In the first of our reports from the Data Insights x Shoosmiths conference, data protection officers (DPOs) from MasterCard, the Motor Insurers’ Bureau (MIB), and Virgin Media O2 discuss the impact of AI on their roles and organizations because, as they said, “AI is here to stay.”
Panel: Kate Brimsted, partner, Shoosmiths; Hamish Corner, partner, Shoosmiths; Ben Westwood, MIB; James Finlayson, Virgin Media O2; and Catarina Silva, Mastercard
Key takeaways
- AI presents both opportunities and challenges for data protection.
- DPOs play a critical role in ensuring the responsible and ethical use of AI, including supporting sustainable innovation, and building AI with integrity so it can be trustworthy.
- Collaboration, communication, and continuous learning are essential for DPOs in the AI era.
Evolution of the DPO role
The DPO’s role is shifting from solely “guardians” of data privacy to “architects” who help shape the responsible use of AI. This involves balancing innovation with ethical and legal considerations. DPOs will need to be more technically savvy to understand how AI systems work, including data points and models.
DPOs should be involved in AI projects from the outset to influence design and implementation. Understanding the business’s needs and priorities is crucial for effective collaboration.
AI in action
The panellists gave examples of AI currently in use in their organizations:
- MasterCard uses AI for real-time fraud detection in payment transactions, saving significant costs.
- MIB is exploring AI for information security, claims processing, and assessing risks related to autonomous vehicles.
- Virgin Media O2 uses AI to improve network operations and customer experience, particularly in fraud prevention with the “Daisy” chatbot – which frustrated potential scammers and provided lessons learned on their modus operandi.
The panel highlighted that AI is being used as a force for good, and to protect consumers.
Governance and compliance
The panel discussed the importance of good policy and procedure.
Organizations are adapting existing data privacy programs to incorporate AI-specific assessments and controls. There is no need “to reinvent the wheel.” However, integrating AI system inventories with existing records of processing activities is a challenge.
It is vital to ensure business engagement and a seat at the table for DPOs in AI discussions at the earliest opportunity. Training and awareness programs are essential to promote responsible AI use and address the EU AI Act’s literacy requirements.
Case study
A fictional scenario, adeptly acted by Shoosmiths’ Brimsted and Corner, involving an AI meeting transcription feature being enabled by default, highlighted the risks of unintended data disclosure and the need for robust governance.
The panel emphasized the importance of incident response, communication with affected individuals, and implementing preventative measures. The case study highlighted the importance of company culture, and the need for processes to ensure that new tools are not just switched on without due consideration.
DPO skill sets
The panel agreed that DPOs will need to enhance their technical skills, particularly in understanding AI and cybersecurity. Other important attributes include business acumen and the ability to communicate effectively. It was also noted that experience in various business functions can be invaluable for DPOs.
The panel’s closing advice for DPO’s, “be curious” and become “knowledge pollinators.”
