Nothing so hungry for data as AI: ICO launches audit consultation

A

rtificial intelligence (“AI”) is driving innovation in a diverse range of sectors.  That innovation is driven by access to hitherto unimaginable amounts of data.  The ICO has kickstarted a period of introspection looking at how data privacy can work in symbiosis with innovation in AI.

You can find the ICO’s call for participation in that exercise here.

The EU General Data Protection Regulation (“GDPR”) strengthened privacy rights for individuals and how their personal data may be used by businesses. Since the GDPR came into effect in May 2018, companies across the European Union have had little choice but to consider data protection compliance at the outset of the design and implementation process, in just about whatever they seek to accomplish.

The output for the ICO’s consultation will be an auditing framework for applying data protection law to the nuts and bolts of using vast amounts of data to build AI applications. In the words of  Simon McDougall, Executive Director for Technology Policy and Innovation at the ICO: “The framework will give us a solid methodology to audit AI applications and ensure they are transparent, fair; and to ensure that the necessary measures to assess and manage data protection risks arising from them are in place.”

Specifically, the Framework will have two key components:

• Governance and accountability – providing guidance on the measures an organisation must have in place to be compliant with data protection law and regulation
• AI-specific risk areas – this will look at potential data protection risks in certain areas and consider how these may be adequately managed from a risk management perspective.

The ICO is also using this as an opportunity to reach out to individuals who have been working closely with AI in order to gather their input as regards challenges linked with AI adoption. The feedback gathered by the ICO will be used to inform a formal consultation paper, which they expect to publish by January 2020, with the final auditing framework and associated guidance is expected to be published by spring 2020.

Feedback on the proposed framework may be submitted by leaving a comment within the ICO’s AI auditing framework blog or by emailing them directly at AIAuditingFramework@ico.org.uk.

The ICO is not the only regulatory body seeking feedback from industry professionals as regards the use of AI. The European Commission published, on 8 April 2019, its ‘Ethics guidelines for trustworthy AI’.

The growth in the use of AI by businesses of many kinds is challenging industry regulators and government bodies to keep up.  Clearly, there will be challenges as the benefits that come from innovation through AI need to be carefully balanced against the privacy of the individual.

If you’d like to discuss some of the key issues you need to consider in the growth of your AI company, contact us at enquiries@humphreys.law.

This piece was researched and prepared by Amir Kursun, with input from Husna Grimes.

Humphreys Law