New guides for businesses published by the Office of the Australian Information Commissioner (OAIC) seek to articulate how Australian privacy law applies to artificial intelligence (AI) and set out the regulator’s expectations.

The first guide will make it easier for businesses to comply with their privacy obligations when using commercially available AI products and help them to select an appropriate product. The second provides privacy guidance to developers using personal information to train generative AI models.

“How businesses should be approaching AI and what good AI governance looks like is one of the top issues of interest and challenge for industry right now,” said Privacy Commissioner Carly Kind.

“Our new guides should remove any doubt about how Australia’s existing privacy law applies to AI, make compliance easier, and help businesses follow privacy best practice. AI products should not be used simply because they are available.

“Robust privacy governance and safeguards are essential for businesses to gain advantage from AI and build trust and confidence in the community,” she said.

“Australians are increasingly concerned about the use of their personal information by AI, particularly to train generative AI products.

“The community and the OAIC expect organisations seeking to use AI to take a cautious approach, assess risks and make sure privacy is a key consideration. The OAIC reserves the right to take action where it is not.”

The OAIC has published a blog post with further information about the privacy guidance for developers using personal information to train generative AI models.