Whilst organisations have legal responsibilities for communicating certain types of data decisions and methods of data collection (e.g. GDPR), there are also ethical design considerations that extend beyond these. These are often about how and when to communicate specific pieces of information to residents.
LOTI recommends that councils proactively communicate with residents about how decisions are being made with data, e.g.:
Automated decisions: There is a legal obligation to tell a data subject (e.g. a resident) if an automated decision is made about them. LOTI recommends that local authorities proactively tell data subjects in advance that these kinds of decision will be made in an automated manner. See our Recommendation in Practice below for useful guidance on this.
Sensitive data: LOTI recommends that local authorities proactively communicate when and where they are collecting certain types of sensitive data, such as biometric information, especially if it is through more invasive collection methods. This means sharing up front how the data is stored, shared and used and using straightforward language that residents with limited data literacy could understand.
Interacting with a bot: Research shows that people do not like being deceived into thinking they are speaking to a human being. So, it is important that residents know at the start of any conversation with their local authority if they are speaking with an automatic chatbot or a real person. This is currently a proposal in the EU AI Act, and the Central Digital and Data Office (CDDO) recommends that for AI-powered chatbots on the gov.uk website, “…it’s best to make it clear the user is not talking to a real person.”
The Information Commissioner’s Office (ICO) and the Alan Turing Institute have created a useful resource for organisations on Explaining decisions made with AI, services and decisions delivered or assisted by Artificial Intelligence (AI) might affect a data subject, like a resident.
Within this guidance is advice for different groups: for Data Protection Officers and compliance teams, for technical teams to help them with the practicalities of explaining decisions and providing explanations, and for senior leaders to help them understand the various roles, policies, procedures and documentation that they could set up.