The UK’s data protection regulator, the Information Commissioner, has updated its guidance on Artificial Intelligence and Data Protection in response to requests from the UK industry to provide clearer guidelines on AI and how to adopt new technologies. The updated guidance introduces new definitions including algorithmic fairness, inductive bias and other considerations across the AI lifecycle.

The guidance focusses on several principles contained in the GDPR, in particular fairness, lawfulness, transparency and data minimisation. Fairness requires that businesses processing personal data must do so in a way that does not cause any unjustified harm to individuals and that their rights are protected. In the context of AI, the fairness principle requires that AI systems do not discriminate against individuals or groups based on factors such as race, gender, age, or disability. It also means that individuals have the right to know what data is being collected about them and how it is being used, and to have the ability to control the use of their data.

Under the GDPR, organisations processing personal data, including when using AI, must follow the principles of lawfulness, transparency, and data minimisation. They must have a legal basis for processing personal data using AI, be transparent and inform individuals about how their personal data will be processed using AI technology, and ensure that only the minimum amount of personal data is utilised. Further, they recommend a Data Protection Impact Assessment is carried out when utilising AI to identify and mitigate against high privacy risks.

The updated guidance and a summary of the changes to the guidance can be found here: