Reuben Binns, our Research Fellow in Artificial Intelligence (AI), discusses the challenges organisations may face in implementing mechanisms in AI systems that allow data subjects to exercise their rights of access, rectification and erasure.
This post is part of our ongoing Call for Input on developing the ICO framework for auditing AI. We encourage you to share your views by leaving a comment below or by emailing us at AIAuditingFramework@ico.org.uk.
Under the General Data Protection Regulation (GDPR) individuals have a number of rights relating to their personal data. These rights apply to personal data used at the various points in the development and deployment lifecycle of an AI system, including personal data:
- contained in the training data;
- used to make a prediction during deployment; or
- that might be contained in the model itself.
This blog post describes the considerations organisations may encounter when attempting to comply with three specific rights – access, rectification and erasure – in relation to AI systems, and where exemptions may apply.