DPAS Data Protection Bulletin – March 30 2023

GOVERNMENT AND REGULATORY ACTIVITY

UK Department for Science, Innovation and Technology Unveils New AI Growth Plan

The UK government has published a White Paper on AI regulation, outlining a pro-innovation approach to AI with a focus on avoiding unnecessary burdens for businesses. While no new legal requirements are being introduced, the paper recognises the risks posed by AI to human rights, safety, fairness, privacy, societal well-being, and security. To mitigate these risks and maintain public trust, the UK is proposing a unique regulatory framework based on five principles: safety, transparency, fairness, accountability, and contestability.

Regulators will have the flexibility to develop and enforce AI rules based on these principles, and there will be a statutory duty to consider them. The UK’sUK’s approach differs from the EU AI Act, which imposes mandatory requirements on the developers and deployers of AI systems across all sectors. The government will provide support to regulators, such as monitoring, assessment, and feedback, innovation support, and education and awareness. While the proposed regulatory framework provides a balanced approach to regulating AI, further work will be done on regulating foundation models such as ChatGPT to explore risks and regulatory needs in this area. You can read the plan HERE.  

Major AI Players Sign Open Letter for Six-Month Break on Powerful AI System Research

Over 1,000 AI experts, researchers, and supporters have signed an open letter calling for an immediate six-month pause on the development of powerful artificial intelligence systems, including those more advanced than GPT-4. The letter emphasises the need to better understand, predict, and control these technologies, arguing that powerful AI systems should only be developed once their positive effects are ensured and risks are manageable. Signatories of the letter include major figures in the AI field, engineers from Amazon, DeepMind, Google, Meta, and Microsoft, as well as prominent academics.

The letter, coordinated by the Future of Life Institute, suggests that if researchers do not voluntarily pause their work on powerful AI models, governments should step in. It clarifies that this does not mean a pause on AI development in general, but rather a step back from the race toward larger, unpredictable models with emergent capabilities. The call for strict regulation contrasts with the UK government’sgovernment’s AI regulation white paper, which focuses on coordinating existing regulators and offers five principles for AI considerations. You can read the full letter HERE.

High Court Rules Immigration Exemption to Data Protection Act Unlawful, Again

The High Court has ruled that the UK government’sgovernment’s immigration exemption to the Data Protection Act 2018 remains incompatible with the UK General Data Protection Regulation (GDPR). The immigration exemption allows the Home Office and privately contracted companies to deny individuals’ requests to access their personal data if it might “”prejudice the maintenance of effective immigration control.”” This exemption can also prevent migrants from objecting to their data being used for automated decision-making or being deleted.

Previously challenged in 2018 and ruled unlawful in May 2021, the government was given until January 2022 to introduce legislative amendments to make the exemption compatible with GDPR requirements. However, the Open Rights Group and the3million, who brought the judicial review claims, argued that the changes were inadequate, and the High Court has now agreed, stating that the exemption still does not comply with mandatory requirements of Article 23(2). You can find the full text of the judgement HERE.

ICO Introduces New Prioritisation Framework for Public Interest FOIA Complaints

The Information Commissioner’sCommissioner’s Office (ICO) has unveiled a new prioritisation framework for handling complaints under the Freedom of Information Act (FOIA), focusing on cases with significant public interest. The ICO has streamlined its processes to better manage the volume and complexity of FOI complaints and target public authorities that systematically fail to meet transparency obligations. The new criteria aim to provide clear guidance on significant public interest, such as issues involving large amounts of public money or information impacting vulnerable groups.

The ICO plans to allocate priority cases within four weeks and fast-track 15-20% of its caseload, aiming to close 90% of all cases within six months. This prioritisation is part of the ICO’sICO’s recent improvements in regulating the FOI Act, which includes reducing its caseload of live complaints by nearly two-thirds and delivering over 2,500 decision notices in the past year. The ICO is also taking more proactive action against public authorities that systematically fail to comply with the law. You can read the full statement HERE.