ICO launches new AI and data protection guidance
The Information Commissioner’s Office (ICO) has launched new guidance on how to ensure data protection compliance when deploying artificial intelligence (AI).
Following an open consultation earlier this year, which techUK responded to, the ICO has released new guidance on AI and data protection. This is the culmination of two years of research and part of the ICO’s commitment to enable good data protection practice in AI.
The guidance is intended to “mitigate the risks specifically arising from a data protection perspective, explaining how data protection principles apply to AI projects without losing sight of the benefits such projects can deliver”. The guidance includes recommendations on best practice and technical measures that organisations can use to mitigate risks but is not intended as a guide to the ethical or design principles of the use of AI.
This guidance is primarily aimed at two audiences, those with a compliance focus (including the ICO's own auditors) and technology specialists. We believe from the guidance published that a “toolkit designed to provide further practical support to organisations auditing the compliance of their own AI systems” is also forthcoming.
It is worth noting that this guidance is not a statutory code. There is no penalty if you fail to adopt good practice recommendations, as long as you find another way to comply with the law. The ICO have used the terms ‘must’ and ‘should’ to mark the distinction between compliance with data protection law and general good practice.
The structure of guidance relates to key data protection principles- accountability and governance, fairness and transparency, data minimisation and security and individual rights.
The guidance states that when it comes to trade-offs, the “right balance depends on the specific sectoral and social context you operate in, and the impact the processing may have on individuals”. Significant emphasis is placed on the importance of Data Protection Impact Assessments (DPIA’s) for AI systems using personal data.
The guidance also points to the need to take care to identify and understand the relationship between the data controller/data processor. The guidance states that Government will explore this issue in more detail when they come to reviewing the Cloud Computing Guidance in 2021.
The ICO has said that it will continue to adapt the guidelines to keep pace with the “fast moving innovation and evolution” of AI. The ICO would like to continue to consult with those using the guidance to understand how it works in practice and are open to ideas on the tools they could create to support implementation of the guidance. To provide feedback, please provide your details at the bottom of this page here.
Finally, if you’d like to discuss any aspect of this guidance or better understand what it means for your organisation, please get in touch.
Latest News from
Letter to the next Prime Minister from techUK CEO Julian David16/08/2022 16:25:00
techUK's CEO Julian David has written to the final two candidates for the Conservative Party Leader and next Prime Minister. In the letter techUK sets out how the next Prime Minister can work with the UK tech sector to address the key challenges they and the country will face.
techUK joins other UK trade organisations to urge the Government to hold out for a comprehensive UK-India deal12/08/2022 13:05:00
The UK-India FTA talks began in January this year. The fifth round of negotiations was finalised last week, and both countries are working towards the October 24 deadline that Prime Ministers Johnson and Modi set a few months ago.
techUK responds to Parliamentary inquiry on the UK semiconductor industry11/08/2022 14:05:00
techUK welcomes the confirmation in the recent Digital Strategy that the Government will bring forward a Semiconductor Strategy.
MWC Barcelona, February 27th-March 2nd, 202311/08/2022 09:10:00
We would like to invite our members to join a trade show to Barcelona between February 27th-March 2nd, 2023
A healthy start to the year: Review of the techUK H&SC Programme10/08/2022 14:15:00
The first half of 2022 has been full of activities for the techUK Health and Social Care programme and the members working closely with the team. This August, we therefore wanted to provide an overview of key areas of focus and the work done for the past six months. None of this would be possible without the involvement and support of our members, therefore we'd like to take this opportunity to say thank you!
NPCC led review: operational productivity of policing10/08/2022 13:15:00
The Home Office has announced plans for an operational efficiency review of policing including a focus on further uses of technology.
NATO Innovation Challenge?10/08/2022 12:10:00
This Challenge is co-organized by NATO Allied Command Transformation (ACT), the NATO Communications and Information Agency (NCIA) and the Ministry of Defense of Romania, who will host the finale. Participants can submit their Solution by September 19th, 2022 (12:00 a.m.).
Guest blog: I’ve got the key; I’ve got the secret – unlocking cryptocurrency control08/08/2022 16:25:00
Guest blog by Prakash Kera, lead partner of Fintech at Shoosmiths.