Everyone seems to agree that AI technology can be harnessed to present significant opportunities for membership organisations.
As an Association you may have already taken a significant step forward and are using AI to support Operations streamlining whereas other Associations may not have as yet taken a step onto the AI ladder.
There are some easy places to start e.g. – your team may have decided to use ChatGPT to support your writing of emails, generating content, re-working text or to use it for a range of content based tasks.
AI bots on websites can also be used to interact with website visitors – helping to answer queries or help with sign posting to resources.
Or your organisation may have decided to smooth the membership application process – using AI to help bring the relevant questions forward that need answering.
At whatever stage you are at don’t forget that your organisation’s privacy notice may need updating to show that you are using AI. The use of Ai is also a matter for data protection.
Why is this?
Articles 13 and 14 of the GDPR give individuals the right to be informed of:
- the existence of solely automated decision-making producing legal or similarly significant effects;
- meaningful information about the logic involved; and
- the significance and envisaged consequences for the individual.
Article 15 of the GDPR gives individuals the right of access to:
- information on the existence of solely automated decision-making producing legal or similarly significant effects;
- meaningful information about the logic involved; and
- the significance and envisaged consequences for the individual.
Article 22 of the GDPR states that “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her”
The ICO has a number of useful resources available E.G. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/
But on a practical level please do check that you have:
- Reviewed the AI you are deploying
- Made sure you review your Privacy Notice- PN – (the one that you publish on your public facing web site) to see what changes are needed.
You may need to conduct a DPIA. Article 35 of the GDPR requires organisations to carry out Data Protection Impact Assessments (DPIAs) if their processing of personal data, particularly when using new technologies, is likely to result in a high risk to individuals.
The ICO states that a DPIA is always required for any systematic and extensive profiling or other automated evaluation of personal data which are used for decisions that produce legal or similarly significant effects on people.
What Privacy Notice changes might be needed?
If you are using automated processing i.e. processing that leads to decisions not involving human input, or automated profiling of individuals then you should state this in your privacy notice and outline the various associated rights.
How do we make these changes?
Ask us to help you.