'AI' and/or'Machine Learning' as it's known is becoming more prevalent in the working environment. From'rogue algorithms' upsetting GCSE gradings through to Microsoft 365 judging you for only working on one document all day, we cannot escape the fact that there are more'automated' services than ever before. For DPOs, records managers and IG officers, this poses some interesting challenges to the future of records, information and personal data. I was asked to talk about the challenges of AI and machine learning at a recent IRMS Public Sector Group webinar. In the session titled'IRM challenges of AI & something called the'metaverse' we looked at a range of issues, some of which I'd like to touch on a little bit below.

The UK's Information Commissioner's Office (ICO) has published guidance on how to ensure data protection compliance when deploying artificial intelligence (AI). The ICO opened consultation on its first draft of the AI guidance in December last year, and released the final version today, the culmination of two years of research and part of the ICO's commitment to enable good data protection practice in AI. The guidance is intended to "mitigate the risks specifically arising from a data protection perspective, explaining how data protection principles apply to AI projects without losing sight of the benefits such projects can deliver". It includes both recommendations on best practice and practical guidelines on deploying the technology while avoiding the security risks potential for discrimination and bias that it can bring. The guidance is designed to help organisations "assess the risks to rights and freedoms that AI can pose from a data protection perspective" and how to implement measures to mitigate risks, but is not intended as a guide to the ethical or design principles of the use of AI.

The Information Commissioner's Office (ICO) has published an 80-page guidance document for companies and other organisations about using artificial intelligence (AI) in line with data protection principles. The guidance is the culmination of two years research and consultation by Reuben Binns, an associate professor in the department of Computer Science at the University of Oxford, and the ICO's AI team. The guidance covers what the ICO thinks is "best practice for data protection-compliant AI, as well as how we interpret data protection law as it applies to AI systems that process personal data. The guidance is not a statutory code. It contains advice on how to interpret relevant law as it applies to AI, and recommendations on good practice for organisational and technical measures to mitigate the risks to individuals that AI may cause or exacerbate".

Over the past few years, I have witnessed amazing uses of Artificial Intelligence (AI) in areas such as online retail, banking, and healthcare. The recent pandemic has driven innovation in the use of technology and data but some of the challenges for organisations using AI are constant. For example, Is AI the right technology for the problem? What ethical issues does it create? How can we be sure the use of AI is lawful?