Information Commissioner's Office
Blog: New toolkit launched to help organisations using AI to process personal data understand the associated risks and ways of complying with data protection law
Alister Pearson, the ICO’s Senior Policy Officer – Technology introduces a new beta version of our AI and Data Protection Risk Toolkit. He explains how it can assure organisations that use AI to process personal data that they are processing it in line with the law and how organisations can help the ICO shape a final version.
“Understanding how to assess compliance with data protection principles can be challenging in the context of AI. From the exacerbated, and sometimes novel, security risks that come from the use of AI systems, to the potential for discrimination and bias in the data. It is hard for technology specialists and compliance experts to navigate their way to compliant and workable AI systems.”
To help address this challenge, we have decided to publish an AI and Data Protection Risk Toolkit.
This work draws upon the Guidance on AI and Data Protection, as well as our co-badged guidance with The Alan Turing Institute on Explaining Decisions Made With AI. It is also part of our commitment to enable good data protection practice in AI.
The toolkit contains risk statements to help organisations using AI to process personal data understand the risks to individuals’ information rights. It also provides suggestions on best practice organisational and technical measures that can be used to manage or mitigate the risks and demonstrate compliance with data protection law.
The toolkit reflects the auditing framework developed by our internal assurance and investigation teams. This framework gives us a clear methodology to audit AI applications and ensure they process personal data in compliance with the law. If your organisation is using AI to process personal data, then by following this toolkit, you can have high assurance that you are complying with data protection legislation.
We are presenting this toolkit as a beta version and it follows on from the successful launch of the alpha version in March 2021. We are grateful for the feedback we received on the alpha version.
We are now looking to start the next stage of the development of this toolkit.
This stage will involve testing the toolkit on live examples of AI systems that process personal data to see how practical and useful it is for organisations.
We will continue to engage with stakeholders to help us achieve our goal of producing a product that delivers real-world value for people working in the AI space. We plan to release the final version of the toolkit in December 2021.
If you are interested in helping us test the toolkit on a live AI application, or want to provide feedback or suggestions on how to improve the beta version, please email AI@ico.org.uk.
Latest News from
Information Commissioner's Office
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted24/05/2022 09:10:00
The Information Commissioner’s Office (ICO) has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.
Director’s Update: Doing more with less – working with the FOI community to improve future FOI regulation23/05/2022 12:25:00
This is the second in a series of updates from Warren Seddon, Director of FOI and Transparency.
Blog: What does equality of access really mean when developing a career with a visual impairment?19/05/2022 12:25:00
On Global Accessibility Awareness Day, Paul Arnold, ICO Deputy Chief Executive and Chief Operating Officer shares his story.
Blog: A day in the life of the ICO’s information management team13/05/2022 12:25:00
“It’s important to remember the people behind the information.”
ICO response to Channel 4 ‘Inside the Metaverse’ documentary29/04/2022 12:25:00
A recent C4 Dispatches – Inside the Metaverse looked at the metaverse and how the platforms enforce against users that act inappropriately.
Conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC – 19 April 202220/04/2022 12:25:00
The ICO found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Statement following conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC13/04/2022 16:20:00
The Information Commissioner’s Office (ICO) has found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Children's privacy and international collaboration12/04/2022 15:20:00
John Edwards, UK Information Commissioner, is in Washington DC this week to meet with regulators, civil society, lawmakers and tech companies, as well as present the work of the ICO at the IAPP Global Privacy Summit.