The ICO this week (together with the Alan Turing Institute) published guidance for businesses on how to explain processes, services and decisions made by AI. Split into three parts, the guidance sets out:
- the basics of explaining AI (aimed at DPOs and compliance teams);
- how this works in practice (aimed at tech teams); and
- internal considerations to make (aimed at senior management).
Producing separate guidance aimed at different audiences (each with their own respective responsibilities) is becoming more common for the ICO, with a similar approach taken in its draft guidance on its AI auditing framework (see our alert on this here).
Given that the GDPR and Data Protection Act 2018 are technology-neutral, this guidance goes a long way in helping organisations achieve transparency and accountability in an already complex area. The guidance also makes reference to other legal considerations organisations should make when it comes to AI, including their obligations under the Equality Act 2010.