Is the development, deployment and usage of AI systems in accordance with data protection requirements fundamentally any different to other data processing systems?
Whether or not a system is considered to be an ‘AI system’, organisations need to understand the (personal) data flows and data processing tasks that are associated with each stage of the system lifecycle.
Complexity of data flows and data processing tasks that comprise modern AI systems (and data processing systems in general) may increase the expertise, time and resources required to gain this understanding. However, such understanding remains essential to the fulfilment of data protection requirements at each stage in the system lifecycle.
Any systems (AI or otherwise) for which (personal) data flows and data processing tasks are not fully understood are unlikely to fulfil data protection requirements, and are likely to place individuals and organisations at risk of harm.
View the ICO’s response to their consultation series on Generative AI at: https://ico.org.uk/about-the-ico/what-we-do/our-work-on-artificial-intelligence/response-to-the-consultation-series-on-generative-ai/executive-summary/
View the ICO’s Tech Futures report on Agentic AI at: https://ico.org.uk/about-the-ico/research-reports-impact-and-evaluation/research-and-reports/technology-and-innovation/tech-horizons-and-ico-tech-futures/ico-tech-futures-agentic-ai/