Information Commissioner's Office
Blog: ICO launches guidance on AI and data protection
Simon McDougall, Deputy Commissioner – Regulatory Innovation and Technology, discusses the relationship between AI and data protection as the ICO publishes new AI guidance.
Over the past few years, I have witnessed amazing uses of Artificial Intelligence (AI) in areas such as online retail, banking, and healthcare. The recent pandemic has driven innovation in the use of technology and data but some of the challenges for organisations using AI are constant. For example, Is AI the right technology for the problem? What ethical issues does it create? How can we be sure the use of AI is lawful?
AI offers opportunities that could bring marked improvements for society. But shifting the processing of personal data to these complex and sometimes opaque systems comes with inherent risks.
Understanding how to assess compliance with data protection principles can be challenging in the context of AI. From the exacerbated, and sometimes novel, security risks that come from the use of AI systems, to the potential for discrimination and bias in the data. It is hard for technology specialists and compliance experts to navigate their way to compliant and workable AI systems.
It is with those challenges in mind that we have today released our guidance on artificial intelligence as part of our commitment to enable good data protection practice in AI.
The guidance contains recommendations on best practice and technical measures that organisations can use to mitigate those risks caused or exacerbated by the use of this technology. It is reflective of current AI practices and is practically applicable
The guidance is the culmination of two years of research and consultation by Professor Reuben Binns and the ICO AI team.. I am deeply grateful to them for their work, and also to the wide range of stakeholders who provided feedback to us throughout.
Technology using AI is characterised by fast moving innovation and evolution and we will continue to evolve our guidance to keep pace with it. We will keep seeking feedback on the guidance to help us to achieve this goal as well as continuing to engage with experts to explore the frontiers of this technology whist also growing our own expertise.
It is my hope this guidance will answer some of the questions I know organisations have about the relationship between AI and data protection, and will act as a roadmap to compliance for those individuals designing, building and implementing AI systems.
Simon McDougall is Deputy Commissioner – Regulatory Innovation and Technology at the ICO where he is developing an approach to addressing new technological and online harms. He is particularly focused on artificial intelligence and data ethics.
He is also responsible for the development of a framework for auditing the use of personal data in machine learning algorithms.
Latest News from
Information Commissioner's Office
“This needs to be dealt with.” - ICO issues Enforcement Notice to City of York Council over FOI backlog21/09/2023 16:25:00
The Information Commissioner’s Office (ICO) has issued an Enforcement Notice to City of York Council to clear its backlog of 261 unanswered Freedom of Information requests
ICO issues half a million pounds in new fines as fight to tackle illegal nuisance calls continues21/09/2023 15:25:00
The Information Commissioner’s Office (ICO) has issued fines totalling £590,000 to five companies for collectively making 1.9 million unwanted marketing calls which targeted the elderly and people with vulnerabilities.
Share information to protect children and young people at risk, urges UK Information Commissioner15/09/2023 10:15:00
Organisations will not get in trouble if they share information to protect children and young people at risk of serious harm, the UK Information Commissioner’s Office (ICO) has promised.
Former social services council employee fined for unlawfully accessing sensitive personal data14/09/2023 09:15:00
A former family intervention officer at St Helens Borough Council has been sentenced for unlawfully accessing social services records.
UK Information Commissioner and NCSC CEO sign Memorandum of Understanding13/09/2023 13:10:00
The UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (NCSC), Lindy Cameron, yesterday signed a joint Memorandum of Understanding (MoU) that sets out how both organisations will cooperate.
ICO to review period and fertility tracking apps as poll shows more than half of women are concerned over data security07/09/2023 16:20:00
The Information Commissioner’s Office (ICO) is reviewing period and fertility apps as new figures show more than half of women have concerns over data security
ICO publishes new guidance on sending bulk communications by email31/08/2023 16:20:00
The Information Commissioner’s Office (ICO) yesterday issued a warning to organisations to use alternatives to the blind carbon copy (BCC) email function when sending emails containing sensitive personal information, following a catalogue of business blunders.
Joint statement on data scraping and data protection25/08/2023 09:10:00
The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on social media sites.
One in three young people falling prey to ‘text pests‘ as ICO calls for victims to come forward22/08/2023 14:10:00
The Information Commissioner’s Office (ICO) has today launched a call for victims of so-called ‘text pests’ to come forward to help the regulator gather evidence of the impact of this illegal behaviour.