During a work call you find out that your employees are using artificial intelligence. They’re using it in a number of ways, for example:
· Redrafting emails using Chat GPT.
· Drafting recruitment adverts by entering prompts into Chat GPT.
· Summarising meeting notes using Chat GPT.
· Creating presentations using Gemini.
· Generating code using GitHub Copilot.
· Generating images to create visuals for advertising campaigns and social media content using Stable Diffusion.
· Generating images for visual aids in an education and training setting to enhance the learning experience using Midjourney.
The use of generative artificial intelligence is transforming the way individuals are working. Informed and responsible use of generative AI has the potential to increase efficiency in the workplace, improve decision making and foster innovation. However, to realise the benefits, there needs to be confidence that AI is being deployed appropriately and lawfully and Tozers can assist you with this process. It may be the case that your business is already in breach of the law.
Do you know how generative AI systems operate?
Generative AI systems work by using algorithms to create new data from an existing data set. Take the example of an artist who has been shown thousands of pictures and then makes their own drawing:
· The artist (AI) is shown lots of pictures (data).
· The artist learns what pictures usually look like (training).
· The artist makes their own drawing (generates new data).
· If the drawing doesn’t look right, the artist tries again (evaluation and adjustment).
This process allows generative AI systems to make a new material based on the ones it’s been shown.
Do you know how AI systems process personal data?
AI systems process personal data by collecting it and storing it. The data is then processed and analysed to extract meaningful information or patterns. Employees using publicly accessible generative AI systems lack control over how inputted data is used. Although terms will vary between systems, at the moment they are likely to preserve broad rights over users’ data.
Are we allowed to use AI to process personal data?
If you are processing personal data you must comply with UK GDPR and this includes obtaining informed consent from an individual before processing their data and ensuring it is stored and processed securely. Where an employee is using AI to process personal data (this includes copying and pasting personal data into a generative AI system), your business may already be in breach of UK GDPR.
How can Tozers help?
AI is generally considered a high-risk technology and there may be a more privacy-preserving and effective alternative. You must complete a data protection impact assessment (DPIA) when your processing is likely to result in high risk to people and this must be carried out before you deploy an AI system. We can:
· Discuss DPIAs and technical and organisational measures to mitigate or manage the risks you identify.
· Discuss how to inform data subjects about using AI to process their data and obtain their consent.
· Provide advice and guidance about the regulatory framework in relation to processing personal data.
What about employment law risks?
There are significant risks of using generative AI systems in an employment law context, including:
· Issues around professionalism, care and due diligence.
· Accuracy and responsibility for mistakes.
· The predictive nature of the AI system leads to the potential for it to fabricate information (known as hallucination).
· Sharing sensitive/confidential information.
There are further employment law risks of using generative AI for recruitment. For example, training data for an AI system designed to assist in recruitment decisions may reflect discrimination where men have historically been considered to be more suitable candidates for certain roles.
Companies must ensure their use of AI in recruitment adheres to laws and regulations concerning equal opportunities and data protection to mitigate the risk of legal action. Using AI in recruitment advertisements/decisions may expose your business to legal risks as it could inadvertently lead to discriminatory hiring practices.
How can Tozers help?
Our nationally recognised Employment team can:
· Provide advice on the regulatory framework.
· Review contracts with third-party AI tools to ensure they meet legal and ethical standards.
· Draft internal policies around the use of AI, including acceptable use of AI systems, procedures for obtaining and handling candidate data, as well as policies to ensure non-discrimination.
· Provide training to HR and recruitment staff on the legal landscape.
· Provide legal representation in court or during the dispute resolution processes.
Have you considered the intellectual property risks?
Who owns the intellectual property rights in AI generated words and images and can I trade mark them? Can AI generated material infringe third parties’ intellectual property rights? These are vital questions you should be able to answer before using generative AI systems.
Generative AI systems can unintentionally create similar material to existing copyrighted material and, whilst AI itself cannot be held liable for infringement, those responsible for its operation and usage may be subject to copyright disputes. This presents a significant risk to your business.
How can Tozers help?
Our Intellectual Property team can offer advice and tailored solutions to navigate the challenges that may arise in this dynamic domain.
How does your organisation plan to comply with regulatory issues around generative AI?
To mitigate the risks of generative AI, including breaches of contract, privacy and intellectual property, discrimination and negligence, you should seek specialist legal advice.
Lawyers play a crucial role in navigating the complex legal landscape surrounding the use of AI systems. If you require advice, speak to one of our legal experts today in a no-obligation phone call.
