How to get touch with us over the festive period

Our offices will be closed on 25 and 26 December, and 1 January with no access via telephone or email on these days. On 23, 24 and 27 December you will be able to reach us via telephone, email and our live chat but our offices will be closed to the public. All other dates we are open as usual. 

Complete the form below to ask us a question or make an enquiry. We’ll get back to you via phone or email as soon as possible.

Insights

My Employees Are Already Using AI – What Are the Risks?

Posted on 26th February 2024 in Data Protection

Posted by

Jessica Whittick

Solicitor
My Employees Are Already Using AI – What Are the Risks?

During a work call you find out that your employees are using artificial intelligence. They’re using it in a number of ways, for example:

·      Redrafting emails using Chat GPT.

·      Drafting recruitment adverts by entering prompts into Chat GPT.

·      Summarising meeting notes using Chat GPT.

·      Creating presentations using Gemini.

·      Generating code using GitHub Copilot. 

·      Generating images to create visuals for advertising campaigns and social media content using Stable Diffusion.

·      Generating images for visual aids in an education and training setting to enhance the learning experience using Midjourney.

The use of generative artificial intelligence is transforming the way individuals are working. Informed and responsible use of generative AI has the potential to increase efficiency in the workplace, improve decision making and foster innovation. However, to realise the benefits, there needs to be confidence that AI is being deployed appropriately and lawfully and Tozers can assist you with this process. It may be the case that your business is already in breach of the law.

Do you know how generative AI systems operate?

Generative AI systems work by using algorithms to create new data from an existing data set. Take the example of an artist who has been shown thousands of pictures and then makes their own drawing:

·      The artist (AI) is shown lots of pictures (data).

·      The artist learns what pictures usually look like (training).

·      The artist makes their own drawing (generates new data).

·      If the drawing doesn’t look right, the artist tries again (evaluation and adjustment).

This process allows generative AI systems to make a new material based on the ones it’s been shown.

Do you know how AI systems process personal data?

AI systems process personal data by collecting it and storing it. The data is then processed and analysed to extract meaningful information or patterns. Employees using publicly accessible generative AI systems lack control over how inputted data is used. Although terms will vary between systems, at the moment they are likely to preserve broad rights over users’ data.

Are we allowed to use AI to process personal data?

If you are processing personal data you must comply with UK GDPR and this includes obtaining informed consent from an individual before processing their data and ensuring it is stored and processed securely. Where an employee is using AI to process personal data (this includes copying and pasting personal data into a generative AI system), your business may already be in breach of UK GDPR.

How can Tozers help?

AI is generally considered a high-risk technology and there may be a more privacy-preserving and effective alternative. You must complete a data protection impact assessment (DPIA) when your processing is likely to result in high risk to people and this must be carried out before you deploy an AI system. We can:

·      Discuss DPIAs and technical and organisational measures to mitigate or manage the risks you identify.

·      Discuss how to inform data subjects about using AI to process their data and obtain their consent.

·      Provide advice and guidance about the regulatory framework in relation to processing personal data.

What about employment law risks?

There are significant risks of using generative AI systems in an employment law context, including:

·      Issues around professionalism, care and due diligence.

·      Accuracy and responsibility for mistakes.

·      The predictive nature of the AI system leads to the potential for it to fabricate information (known as hallucination).

·      Sharing sensitive/confidential information.

There are further employment law risks of using generative AI for recruitment. For example, training data for an AI system designed to assist in recruitment decisions may reflect discrimination where men have historically been considered to be more suitable candidates for certain roles.

Companies must ensure their use of AI in recruitment adheres to laws and regulations concerning equal opportunities and data protection to mitigate the risk of legal action. Using AI in recruitment advertisements/decisions may expose your business to legal risks as it could inadvertently lead to discriminatory hiring practices.

How can Tozers help?

Our nationally recognised Employment team can:

·      Provide advice on the regulatory framework.

·      Review contracts with third-party AI tools to ensure they meet legal and ethical standards.

·      Draft internal policies around the use of AI, including acceptable use of AI systems, procedures for obtaining and handling candidate data, as well as policies to ensure non-discrimination.

·      Provide training to HR and recruitment staff on the legal landscape.

·      Provide legal representation in court or during the dispute resolution processes.

Have you considered the intellectual property risks?

Who owns the intellectual property rights in AI generated words and images and can I trade mark them? Can AI generated material infringe third parties’ intellectual property rights? These are vital questions you should be able to answer before using generative AI systems. 

Generative AI systems can unintentionally create similar material to existing copyrighted material and, whilst AI itself cannot be held liable for infringement, those responsible for its operation and usage may be subject to copyright disputes. This presents a significant risk to your business.

How can Tozers help?

Our Intellectual Property team can offer advice and tailored solutions to navigate the challenges that may arise in this dynamic domain. 

How does your organisation plan to comply with regulatory issues around generative AI?

To mitigate the risks of generative AI, including breaches of contract, privacy and intellectual property, discrimination and negligence, you should seek specialist legal advice.

Lawyers play a crucial role in navigating the complex legal landscape surrounding the use of AI systems. If you require advice, speak to one of our legal experts today in a no-obligation phone call. 

Contact our legal experts

Company & Industry

Related Insights

Insights

Police Force Issued with a £750,000 Penalty Notice by the ICO for an Unprecedented and Industrial Scale Data Breach

Posted on 09th October 2024 in Dispute Resolution, Data Protection

In a recent case involving the Information Commissioner’s Office (ICO) and the Chief Constable of Northern Ireland, the ICO issued a penalty notice due to non-compliance with UK GDPR obligations. The incident stemmed from a data breach that occurred during a Freedom of Information Act (FOIA) response. While FOIA requests are typically limited to public authorities, the lessons from this case are relevant to all businesses handling personal data. Read our latest insight for a breakdown of the key points.

Posted by

Jessica Whittick

Solicitor
Insights

Debunking Data Protection Part 2: Can I Use a Template Privacy Notice?

Posted on 05th September 2024 in Data Protection

In this new series of insights, we debunk common data protection misconceptions and explain how Tozers can help your business comply with the regulatory framework.

Posted by

Jessica Whittick

Solicitor