In this edition of our data protection bulletin, we focus on AI and the data protection challenges that are central to the development and deployment of any AI model. AI is a key area of focus for the Information Commissioner’s Office (ICO) and the ICO sees itself as a key player with regards to regulating the use of AI technologies.
We look at the potential implications of Apple's upcoming integration with Open AI as well as analysing the recent Clearview AI decision and the impact of this on similar AI companies. We also look at the steps the ICO is taking to regulate the use of AI, alongside its generative AI consultation series which provides useful emerging thoughts on how to navigate data protection compliance when using generative AI.
Watch our most recent data protection webinar on understanding marketing compliance here.
Apple has recently announced a partnership with Open AI to bring ChatGPT to its devices, as part of a new personalised AI system called ‘Apple Intelligence’.
In this article we look at the potential security implications that Apple users should be aware of and look to future privacy and security concerns within AI.
Read more
In October 2023, the UK General Regulatory Chamber’s First-tier Tribunal allowed Clearview AI’s, an American facial recognition company, appeal against the Information Commissioner’s Office (ICO) decision.
In this article, we explore the Clearview case in detail and provide insight into the decision’s impact on AI companies.
Read more
The Information Commissioner’s Office (ICO) has recently released their strategy document, ‘Regulating AI: the ICO’s strategic approach’.
This article reviews the key aspects of the ICO’s strategy document, highlighting the guidance and advice available to businesses and the upcoming developments regarding AI regulation.
Read more
On 10 June 2024, the UK Information Commissioner’s Office (ICO) closed its fourth call for evidence in its consultation series on the application of data protection laws to generative AI.
This article summarises the ICO's consultation, its implications, and what organisations need to do to ensure compliance with data protection laws.
Read more
Outsource Strategies Ltd (OSL) was fined £240,000 and issued with an enforcement notice for making 1,346,503 unwanted marketing calls over a 11-month period to telephone numbers registered with the Telephone Preference Service (TPS). Recipients described the callers as aggressive and noted repeated calls after requests for the calls to cease. OSL has appealed the fine and the enforcement notice. Click here to read the news story.
The London Borough of Hackney has been issued with a reprimand after a “clear and avoidable error” led to a cyber-attack which resulted in hackers accessing files containing personal data relating to 280,000 local residents. Applying the public sector approach, the ICO did not issue the Council with a fine because the ICO felt it had taken sufficient positive action following the cyber-attack. Click here to read the full statement.
The ICO has issued the Central Young Men’s Christian Association (YMCA) with a reprimand and a fine of £7,500 following a data breach whereby the charity emailed individuals participating in a programme for people living with HIV using CC instead of BCC. As a result, 264 emails were revealed to all recipients, resulting in 166 people being identifiable or potentially identifiable. The fine was reduced from £300,000 in line with the public sector approach. Click here for the news story.
The University Hospital of Southampton was issued with a reprimand by the ICO for a failure to respond to over 40% of data subject access requests within the required time period, over a period of 11-months. Read the full story here.
Birmingham Children’s Trust Community Interest Company have been reprimanded by the ICO following a data breach whereby a child’s personal data was disclosed to another family in error. The reprimand can be read in full here.
Plans for a new ‘Digital Information and Smart Data Bill’ were announced in the recent King’s Speech and briefing notes. The Bill is intended to foster innovative uses of data in order to drive economic growth and empower the ICO, amongst other aims. The Bill replaces the Conservative’s Data Protection and Digital Information Bill that was recently scrapped. The new Bill is expected to complement existing data protection legislation, not replace. We have prepared a short summary of what we know so far whilst we wait for the full details to be announced. Click here to read the summary.
Join us on 3 October at the University of Exeter to discover the opportunities and challenges of responsibly integrating AI tools into your business.
Registration is open now via the link below.
Register here
