The crossroads of AI and privacy compliance: OAIC publishes new guidance

The Office of the Australian Information Commissioner (OAIC) has issued two new guides to clarify the application of Australia’s privacy obligations for users of commercially available artificial intelligence (AI) products and developers of generative AI (GenAI) models.

This development signals the importance of complying with the Privacy Act 1988 (Cth) (Privacy Act) when using personal information in AI systems and products, especially given the prevalence of AI, including GenAI. It also reflects the Federal Government’s continued focus on promoting and facilitating compliance with Australia’s privacy laws, especially in relation to AI, as new AI systems and products continue to be used by more and more Australians.

General guidance on AI and the Privacy Act

The Privacy Act applies to all uses of AI involving personal information, including where information is used to develop, test, train or use an AI system. The guidance notes that, where there is doubt about the application of the Privacy Act to AI activities, developers and users should err on the side of caution and assume it applies.

Further, the OAIC recommends that both GenAI developers and users of commercially available AI systems take a ‘privacy by design’ approach. This includes the conduct of privacy impact assessments to understand the impact of use of a particular AI product on the privacy of individuals and the identification of ways to manage, minimise or eliminate those impacts.

Guidance on privacy and the use of commercially available AI products

The guidance for users of AI products is specifically targeted at organisations that deploy AI systems that are built with, collect, store, use or disclose personal information. This is irrespective of whether the product is deployed for internal purposes (e.g. use within an organisation) or external purposes (e.g. use affecting customers).

• Privacy obligations apply to AI inputs and outputs. Privacy obligations apply to personal information input into an AI system and AI-generated data that contains personal information. Personal information includes inferred, false or artificially generated information that may identify an individual. Organisations should be aware that inputting personal information into an AI system may raise privacy risks, especially as the information may be difficult to track, control or remove once it enters the system. Further, if output data (generated by AI) includes personal information, that data is subject to privacy obligations (e.g. Australian Privacy Principle (APP) 10 would apply and require that the information be accurate, up-to-date and complete). See our article on a recent decision of the Victorian Privacy Commissioner on this very issue.
  
  
• Privacy policies and notifications should be transparent about the use of AI. Privacy policies and notifications should contain clear and transparent information about an organisation’s use of AI. This includes ensuring that privacy notifications specify any AI-related purposes for which personal information is being collected, and that public facing AI tools (such as chatbots) are clearly identified to users. This point of guidance follows the proposed amendments to the Privacy Act recently introduced into Federal Parliament, which included the recommendation that the use of personal information in an automated decision-making system will require disclosure under an organisation’s privacy policy.

• AI-generated or inferred personal information must comply with collection requirements. Where AI systems are used to generate or infer personal information (including incorrect information such as hallucinations and deepfakes), this will be taken as a collection of personal information, and therefore the requirements under APP 3 will apply. This means organisations must ensure that the collection or generation of personal information by AI is reasonably necessary for its functions or activities, and only done by lawful and fair means.

• Personal information input into an AI system can only be used for the primary purpose for which it was collected. If personal information is input into an AI system, the information can only be used or disclosed for the primary purpose for which it was collected (in accordance with APP 6), unless consent is obtained or if a secondary use that would be reasonably expected by the individual can be established. The guidance clarifies that a secondary use may be within an individual’s reasonable expectations if it was expressly outlined in a notice at the time of collection and in the organisation’s privacy policy.

• Personal information should not be entered into publicly available GenAI tools. Personal information, particularly sensitive information, should not be entered into publicly available GenAI tools, as there are significant and complex privacy risks that arise from doing so.

Key takeaways and next steps

1. Check that the personal information can be used in the AI model by reference to the purpose for which the personal information was collected.
   
   
2. When using sensitive information in AI, clear consent of the individual must be obtained (unless an exception applies).
   
   
3. Ensure that privacy policies and notices are amended to reflect the use of AI, as appropriate.
   
   
4. Organisations must take reasonable steps to ensure the accuracy of the personal information it collects, generates, uses and discloses when using an AI product. This includes taking steps to ensure that the data being used to train or develop the AI product is accurate, which may involve an organisation’s ongoing review of its data holdings and data quality.
   
   
5. Confirm that the use of personal information is reasonably necessary for the functions or activities of the business.

For further details and practical guidance, refer to the OAIC’s checklist of privacy considerations when using commercially available AI products.

Guidance on privacy and developing and training generative AI models

The guidance for developers of generative AI models is targeted at organisations that design, build, train, adapt or combine AI models and applications. Although the guidance references GenAI models, it is useful in the context of any kind of AI model that uses personal information.

• Developers must take reasonable steps to ensure accuracy in GenAI models. Reasonable steps should be commensurate with the level of risk of the model and can include undertaking testing, using high quality data sets, and clearly disclaiming the limitations of the AI model.

• Consider whether publicly available data can legally be used to train GenAI models. A developer should not assume that publicly available data can be used lawfully to train or fine-tune a model and should consider whether any data used or collected for use in an AI model contains personal information. This is a critical issue and has been the subject of numerous OAIC determinations.

• The collection of sensitive information generally requires consent. Particular care should be taken when collecting photographs or recordings of individuals (including artificially generated ones), as they may contain sensitive information. If information constitutes sensitive information, it cannot be scraped from the web or collected from a third-party dataset without obtaining prior consent.

• Consider whether previously collected personal information can be lawfully used in training an AI model. A developer should consider whether it can lawfully use personal information to train an AI model if that is not the primary purpose for which the information was originally collected. It may be lawful to do so if it can be established that training an AI model is a secondary use that would be reasonably expected by the individual. Where such secondary use cannot be established, consent should be sought and / or a meaningful and informed ability to opt-out should be offered.

• Seek explicit consent prior to using personal information to train AI. Notwithstanding evolving community expectations, the OAIC recommends seeking explicit consent, and offering individuals a meaningful and informed ability to opt out, before allowing AI to use personal or sensitive information to train itself.

Key takeaways and next steps

1. Developers must consider whether the data they are collecting or intending to use contains personal information. This includes publicly available information, and/or when a developer is using a third-party dataset. Additional steps, such as deleting information, may be necessary to comply with privacy obligations.
   
   
2. Organisations providing information to developers, and developers reusing personal information they already hold to train generative AI, should consider data minimisation techniques, including using collection criteria and data sanitisation methods.
   
   
3. When using sensitive information to train AI models, clear consent of the individual must be obtained (unless an exception applies).
   
   
4. Developers and organisations providing information to developers should ensure their privacy policy and any APP 5 collection notifications are up-to-date and explain the use of data for AI training purposes.

For further details and practical guidance, refer to the OAIC’s checklist of privacy considerations when developing or training generative AI models.