How to Legally Collect AI Data
The ICO's guidance acknowledges that while utilizing AI has undeniable advantages, it can also endanger people's freedoms and rights when data protection is not taken seriously. To this end, their guidance provides a useful framework for how enterprises should evaluate and mitigate these risks.
The guide covers eight strategic elements that businesses can adopt to improve how they handle AI and personal data:
1. Use a Risk-Based Procedure When Creating and Implementing AI
When using AI, you should determine whether it is necessary for the situation. AI is typically considered a high-risk technology when it interacts with personal information. A company requires large amounts of data in order to improve its systems to work properly and our data might get resold, becoming unaware of who is receiving it or how it is being used.
Thus, there may be a more efficient and privacy-preserving substitute.
As the ICO states, you must evaluate the risks and put in place the necessary organizational and technical safeguards to reduce them. Realistically, it is impossible to completely eliminate all risks, and data protection laws do not mandate that you do so, but make sure you:
- Employ a data protection impact assessment (DPIA) to determine and reduce the risk of not adhering to data protection laws that your use of AI poses, as well as preventing harm to individuals
- Seek input from many groups that your usage of AI potentially impacts in order to better understand the danger
When a DPIA is legally required, you must conduct one before deploying an AI system, and introduce proper organizational and technical safeguards that will help reduce or manage the risks you find. Before any processing happens, you are legally required to speak with the ICO if you identify a risk that you are unable to adequately mitigate.
2. Consider How You Will Explain Your AI System's Decisions to Those Who Will Be Affected
According to the ICO, it can be challenging to explain how AI generates certain decisions and results, especially when it comes to machine learning and complicated algorithms - but that doesn’t mean you shouldn’t provide explanations to people.