Brian Sims
Editor
Brian Sims
Editor
THE INFORMATION Commissioner’s Office (ICO) has launched the latest instalment in its consultation series examining how data protection law applies to the development and use of generative Artificial Intelligence (AI). The third consultation in the series focuses on how data protection’s accuracy principle applies to the outputs of generative AI models and, in parallel, the impact that accurate training data has on the output.
Where individuals wrongly rely on generative AI models to provide factually accurate information about people, this can lead to misinformation, reputational damage and other harms.
Information Commissioner John Edwards explained: “In a world where misinformation is growing, we cannot allow the misuse of generative AI to erode trust in the truth. Organisations developing and deploying generative AI must comply with data protection law, including our expectations on the accuracy of personal information.”
The third call for comment comes as the Information Commissioner and his team are visiting leading tech firms in Silicon Valley to reinforce the ICO’s regulatory expectations around generative AI, as well as seeking progress from the industry on children’s privacy and online tracking.
The regulator has already considered the lawfulness of web scraping to train generative AI models and examined how the purposed limitation principle should apply to generative AI models. Further consultations on information rights and controllership in generative AI will follow in the coming months.
The ICO is seeking views from a range of stakeholders, including developers and users of generative AI, legal advisors and consultants working in this area, civil society groups and other public bodies with an interest in generative AI.
*The consultation process remains open until 5.00 pm on 10 May. Further information is available on the ICO’s website
Cross-border enforcement
The ICO has signed a new international multilateral agreement with the Global Co-operation Arrangement for Privacy Enforcement (Global CAPE) to co-operate in cross-border data protection and privacy enforcement.
As part of the Global CAPE, the ICO will be able to provide assistance with investigations and share information with member countries without having to enter separate Memorandums of Understanding with each nation.
Global CAPE members include the United States, Australia, Canada, Mexico, Japan, the Republic of Korea, the Philippines, Singapore and Chinese Taipei.
“The ICO’s association with the Global CAPE is an important step in strengthening our relationship with other countries so that we can work together to tackle global data protection and privacy issues,” stated John Edwards.
The Information Commissioner added: “Personal information belonging to people here in the UK often moves between countries, so it’s vital that we work with our key international partners to design solutions that safeguard privacy wherever someone may be based.”
Global CAPE was created to supplement the Asia-Pacific Economic Co-operation Cross-Border Privacy Rules, which also facilitate co-operation and assistance in privacy and data security investigations among APEC’s Asia-Pacific countries. The new arrangement allows for participation by countries outside of the Asia-Pacific region.
