The ICO said it was focusing on uses of AI and biometrics “that are prevalent today and may benefit people’s everyday lives yet cause the most concern and potential for harm if misused”.
It added that it aims to provide organisations with certainty and the public with reassurance by:
- reviewing the use of automated decision making (ADM) systems by the recruitment industry and working with early adopters in central government such as the Department for Work and Pensions;
- conducting audits and producing guidance on the lawful, fair and proportionate use of facial recognition technology (FRT) by police forces;
- setting clear expectations to protect people’s personal information when used to train generative AI foundation models;
- developing a statutory code of practice for organisations developing or deploying AI responsibly to support innovation while safeguarding privacy; and
- scrutinising emerging AI risks and trends, such as the rise of agentic AI as systems becoming increasingly capable of acting autonomously.
The ICO said new research on ADM and biometric technologies had highlighted public concerns about the consequences when these technologies go wrong – “for example, if facial recognition technology is used inaccurately, or a flawed automated decision impacts their job application”.
More than half (54%) of people surveyed shared concerns that the use of FRT by police would infringe on their right to privacy.
Over the next year, the ICO will consult on an update to its ADM and profiling guidance, develop a statutory code of practice on AI and ADM, and produce a horizon scanning report on the data protection implications of agentic AI.
John Edwards, UK Information Commissioner, said: "Our personal information powers the economy, bringing new opportunities for organisations to innovate with AI and biometric technologies. But to confidently engage with AI-powered products and services, people need to trust their personal information is in safe hands.
“It is our job as the regulator to scrutinise emerging technologies - agentic AI, for example - so we can make sure effective protections are in place, and personal information is used in ways that both drive innovation and earn people’s trust.”