CALL US TODAY: 0203 983 8278

The use of artificial intelligence (AI) is increasing and evolving at pace. Its application in the course of everyday business includes the use of virtual assistants or chatbots to provide more comprehensive customer service, exploiting machine learning (ML) to automate multiple tasks and using algorithms to predict consumer behaviour and preferences.  But taking advantage of AI is not without risk – particularly in relation to the processing of personal data. Accurately predicting customer behaviour for example involves extensive monitoring of individuals online behaviour.  So while the insights AI provides might represent a valuable business asset, in the context of data protection law and GDPR you need to ensure that you use this technology appropriately. Here we look at some of the issues small and medium-sized businesses need to consider before embracing the opportunities AI undoubtedly presents.

What Do Regulators Say About AI?

In 2020 the EU published a White Paper on AI. Whilst highlighting the benefits that can be derived from emerging technology the paper makes clear that AI will be embraced by the EU only in a way that puts people first. In terms of data protection, the white paper envisages an entirely new regulatory framework covering AI and personal data.

In the UK The ICO has always made clear that GDPR is underpinned by the principle of data protection by design. This means that you must consider privacy and data protection issues at the design phase of any system you introduce to your business. At Nath Solicitors in London, we’re in no doubt that AI encompasses the kind of technological tools that are caught by the data protection by design requirement.

This means if you use AI in your business – or if you have plans to do so in the future – you need to be conscious of the implications for data protection law compliance. A failure to invest in specialist legal advice and to take the necessary steps to ensure you are acting within the law could result in significant fines and reputational damage.

Do You Use AI In Your Business?

Many businesses use or are exposed to forms of AI without perhaps realising it. Common AI applications include:

  • Spam email filters
  • Electronic personal assistants such as Siri and Alexa
  • Sales forecasting tools
  • Purchase prediction tools
  • Voice recognition technology
  • Facial recognition
  • Fraud prevention tools for online shopping
  • Targeted online advertising
  • Data scraping

So if we accept that there is a good chance you sue AI in the course of your business, what do you need to consider when it comes to GDPR and regulatory compliance?

AI And Data Protection – The key Issues

If we look at AI in relation to data protection laws such as GDPR there are a wide range of implications to consider. For example:

  • Data minimisation and purpose limitation – Under GDPR you are only permitted to use data for a specified purpose.  The way ML tools harvest data means meeting these requirements will present big challenges
  • Data retention – GDPR imposes limits on the length of time you can hold data. AI on the other and seeks to hold data for as long as possible to increase the accuracy of behaviour prediction for example
  • Data deletion – Will you be able to readily remove AI acquired data from your systems when requested to do so by a consumer? This is a requirement of GDPR

Given the possibility of GDPR breaches resulting from use of AI you should ensure you and your staff are fully aware of the sensitivities around these technologies as you introduce them into your business.

Contact Us

For more information on data protection law compliance and AI please contact our director Shubha Nath at Nath Solicitors on 44 (0) 203 670 5540 or contact the firm online.


    I accept the privacy policy

    To prove you are not a robot, please answer the following question:


    Copyright. Nath Solicitors Limited. Registered in England and Wales. Company Number: 08724944. VAT number: 207490711. Office Located at: 35 Berkeley Square, London, W1J 5BF. Nath Solicitors Limited is authorised and regulated by the Solicitors Regulatory Authority. Registration number 608014. Terms Of Use. Privacy Policy. Cookies Policy. Complaints Procedure.