privacy impact assessment

On 1 March 2017, the UK Information Commissioner’s Office (ICO) published a paper on big data, artificial intelligence, machine learning and data protection (replacing its early paper published in 2014). Although the paper is described as a “discussion paper”, it makes a number of recommendations that those involved in big data projects would be well advised to incorporate into their projects, and it firmly rejects suggestions that either the existing data protection framework or the GDPR cannot be applied in this context.

The paper works through the implications of big data against the core data protection principles; it then discusses compliance tools that can be used to meet those implications (including a useful analysis of how its current Privacy Impact Assessment Code of Practice is still fit for purpose under the GDPR and for big data projects). It concludes with six key recommendations.