Embrace Opportunities while Safeguarding against Risks – ICO’s Critical Review of Generative AI in Key Businesses

posted in: Blog | 0



One of the buzzwords of the year, if not the decade is AI – Artificial Intelligence.  

Some experts have predicted that by 2033, AI could become a trillion-pound sector that brings big benefits to both business and society. However, other predictions are more alarmist, foreseeing the end of a wide variety of jobs and the disruption of many other professions.   

Regardless of who’s right, for a lot of businesses, both big and small, AI has become the must-have; Fear Of Missing Out has driven a very rapid adoption curve and in the rush to jump aboard what has become an increasingly fast-moving bandwagon, many businesses, who – by their own admission – know next to nothing about AI may fall victim to a number of significant risks.  

With this in mind, the Information Commissioner’s Office (ICO) has called for businesses to look at the problems that generative AI (such as ChatGPT and Midjourney) could present – including privacy and the use of personal data – before rushing in to start using them.    

Many business owners might think that privacy concerns have been addressed in the development of generative AI, but this is turning out not to be the case. A wild frontier of compliance gaps and headaches is opening up, populated not just by risks for businesses when it comes to the protection of their clients’ and employees’ personal data, but also by the risk of inadvertently accessing third party personal information through the AI itself. Excessive reliance on generative AI without realising how it accesses data across the internet may mean businesses find themselves facing accusations of copyright violations with no credible means of defence. 

Anyone who’s seen generative AI in action may well have been as astonished by the speed at which it produces content as the quality of the content itself. But how is this achieved?   

Generative AI creates content after searching millions of publicly accessible sources online and gathering data, which will include people’s personal information.  

Indeed, the issue of what’s known as “data scraping” where AI models will use this huge store of human-generated data to train and become better at generating human-like content, is what’s said to have been behind the recent restrictions placed on users of Twitter by owner Elon Musk. It’s likely to be more complex than that, but Musk’s actions, designed to restrict generative AI from accessing the millions of tweets generated by users each day, have focussed attention on where AI gets its information from. 

Despite the concerns, there are many who will effectively overlook this when using it. Those who turn a blind eye to the concerns and limitations of the current clutch of generative AIs need to remember that there are already laws in place that protect individuals’ rights to privacy, and these do apply to generative AI as an emerging technology. 

The ICO advises businesses who are considering incorporating AI into some or all of their operations to spend valuable time before they commit considering how AI is using personal information so that the risks can be identified and mitigated. The approach to AI can then be rolled out with client assurance built in; in an economy where businesses are fighting for every client, whatever gives them an edge when it comes to building their customer base must be worthwhile.   

The ICO said that they will be checking on whether businesses have looked at the privacy risks and put procedures in place to safeguard this before introducing the use of generative AI. Where there’s risk of harm to people’s privacy and personal data, the ICO will take action. It has, however, added that in order to encourage businesses to take the questions raised by generative AI and data protection seriously, it has made available a wide range of helpful resources on its website.  

If you’re a business that’s considering adopting a generative AI, you need to get informed guidance on how to ensure your data protection obligations are put at the heart of how you use this new technology. Speak to an expert in IT or data protection law and regulation and ensure your business is future-proofed.