On 3 April 2023, the UK Information Commissioner's Office (ICO) published an outline helping developers evaluate whether their development and usage of generative AI technologies comply with data protection regulations. It contains eight questions inviting users and developers alike to reflect on, including the lawful basis for data processing, their status as data controller, joint controller or processor, the necessity of a DPIA assessment, the need to ensure transparency, the mitigation of security risks, the limitation of unnecessary data processing, the compliance with individual rights requests and the liability of solely automated decisions processes under Article 22 of UK GDPR. These questions also reflect the ICO's stated approach regarding oversight of companies using or developing generative AI technology and large language models.
Original source