According to new research, generative AI has the potential to become a £1 trillion market within the next ten years, offering significant benefits to both businesses and society. However, the ICO emphasises the need for organisations to be aware of the associated privacy risks.

Stephen Almond, the Executive Director of Regulatory Risk at the ICO, highlighted the importance of recognising the opportunities presented by generative AI while also understanding the potential risks.

“Businesses are right to see the opportunity that generative AI offers, whether to create better services for customers or to cut the costs of their services. But they must not be blind to the privacy risks,” says Almond.

“Spend time at the outset to understand how AI is using personal information, mitigate any risks you become aware of, and then roll out your AI approach with confidence that it won’t upset customers or regulators.”

Generative AI works by generating content based on extensive data collection from publicly accessible sources, including personal information. Existing laws already safeguard individuals’ rights, including privacy, and these regulations extend to emerging technologies such as generative AI.

In April, the ICO outlined eight key questions that organisations using or developing generative AI that processes personal data should be asking themselves. The regulatory body is committed to taking action against organisations that fail to comply with data protection laws.

Almond reaffirms the ICO’s stance, stating that they will assess whether businesses have effectively addressed privacy risks before implementing generative AI, and will take action if there is a potential for harm resulting from the misuse of personal data. He emphasises that businesses must not overlook the risks to individuals’ rights and freedoms during the rollout of generative AI.

“We will be checking whether businesses have tackled privacy risks before introducing generative AI – and taking action where there is a risk of harm to people through poor use of their data. There can be no excuse for ignoring risks to people’s rights and freedoms before rollout,” explains Almond.

“Businesses need to show us how they’ve addressed the risks that occur in their context – even if the underlying technology is the same. An AI-backed chat function helping customers at a cinema raises different questions compared with one for a sexual health clinic, for instance.”

The ICO is committed to supporting UK businesses in their development and adoption of new technologies that prioritise privacy.

The recently updated Guidance on AI and Data Protection serves as a comprehensive resource for developers and users of generative AI, providing a roadmap for data protection compliance. Additionally, the ICO offers a risk toolkit to assist organisations in identifying and mitigating data protection risks associated with generative AI.

For innovators facing novel data protection challenges, the ICO provides advice through its Regulatory Sandbox and Innovation Advice service. To enhance their support, the ICO is piloting a Multi-Agency Advice Service in collaboration with the Digital Regulation Cooperation Forum, aiming to provide comprehensive guidance from multiple regulatory bodies to digital innovators.

While generative AI offers tremendous opportunities for businesses, the ICO emphasises the need to address privacy risks before widespread adoption. By understanding the implications, mitigating risks, and complying with data protection laws, organisations can ensure the responsible and ethical implementation of generative AI technologies.

(Image Credit: ICO)

Related: UK will host global AI summit to address potential risks

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week.

The post Stephen Almond, ICO: Prioritise privacy when adopting generative AI appeared first on AI News.

The controversial facial recognition provider has scraped billions of images of people across the web for its system. Understandably, it caught the attention of regulators and rights groups from around the world.

In November 2021, the UK’s Information Commissioner’s Office (ICO) imposed a potential fine of just over £17 million on Clearview AI. Today’s announcement suggests Clearview AI got off relatively lightly.

John Edwards, UK Information Commissioner, said:

“Clearview AI Inc has collected multiple images of people all over the world, including in the UK, from a variety of websites and social media platforms, creating a database with more than 20 billion images.

The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable.

That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.”

The enforcement notice requires Clearview AI to delete all facial recognition data.

UK-Australia joint investigation

A joint investigation by the UK’s ICO and the Office of the Australian Information Commissioner (OAIC) was first launched in July 2020.

Angelene Falk, Australian Information Commissioner and Privacy Commissioner, commented:

“The joint investigation with the ICO has been highly valuable and demonstrates the benefits of data protection regulators collaborating to support effective and proactive regulation. 

The issues raised by Clearview AI’s business practices presented novel concerns in a number of jurisdictions. By partnering together, the OAIC and ICO have been able to contribute to an international position, and shape our global regulatory environment.”

Falk concluded that uploading an image to a social media site “does not unambiguously indicate agreement to collection of that image by an unknown third party for commercial purposes”.

The OAIC ordered Clearview AI to destroy the biometric data it collected of Australians.

“People expect that their personal information will be respected, regardless of where in the world their data is being used. That is why global companies need international enforcement. Working with colleagues around the world helped us take this action and protect people from such intrusive activity,” added Edwards.

“This international cooperation is essential to protect people’s privacy rights in 2022. That means working with regulators in other countries, as we did in this case with our Australian colleagues. And it means working with regulators in Europe, which is why I am meeting them in Brussels this week so we can collaborate to tackle global privacy harms.”

(Photo by quan le on Unsplash)

Related: Clearview AI agrees to restrict sales of its faceprint database

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post UK fines Clearview AI £7.5M for scraping citizens’ data appeared first on AI News.

