- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
- 구글 클라우드, 구글 워크스페이스용 제미나이 사이드 패널에 한국어 지원 추가
- The best MagSafe accessories of 2024: Expert tested and reviewed
- Threads will show you more from accounts you follow now - like Bluesky already does
Australia’s Privacy Watchdog Publishes Guidance on AI Products
Australian businesses now have a list of best practices to refer to when using commercial AI products.
The Office of the Australian Information Commissioner (OAIC) published on October 21 guidance on the use of commercially available AI products.
The document explains in detail organizations’ obligations when using personal information in the context of off-the-shelf AI products, from chatbots to productivity tools and image generators.
The document outlines best practices encompassing several critical considerations in the deployment lifecycle of AI products. These include:
- Selecting an AI product
- Privacy by design principles when using an AI product
- Transparency requirements when using an AI product
- Data privacy and accuracy risks when using AI
Five Primary Privacy Recommendations When Using AI
The five main takeaways of this new document include:
- Privacy requirements will apply to any personal information input into an AI system, as well as any personal information output data generated by AI
- Businesses should update their privacy policies and notifications with clear and transparent information about their use of AI, including ensuring that any public-facing AI tools are clearly identified as such to external users such as customers
- AI systems used to generate or infer personal information are considered to perform a collection of personal information – and must comply with Chapter 3 of the Australian Privacy Principles guidelines
- Organizations should minimize personal and sensitive information inputs in public-facing AI tools
- If personal information is being input into an AI system, Chapter 6 of the Australian Privacy Principles guidelines requires entities to only use or disclose the information for the primary purpose for which it was collected, unless they have consent or can establish the secondary use would be reasonably expected by the individual, and is related (or directly related, for sensitive information) to the primary purpose
Although this guidance applies to all types of AI systems involving personal information, it will be particularly useful for generative AI and general-purpose AI tools, as well as other uses of AI with a high risk of adverse impacts.
The document does not cover all privacy issues and obligations in relation to the use of AI, but should be considered together with Australia’s Privacy Act and Privacy Principles guidelines, adopted in 1988 and last updated in 2022.