News

Protect personal data when introducing AI, privacy watchdog warns businesses

The Information Commissioner’s Office says it will be checking whether firms have tackled privacy risks as they implement new technologies.
The Information Commissioner’s Office says it will be checking whether firms have tackled privacy risks as they implement new technologies. The Information Commissioner’s Office says it will be checking whether firms have tackled privacy risks as they implement new technologies.

The privacy watchdog will warn companies that they need to be careful with AI or face its wrath.

Information Commissioner’s Office (ICO) regulatory risk boss Stephen Almond will say that he and his colleagues will be watching over the shoulders of companies as they implement new technologies.

“We will be checking whether businesses have tackled privacy risks before introducing generative AI – and taking action where there is risk of harm to people through poor use of their data,” Mr Almond is expected to say in a speech at Politico’s Global Tech Day.

“There can be no excuse for ignoring risks to people’s rights and freedoms before rollout.”

Generative AI – including ChatGPT and Midjourney – collects huge amounts of data from across the internet.

But that means that it might collect personal information, potentially without businesses even realising.

There are rules on how companies are allowed to use personal data, and they apply to generative AI, the ICO said.

“Businesses need to show us how they’ve addressed the risks that occur in their context – even if the underlying technology is the same,” Mr Almond will say on Thursday evening.

“An AI-backed chat function helping customers at a cinema raises different questions compared with one for a sexual health clinic, for instance.”

He will add: “Businesses are right to see the opportunity that generative AI offers, whether to create better services for customers or to cut the costs of their services, but they must not be blind to the privacy risks.

“Spend time at the outset to understand how AI is using personal information, mitigate any risks you become aware of, and then roll out your AI approach with confidence that it won’t upset customers or regulators.”