ICO explains its strategic approach to AI



The ICO says that it expects to consult on updates to its Guidance on AI and Data Protection and Automated Decision-Making and Profiling in spring 2025 to reflect changes to data protection law following the passage of the Data Protection and Digital Information Bill.

“We do not consider that the risks relating to AI require new, extensive, cross-cutting legislation, but appropriate resourcing of existing UK regulators and their empowerment to hold organisations to account,” the ICO says.

As a response to the government’s requirement for regulators to publish their AI strategies, the ICO issued such a document on 30 April to reflect their work carried out on AI topics, and plans for the future.

The regulator has launched a consultation series on generative AI. Guidance that has been issued includes:

  • Guidance on AI and Data Protection
  • Complementary guidance on Automated Decision-Making and Profiling
  • Supplementary guidance on Explaining Decisions Made with AI
  • The AI and Data Protection risk toolkit.

The ICO also runs a Regulatory Sandbox, Innovation Advice and Innovation Hub services to address organisations’ questions about innovation and AI in the context of data protection.

With its partners from the Digital Regulation Cooperation Forum (DRCF), the ICO is currently piloting the AI and Digital Hub which will conduct joint research, and provide AI advice from all of the digital regulators. The members will also share their approaches to conducting regulatory audits of AI systems.

See - Regulating AI: The ICO’s strategic approach April 2024

Valuable Data, Priceless Privacy, PL&B 37th International Conference 1-3 July, has several sessions on AI topics.