Image credit: Josh Hallett/Flickr is CC BY 2.0 licensed.
Britain’s data protection watchdog has issued the most obvious warning yet to generative AI developers, saying they expect them to address privacy risks Before It is to bring your product to market.
Stephen Almond, Executive Director of Regulatory Risk at the Information Commissioner’s Office (ICO), said in a statement at the end of a blog post to be presented at a conference later today that oversight agencies are urging developers to exercise proper due diligence on their privacy and data. protection risks that warned against rushing to deploy powerful AI technologies without
“We check whether companies are addressing privacy risks before deploying generative AI, and take action if there is a risk of harm to people through inappropriate use of data. There is no excuse for ignoring the risks to people’s rights and freedoms,” Almond will warn.
He also plans to instruct companies operating in the UK market to show their ICOs “how they have dealt with the risks that arise in that situation, even if the underlying technology is the same”. is.
This means that ICOs will consider the context relevant to the application of generative AI technology, e.g. health apps using generative AI APIs are more likely to be compliant compared to apps focused on retail. Expectations may rise. (This kind of due diligence isn’t rocket science, but “we’re just using OpenAI’s APIs, so privacy should be considered when adding AI chatbots to enhance sexual relationships.”) Don’t expect to hide behind “I didn’t know there was a type line in a medical clinic search app…)
“Businesses are right to recognize the opportunities that generative AI offers, whether it is to better serve their customers or reduce the cost of service. But the privacy risks should not be ignored. No,” Almond urges developers. “First, take the time to understand how AI is using personal information, mitigate any perceived risks, and then deploy AI. please.”
To give you an idea of what this type of risk can cost if mismanaged, UK data protection law provides fines for breaches of up to £17.5m, or It could reach 4% of total global annual sales in the previous fiscal year. taller than.
A patchwork of AI rules
As an established regulatory body, the ICO is tasked with developing privacy and data protection guidance for the use of AI, building on the approach laid out by the government in its recent AI white paper.
The government is following a set of “flexible” principles and circumstances created by cross-sectoral oversight bodies to regulate AI, including the Competition Authority, the Financial Conduct Authority, Ofcom and indeed ICOs. He said he supported the corresponding guidance. Rather than introduce a dedicated legal framework to guide the development of AI, such as that being discussed in the European Union’s English Channel.
This means a patchwork of expectations will emerge as the UK watchdog develops and fleshes out guidance over the coming weeks and months. (The UK Competition and Markets Authority announced a review of generative AI last month, while earlier this month Ofcom gave some thoughts on what generative AI means for the telecom sector. also included details about how we are monitoring developments for the purpose of assessing their potential to harm. )
Shortly after the UK white paper was published, ICO’s Almond published a list of eight questions that generative AI developers (and users) should ask themselves. This includes the core question of what the legal basis for personal data processing is. How will you fulfill your transparency obligations? Whether you have prepared a data protection impact assessment.
Today’s warning is clearer. The ICO has made it clear that it expects companies not only to heed its recommendations, but to act on them. Companies that ignore this guidance and rush to bring apps to market create additional regulatory risks for themselves, including the potential for large fines.
This is also because watchdogs last fall branded so-called “sentiment analysis” AI as too dangerous for anything other than purely trivial use cases (such as children’s party games) and issued a warning against this kind of behavior. Warning based. “Immature” biometric technology presents greater risks of discrimination than potential opportunities.
The ICO wrote at the time, “We have yet to see development of emotion AI technology that meets data protection requirements, and there are more general questions about proportionality, fairness and transparency in this area.”
The UK government has said it doesn’t think there is a need for a dedicated law or AI-specific oversight body to regulate the technology, but recently there has been a growing need for AI developers, especially around safety. claiming sex. And earlier this month, Prime Minister Rishi Sunak announced plans to host a global summit on AI safety this fall, seemingly focused on boosting research efforts. The idea quickly gained buy-in from many of his AI giants.
