NEWS15 June 2023

Businesses should not be ‘blind’ to risks of AI, says ICO

AI GDPR News Privacy Technology UK

UK – Businesses should address the privacy risks of generative artificial intelligence before adopting the technology, as the Information Commissioner’s Office (ICO) will check whether this has been done, the regulator is warning.


The ICO plans to check whether businesses who have adopted generative artificial intelligence have taken the relevant steps to address privacy risks, and will be “taking action” if there is a risk of harm, according to the data watchdog.

Speaking at Politico’s Global Tech Day today, Stephen Almond, executive director of regulatory risk, will say: “Businesses are right to see the opportunity that generative AI offers, whether to create better services for customers or to cut the costs of their services. But they must not be blind to the privacy risks.

“Spend time at the outset to understand how AI is using personal information, mitigate any risks you become aware of, and then roll out your AI approach with confidence that it won't upset customers or regulators.”

In April, the regulator outlined eight areas that organisations should consider before adopting generative AI, including lawful reasons for processing data, ensuring transparency and mitigating security risks.

Organisations must also check whether they are a controller or processor of personal data, prepare a data protection impact assessment, work out how to limit unnecessary processing, decide how to comply with individual rights requests and whether generative AI would make solely automated decisions.