Skip to the content

ICO publishes guidance on data protection in AI


Mark Say Managing Editor

Get UKAuthority News


The Information Commissioner’s Office (ICO) has published guidance on the data protection issues in the use of artificial intelligence.

It said the guidance is aimed at helping organisations mitigate the risks and emphasised issues around accountability, governance, legality, security and individuals’ rights in the way the technology is used.

Among the key features are that accountability requires an organisation to assess and mitigate the risks, be responsible for compliance with data protection regulations, document and demonstrate how the system is compliant, and justify the choices made.

These should be part of a data protection impact assessment in planning to use AI – a legal requirement in most cases when personal data is used.

The guidance recognises that AI can involve processing personal data in different ways for different purposes, and says there is a need to separate each distinct processing operation, and identify the purpose and an appropriate lawful basis for each one.

It also points to need to take care to identify and understand controller/processor relationships. This is due to the complexity and mutual dependency of the various kinds of processing typically involved in AI supply chains.

There is also a need to the right to data protection and other fundamental rights, which involves considering a range of competing considerations and interests.

Opportunities and risks

Simon McDougall, deputy commissioner for regulatory, innovation and technology at the ICO, said: “AI offers opportunities that could bring marked improvements for society. But shifting the processing of personal data to these complex and sometimes opaque systems comes with inherent risks.

“Understanding how to assess compliance with data protection principles can be challenging in the context of AI. From the exacerbated, and sometimes novel, security risks that come from the use of AI systems, to the potential for discrimination and bias in the data, it is hard for technology specialists and compliance experts to navigate their way to compliant and workable AI systems.  

“It is with those challenges in mind that we have today released our guidance on artificial intelligence as part of our commitment to enable good data protection practice in AI.”

He added that the ICO is open to feedback and the guidance is likely to evolve as the technology advances.

Image from iStock

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.