The UK’s Information Commissioner’s Office (ICO) has published Regulating AI: The ICO’s Strategic Approach. The paper essentially states that it will be responsible for drafting the AI principles and implementing them in the most responsible manner. The Office has committed to taking a pragmatic approach by acknowledging that data protection law is risk-based and requires mitigation.
Overall, there are five key elements to the AI governance strategy of the ICO. These elements include acting as a de facto AI regulator, maintaining the stated approach, taking enforcement action when required, maintaining AI as a key focus area, and maintaining open dialogue and partnerships with industry players.
For starters, the UK has decided not to appoint an independent regulator like the European Union. Many of the principles align with data protection, and that is where the focus will be. It includes the principles of accountability, fairness, and transparency. This stretches from development to implementation.
As a result, the UK ICO will supervise operations accordingly and keep data privacy at the forefront throughout the AI development cycle.
The ICO has recognized the potential of AI, but it is also cautious about the risks involved. Hence, remain pragmatic and risk-focused. However, the ICO does not explicitly aim for complete compliance, stating that data protection law relies on risk and requires mitigation rather than complete removal.
There are no specific answers to a lot of questions, but it is safe to conclude that AI should go around hampering anyone’s privacy in the UK. It will conduct the usual Data Privacy Impact Assessment to check for proper safeguards.
If not, then the ICO reserves the right to take appropriate enforcement action. The ICO prioritizes two sensitive areas: safeguarding child-related data and utilizing facial recognition technology.
The ICO will continue to focus on AI as a key area for two years, starting in 2024 and concluding in 2025. It will also work on ad-tech, online tracking, and children’s privacy. There is a chance that more consultations and consensual audits will happen in the near future, as the segment is relatively new for authorities not just in the UK but all over the world.
The UK ICO has identified the need for open dialogue. It entails the need to collaborate when it comes to addressing AI challenges. The forum has committed to establishing a unified approach that fosters coherence in enforcement and oversight.
The UK ICO is confident about the collaborative approach, believing that the cross-sectoral theory will help in sharing technology and responsibilities in the industry.
Moving forward, the ICO aims to play a central role in setting principles and implementing them across the UK when it comes to AI—for a minimum of 2 years—as a de facto lead regulator.