to battle against hacking and the theft of personal information. Public safety should be the primary concern, with attention paid to how private companies are using citizens’ data, and greater concern being placed on what the government is doing with digital data, Friedman said. “Facial recognition technology is the biggest threat to our civil liberties that we’ve seen in a long time,” said Friedman.

AI-generated algorithms are already in use, and some, such as a New York Police Department algorithm designed to track and tag people as possible gang members may suffer from a racial bias, according to Kosa, who noted that 99 percent of the people logged into the database were people of color. Even more concerning, said Kosa, is the fact that the public doesn’t know who is listed in the database and apparently there is no way to remove oneself from it.

Congress has done little to nothing to address these problems,

and the lack of laws and regulations from Congress has put courts in a precarious position of having to possibly define the law, said Friedman. He believes safeguards should be in place before matters go to trial.

To remedy these problems, panelists suggested having greater transparency in how and what data is being gathered, and for what purpose; as well as holding governments and companies accountable for the safety and reason for collection of data.

“Ownership of your digital data needs to be yours,” Kosa said, noting many companies and law enforcement agencies have information on file about a person and that person likely has no idea what that information is.

Smith said he’s more concerned with government collection of data rather than private sector collection. “I probably don’t want police to have my personal information and trust them not to use it until they find it necessary. I feel more comfortable with Google than the IRS having my personal information.”

The backlash against Facebook for its harvest and sale of customer data has hurt the tech giant, Smith said. The media’s coverage and unearthing of Facebook’s methods have been what has led to changes in the company’s handling of data. There must be continued work by the media to hold tech companies accountable for the handling of people’s data, Smith said.