ICO launches new AI and data protection guidance
The Information Commissioner’s Office (ICO) has launched new guidance on how to ensure data protection compliance when deploying artificial intelligence (AI).
Following an open consultation earlier this year, which techUK responded to, the ICO has released new guidance on AI and data protection. This is the culmination of two years of research and part of the ICO’s commitment to enable good data protection practice in AI.
The guidance is intended to “mitigate the risks specifically arising from a data protection perspective, explaining how data protection principles apply to AI projects without losing sight of the benefits such projects can deliver”. The guidance includes recommendations on best practice and technical measures that organisations can use to mitigate risks but is not intended as a guide to the ethical or design principles of the use of AI.
This guidance is primarily aimed at two audiences, those with a compliance focus (including the ICO's own auditors) and technology specialists. We believe from the guidance published that a “toolkit designed to provide further practical support to organisations auditing the compliance of their own AI systems” is also forthcoming.
It is worth noting that this guidance is not a statutory code. There is no penalty if you fail to adopt good practice recommendations, as long as you find another way to comply with the law. The ICO have used the terms ‘must’ and ‘should’ to mark the distinction between compliance with data protection law and general good practice.
The structure of guidance relates to key data protection principles- accountability and governance, fairness and transparency, data minimisation and security and individual rights.
The guidance states that when it comes to trade-offs, the “right balance depends on the specific sectoral and social context you operate in, and the impact the processing may have on individuals”. Significant emphasis is placed on the importance of Data Protection Impact Assessments (DPIA’s) for AI systems using personal data.
The guidance also points to the need to take care to identify and understand the relationship between the data controller/data processor. The guidance states that Government will explore this issue in more detail when they come to reviewing the Cloud Computing Guidance in 2021.
The ICO has said that it will continue to adapt the guidelines to keep pace with the “fast moving innovation and evolution” of AI. The ICO would like to continue to consult with those using the guidance to understand how it works in practice and are open to ideas on the tools they could create to support implementation of the guidance. To provide feedback, please provide your details at the bottom of this page here.
Finally, if you’d like to discuss any aspect of this guidance or better understand what it means for your organisation, please get in touch.
Latest News from
UK and US Strengthen Cooperation over Emerging Threats14/06/2021 11:25:00
Prime Minister Boris Johnson and President Joe Biden agreed a number of steps to enhance the world’s strongest bilateral defence and security partnership.
Guest blog: AI in healthcare - How economics can help us understand the risks11/06/2021 13:38:00
Federico Cilauro, Manager at Frontier Economics, a leading economics consultancy, writes about the potential of AI to revolutionise medical diagnosis.
European Commission publishes new Standard Contractual Clauses11/06/2021 11:25:00
Following the Schrems II ruling, the European Commission has updated its existing Standard Contractual Clauses for the first time since 2010, to allow for better compliance to GDPR in the transfer of personal data across borders.
Maritime Early Warning Innovations Competition10/06/2021 16:25:00
The Defence and Security Accelerator (DASA) has launched a competition for the development of innovative technologies to provide novel methods of Early Warning (EW) for maritime operations.
techUK welcomes G7 Global Tax Agreement10/06/2021 12:38:00
The deal at the G7 paves the way for broader multilateral talks at the OECD and a pathway to the removal of national digital services taxes.
New study reveals the data of a year lived online for the UK10/06/2021 10:10:00
UK regulator Ofcom has published its 2021 Online Nation Report, offering a snapshot of an “unprecedented year” for UK citizens as communication, entertainment, culture, retail, work and education moved online.
Procurement Policy Note 06/21: Taking Account of Carbon Reduction Plans in the procurement of major government contracts09/06/2021 11:25:00
The Cabinet Office has launched guidance on taking account of Carbon Reduction Plans in the procurement of major central government contracts.
Fast Forward for Digital Jobs08/06/2021 16:25:00
techUK's Fast Forward for Digital Jobs report examines the state of play of adult education and digital skills training and sets out seven key recommendations to support learners, support employers, and deliver change at scale.
techUK is supporting Digital T Levels08/06/2021 11:25:00
Offer a 16-19 year old a work experience placement at your business as part of their Digital T Level qualification.