Hong Kong

Privacy watchdog publishes guidelines on personal data protection in AI systems

The Office of the Privacy Commissioner for Personal Data (PCPD) on Tuesday issued the “Artificial Intelligence: Model Personal Data Protection Framework” to provide internationally well-recognized and practical recommendations and best practices to assist organizations in procuring, implementing and using AI.

The guidelines state that institutions, when procuring AI systems, should establish a governance committee to assist in formulating the purpose of AI usage and its governance strategies.

The governance committee is also required to report any system malfunction or raise concerns regarding data protection or ethical issues to the institution’s board of directors or internal stakeholders for monitoring purposes.

The Model Framework covers recommended measures in four areas, including Establish AI Strategy and Governance; Conduct Risk Assessment and Human Oversight; Customisation of AI Models and Implementation and Management of AI Systems; and Communication and Engagement with Stakeholders.

Privacy Commissioner Ada Chung Lai-ling said it is expected that nearly half of the institutions in Hong Kong will be using AI within this year, representing an increase of nearly 20 percent compared to the previous year.

She also said the adoption of generative AI poses more privacy risks among other emerging technologies, including tendencies to collect excessive data or use data from different sources for personal identification.

A case in point is employees providing confidential customer data to chatbots, which AI may retain for answering future user queries, she said.

The watchdog chief also pointed out that users often do not fully understand how their data will be used by AI, and companies may face the risk of data breaches if not handling data security well.

Chung described the Model Framework as a guide that provides internationally recognized recommendations and best practices for institutions, adding that users can be sure that their practices are lawful when they follow the guidelines.