The ICO’s consultation on generative AI: Key take-aways

The ICO expects the industry to significantly improve how it informs individuals about data processing. By Josephine Jay and Annabel Loose of Goodwin.

As the predominance of generative artificial intelligence (AI) continues to gather pace, legislators and advisory bodies face the challenge of fitting this technology into existing and emerging legal frameworks, without stifling innovation. Amongst other things, the large-scale data processing driving generative AI raises complex questions regarding compliance with data protection laws, including the technology-neutral EU General Data Protection Regulation, and its UK equivalent (GDPR). In a recent consultation series on data protection issues posed by the technology (Consultation), the UK’s Information Commissioner’s Office (ICO) seeks to provide clarity on how it expects organisations leveraging these systems to comply with the GDPR. Perhaps most strikingly, the ICO confirms its position that developers can rely on legitimate interests as a lawful basis to justify the use of web scraping for training generative AI systems, but highlights hurdles that developers must overcome as part of their legitimate interests assessments. The ICO stresses the importance of improving transparency for individuals whose data is processed by generative AI systems, and allowing those individuals to effectively exercise data protection rights. It remains to be seen whether and how industry players will overcome these compliance challenges.

Continue Reading

UK Report subscribers, please login to access the full article

LOGIN

If you wish to subscribe, please see our subscription information.

Subscribe