ARTICLE
3 March 2020

The ICO Issues Draft Guidance On AI Auditing Framework

PC
Pearl Cohen Zedek Latzer Baratz

Contributor

Pearl Cohen Zedek Latzer Baratz logo
Pearl Cohen is an international law firm with offices in Israel, the United States, and the United Kingdom. Our strength is derived from decades of legal experience and an intimate knowledge of the cutting edge technological, legal, and transactional issues facing our clients in local and cross border matters. This combination of experience and knowledge allows us to provide sound and innovative advice to clients worldwide.
Explore Firm Details
The Information Commissioner's Office in the UK (the "ICO") issued its draft guidance on auditing AI technologies.
United States Technology
Adi Shoval

The Information Commissioner's Office in the UK (the "ICO") issued its draft guidance on auditing AI technologies. This guidance aims to provide solutions to companies that design or implement AI, with a methodology to audit applications to ensure that they process personal data fairly.

The guidance explains how one can assess the risks to the rights and freedoms of individuals that AI can trigger, and the appropriate measures to mitigate them. The guidance focuses on a risk-based approach to AI and suggests technical and organizational measures and procedures proportionate to the possible risks to the rights and freedoms of individuals.

The guidance discusses the accountability and governance implication of AI, stating that organizations shall perform a data processing impact assessment before using AI. The assessment should include, among others, an explanation of any relevant variation or margins of error in the performance of the AI system, which may affect the fairness of the processing, analysis of the necessity and proportionality of the AI system, and the risks of using the AI system and mitigating measures taken.

The guidance notes that organizations should distinguish between the development or training of AI systems and their deployment, as each may have distinct and separate purposes and risks, that in turn require a different lawful basis for processing personal data.

Finally, the guidance discusses the effect AI may have on the rights of the data subjects with regards to the processing of their personal data. It recognizes that enabling individuals to exercise their rights may be difficult in some cases, such as when using machine learning models, which can make it difficult to link training data to a particular individual. Nevertheless, the fact that a request may be harder to fulfill does not take the data processed out of scope and the organization shall take reasonable measures to verify the individuals' identity and respond to their requests.

CLICK HERE to read the full ICO guidance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Adi Shoval
Adi Shoval
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More