UK legislation and the need for data ethics principles

The use and development of technology across all industries has increased exponentially over the last two decades. When designing technology solutions organisations need to consider the protection of personal data, human rights, consumer rights and equality, all of which are underpinned in our current laws. However, when designing Advanced Analytics and Artificial Intelligence (AAAI) many organisations do not necessarily know how best to take all of these legal elements into account, nor are the ethics always considered.

Designing, embedding and adhering to data ethics principles throughout your organisation as part of a data ethics framework builds on compliance in order to maintain and protect public trust.

In the UK legislation specific to AAAI does not exist, as laws by their very nature are technology agnostic, although guidance of course may take certain types of technologies into account. This is to ensure that future technology will still be applicable and subject to an overarching legal framework. However, there are a number of laws that organisations operating within the UK must comply with when developing and using AAAI.

There are four areas of UK legislation that are very significant with regard to the development and use of AAAI:

  • The Equality Act. This protects people from discrimination in the workplace and in wider society. It forms the basis of considering discrimination in the development of AAAI and its logic.
  • The Human Rights Act. This sets out the fundamental rights and freedoms that everyone in the UK is entitled to. These include the right to a private life, the right to life and the right to be treated fairly. This is significant considering that fairness is a fundamental area of focus in AAAI.
  • The Consumer Rights Legislation. This concerns the rights of individuals to choose and be informed, to choose and to be heard, and to have the right to redress - as well as the right to hold organisations accountable when it comes to the development and use of AI.
  • Data protection laws. These laws protect personal information of living individuals. While they are technology agnostic, they form the foundation of regulation pertaining to AAAI both in the UK and globally where the AAAI uses personal information. Aside from personal data, these laws also create a legal framework for individuals? rights in relation to any automated decision making about them, which AAAI may be responsible for. 

While we have set out the key UK laws affecting AAAI, global organisations will also have to consider the different international laws they may need to comply with. Although these cover the same themes as UK laws, they do have some differences.  

As there is no single, coherent legal framework that encompasses the different themes of UK and international laws, it makes sense for organisations to establish their own data ethics principles. This would enable organisations to cover all the varying laws under one standard, along with fundamental ethical norms that go beyond legal compliance. Data ethics principles could not only be applicable to the development of AAAI but could also be applied to an organisation's code of conduct.

To learn more, join the free KPMG-UK Finance webinar on ethical principles for AAAI in financial services on Wednesday 2 December.

Area of expertise: