Skip to content

Briefing

Tech warnings

Privacy regulator issues new AI guidance

Make us a preferred source

Link copied

The news: The privacy commissioner has published new artificial intelligence guidance for businesses and developers on how existing privacy law applies to artificial intelligence, while national privacy law is under review.

The context: The new guides come midway through the government's work to update Australian privacy law, with a first batch of proposals introduced to parliament last month. Proposals to update the way we consent to handing over our data are expected in a second tranche of updates next year.

The Office of the Australian Information Commissioner's (OAIC's) guide for businesses is intended to make it easier for companies to select AI products that are compliant with their privacy obligations.

Its guide for developers focuses on the use of personal information to train generative AI models.

The guides also come weeks after the privacy watchdog began preliminary inquiries into radiology network I-MED after Crikey reported that it had collected data from patients without consent to train Harrison.ai artificial intelligence models.

In a media release accompanying the guides, the regulator said that while the information it has published today is meant to address interactions between AI technology and current laws, privacy commissioner Carly Kind said AI privacy protections could still be strengthened.

The commissioner also warned that businesses should update privacy policies and notifications with clear information about their use of AI.

What they said: “Our new guides should remove any doubt about how Australia’s existing privacy law applies to AI, make compliance easier, and help businesses follow privacy best practice. AI products should not be used simply because they are available," Kind said.

“The community and the OAIC expect organisations seeking to use AI to take a cautious approach, assess risks and make sure privacy is a key consideration. The OAIC reserves the right to take action where it is not."

The OAIC has said that just because "data is publicly available or otherwise accessible does not mean it can legally be used to train or fine-tune generative AI models or systems".

"Where developers are seeking to use personal information that they already hold for the purpose of training an AI model, and this was not a primary purpose of collection, they need to carefully consider their privacy obligations," the regulator said.

The source: Privacy Commissioner


By Laurel Henning