ICO publishes report on agentic AI and its data privacy implications

The Information Commissioner’s Office (ICO) has published the latest report in its Tech Futures series on the topic of agentic AI (the Report). While not formal guidance, the Report is a useful indication of the ICO’s current thinking on this emerging technology, including the key data privacy risks to be considered, depending on its evolving capability and uptake.

What is agentic AI?
There is no legal definition of agentic AI, but the ICO suggests defining it as a system that:

• integrates large language models with other tools; and
• is likely to be able to work with various inputs, plan, reason, take actions and learn. 

The ICO provides a wide variety of examples, including current uses, such as coding assistants, and emerging uses, such as ‘personal assistant’ type systems which could become increasingly integrated and personalised. 

Potential data privacy risks
Whilst many of the potential risks associated with agentic AI are the same or similar to those associated with generative AI, there are certain novel risks associated with agentic AI, including:

• challenges in determining controller and processor responsibilities in the agentic AI supply chain;
• the purposes of an agentic AI system being too wide;
• a system being given access to personal data beyond what is necessary;
• rapid automation of tasks which could result in an increase in automated decision-making (ADM);
• potential unintended use or inference of personal data, including special category data;
• transparency and the ability to exercise information rights being undermined by particularly complex data flows within these systems; and
• new types of security risks, such as an attacker inserting false or malicious information into the system’s memory. The concentration of personal data within certain agentic AI systems may also be more attractive to threat actors.

Despite increased levels of autonomy, agentic AI does not mean the removal of human, and therefore organisational, responsibility for data processing. Organisations remain responsible for data protection compliance of the agentic AI they develop, deploy or integrate in their systems and processes.

Potential mitigations 
Organisations should use privacy by design and privacy-friendly innovation in agentic AI. The ICO encourages exploration of tools which could assist with:

• individuals managing their own personal information;
• a company’s responses to data rights requests; or
• specific tasks that a data protection officer might be responsible for. 

The ICO also uses a capability / adoption matrix to explore different future scenarios relating to agentic AI and how this might shape their regulatory intervention in the future. 

Wider regulatory interest and collaboration 
In the EU, the European Data Protection Supervisor recently released a podcast on agentic AI, which echoes agentic AI’s potential to compound the risks we already recognise about generative AI – such as errors cascading through multiple decisions before being spotted, or compounding the negative impacts of a system trained on biased data.

Given the likely uptake of agentic AI, it is helpful to see regulators collaborating to identify potential risks, opportunities and mitigations. In the UK, the Digital Regulation Cooperation Forum (DRCF) launched a Thematic Innovation Hub (the Hub) in October last year. The DRCF brings together four key regulators in the UK (the ICO, Competition Markets Authority, Financial Conduct Authority and Ofcom) and the Hub aims to increase engagement and regulatory advice on key topics – the first of which is agentic AI. 

Next steps
The ICO is keen to emphasise that the Report is only their early-stage thinking and that they welcome contact from any stakeholders wishing to continue the conversation (by emailing emergingtechnology@ico.org.uk). AI continues to be a priority for the ICO, with a statutory code on AI and ADM expected this year and the ICO committing to hold workshops and other engagement exercises around the topic of agentic AI.   

Agentic AI has the potential to enable fundamental changes, such as consumer behaviour in the retail sector, where marketing will need to appeal to algorithms rather than individuals, and this will have a direct impact on business strategies. With this Report and upcoming guidance, the ICO is clearly signposting that data privacy has to be part of that shift.