In March 2017, the ICO issued a report, “Big data, artificial intelligence, machine learning and data protection” (Big Data Report), which provides an update to their 2014 report on big data. Since 2014, the application of big data analytics has spread throughout the public and private sectors. Artificial intelligence has provided the ‘thinking’ power behind virtual personal assistants and smart cars, and machine learning algorithms are helping to detect fraud and diagnose diseases.

The Big Data Report has added a focus on both of these processing operations, as the complexity of the processes has meant it can be problematic to see what is going on behind the scenes. This has led to a call by the ICO for new regulation of big data, artificial intelligence and machine learning, to increase transparency and ensure accountability. The Big Data Report emphasises complexity should not preclude businesses from complying with data protection laws.

The ICO provides six key recommendations for businesses in their report for data protection compliance:

  1. Anonymise personal data where personal data is not required for the analysis.
  2. Be transparent about the use of personal data and provide appropriate privacy notices at appropriate stages of a big data project.
  3. Embed a privacy impact assessment procedure in projects to identify any risks.
  4. Adopt a privacy by design approach in the development and application of big data analytics.
  5. Develop ethical principles to try and reinforce data protection principles.
  6. Implement techniques to develop auditable machine learning algorithms to check for any errors.

Big data, artificial intelligence and machine learning is a fast moving world, and we can expect to see the ICO issuing further guidance on this topic in the future.