The controversial facial recognition giant has caught the attention of global privacy regulators and campaigners for its practice of scraping personal photos from the web for its system without explicit consent.

Clearview AI is expected to have scraped over 10 billion photos.

“Common law has never recognised a right to privacy for your face,” Clearview AI lawyer Tor Ekeland once argued.

The UK’s ICO launched a joint probe with the Office of the Australian Information Commissioner (OAIC) into Cleaview AI’s practices.

Earlier this month, Australia’s Information Commissioner Angelene Falk determined that “the act of uploading an image to a social media site does not unambiguously indicate agreement to collection of that image by an unknown third party for commercial purposes.”

Falk ordered Clearview AI to destroy the biometric data that it collected on Australians and cease further collection.

While we’ve had to wait a bit longer for the UK’s take, this week the ICO decided to impose a potential fine of just over £17 million on Clearview AI. The company must also delete the personal data currently held on British citizens and cease further processing.

Elizabeth Denham, UK Information Commissioner, said:

“I have significant concerns that personal data was processed in a way that nobody in the UK will have expected. It is therefore only right that the ICO alerts people to the scale of this potential breach and the proposed action we’re taking.

UK data protection legislation does not stop the effective use of technology to fight crime, but to enjoy public trust and confidence in their products technology providers must ensure people’s legal protections are respected and complied with.

Clearview AI Inc’s services are no longer being offered in the UK. However, the evidence we’ve gathered and analysed suggests Clearview AI Inc were and may be continuing to process significant volumes of UK people’s information without their knowledge.

We therefore want to assure the UK public that we are considering these alleged breaches and taking them very seriously.”

Leaked documents suggest Clearview AI’s system was tested by UK authorities including the Metropolitan Police, Ministry of Defense, the National Crime Agency, and a number of police constabularies including Surrey, North Yorkshire, Suffolk, and Northamptonshire. However, the system is said to no longer be being used or tested in the UK.

Following the US Capitol raid earlier this year, Clearview AI boasted that police use of its facial recognition system increased 26 percent.

(Photo by ev on Unsplash)

Looking to revamp your digital transformation strategy? Learn more about the Digital Transformation Week event taking place virtually 30 November – 1 December 2021 and discover key strategies for making your digital efforts a success.

The post Clearview AI could be fined £17M from UK privacy watchdog appeared first on AI News.

The facial recognition provider has been the focus of many investigations for its controversial practice of scraping the online data of people without their consent.

The joint investigation, conducted by the ​​UK Information Commissioner’s Office (ICO) and Office of the Australian Information Commissioner (OAIC), found that Clearview AI has scraped the biometric information of at least three billion people.

“Common law has never recognised a right to privacy for your face,” Clearview AI lawyer Tor Ekeland once argued.

In her determination (PDF), Australia’s Information Commissioner Angelene Falk disagrees: “I consider that the act of uploading an image to a social media site does not unambiguously indicate agreement to collection of that image by an unknown third party for commercial purposes.”

“Consent also cannot be implied if individuals are not adequately informed about the implications of providing or withholding consent. This includes ensuring that an individual is properly and clearly informed about how their personal information will be handled, so they can decide whether to give consent.”

The joint investigation concluded that Clearview AI breached the country’s privacy laws by collecting the data of citizens without their consent and failed to notify affected individuals. A form created at the start of 2020 that allowed citizens to opt-out from being searchable on the solution can no longer be used and Australians can now only make such a request via email.

Falk’s office has now ordered Clearview AI to destroy the biometric data that it’s collected on Australians and cease further collection.

“The covert collection of this kind of sensitive information is unreasonably intrusive and unfair,” Falk said.

“It carries significant risk of harm to individuals, including vulnerable groups such as children and victims of crime, whose images can be searched on Clearview AI’s database.”

Increasing regulatory scrutiny

By amassing such a large amount of data, Clearview AI is one of the most powerful facial recognition tools available. The solution has been used by governmental agencies and law enforcement around the world.

Following the Capitol raid earlier this year, Clearview AI boasted that police use of its facial recognition system increased 26 percent.

Regulators are now increasing their scrutiny over Clearview AI’s practices. The UK-Aus investigation began last year and followed a similar probe that was launched by the EU’s privacy watchdog a month prior.

The European Data Protection Board ruled that any use of the service by law enforcement in Europe would “likely not be consistent with the EU data protection regime” and that it “has doubts as to whether any Union or Member State law provides a legal basis for using a service such as the one offered by Clearview AI.”

(Photo by Maksim Chernishev on Unsplash)

Find out more about Digital Transformation Week North America, taking place on 9-10 November 2021, a virtual event and conference exploring advanced DTX strategies for a ‘digital everything’ world.

The post UK-Aus probe finds Clearview AI fails to comply with privacy regulations appeared first on AI News.