Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR And Artificial Intelligence

by Adam Brogden
in Blog

09-Sep-2019 14:25

The ICO is working on a framework to help companies using AI understand how GDPR applies and the measures companies need to take to ensure they are GDPR compliant. For example – how do you meet the data minimisation principle in an AI system? This seems to be exactly the opposite of how AI systems work! Here is an extract from the blog produced by the ICO.


AI systems generally require large amounts of data. However, organisations must comply with the minimisation principle under data protection law if using personal data. This means ensuring that any personal data is adequate, relevant and limited to what is necessary for the purposes for which it is processed.

What is adequate, relevant and necessary in relation to AI systems will be use-case specific. However, there are a number of techniques that organisations can adopt in order to develop AI systems which process as little personal data as possible, while still remaining functional. In this blog, we explore some of the most relevant techniques for supervised Machine Learning (ML) systems, which are currently the most common type of AI in use.

Within organisations, the individuals accountable for the risk management and compliance of AI systems need to be aware that such techniques exist and be able to discuss different approaches with their technical staff. The default approach of data scientists in designing and building AI systems will not necessarily take into account any data minimisation constraints. Organisations must therefore have in place risk management practices to ensure that data minimisation requirements, and all relevant minimisation techniques, are fully considered from the design phase, or, if AI systems are bought or operated by third parties, as part of the procurement process due diligence.

However, data minimisation techniques do not completely eliminate risk. Also, while some techniques will not require any compromise to deliver data minimisation benefits, some will require organisations to balance data minimisation with other compliance or utility objectives, eg making more accurate and non-discriminatory ML models. Our previous trade-offs blog discusses our current thinking about how organisations could approach this balancing act.



If you are involved in AI you should take a look at this blog and consider how this applies to you.

For more information feel free to contact us or call anytime.

Good luck all.