Key Terms in APSCo's AI Legal Resources

AI can be confusing, and legal terminology does not help. This is why we have put together the key terms used throughout our AI Legal Guidance suite of resources, part of APSCo's new APSCo Business Transformation Zone. This new member area is designed to help recruitment businesses embrace AI and automation.

• Automated Decision Making (ADM) means the process of making decisions by automated means without meaningful human involvement;

• AI-generated content means text, images, recommendations or decisions produced by AI tools;

• AI provider means a supplier or an organisation that provides AI tools or services to your business;

• AI risk means legal, regulatory, operational or reputational risks arising from using AI;

• AI tools means artificial intelligence systems, AI enabled technologies or software including generative AI, predictive analytics and automated decision-making tools; Article 22 means Article 22 under the General Data Protection Regulation (Article 22 GDPR);

• Algorithmic Impact Assessment (AIA) means a process to anticipate the potential impacts of an AI tool (both short and long term) including data protection, accessibility, and bias;

• Bias audit means a process for assessing the inputs and outputs of algorithmic systems to determine whether there is bias in input data, or in the outcome of a decision or classification made by an AI tool. Bias audits should be repeated at regular intervals after the system is in operation to ensure consistent performance;

• Candidate means an individual who applies for employment or is being considered for a role within a recruitment process, including job seekers, applicants, prospective employees and individuals undergoing assessment or interview;

• Controller means the person or organisation determining the purposes and means of processing personal data;

• Data Processing Agreement (DPA) means a legally binding contract between data controllers and processors;

• Data Protection Impact Assessment (DPIA) means an assessment designed to identify and minimise the privacy and data protection risks arising out of the processing of personal data. DPIAs are mandatory for all development and deployment of AI tools that involve processing likely to result in high risk to individuals' rights and freedoms;

• Data subject means an individual whose personal data is being processed;

• Employee means your employees, consultants, agents and workers (i.e. your internal staff who use AI tools, not the candidates you are recruiting on behalf of clients); Equality Act means the Equality Act 2010;

• Equality Impact Assessment (EIA) means an impact assessment that focuses specifically on equalities outcomes; EU AI Act means Regulation - EU - 2024/1689 - EN - EUR-Lex;

• General Data Protection Regulation (GDPR) means a regulation governing the protection and processing of personal data, which includes both the EU GDPR (EU) 2016/679 and the UK GDPR;

• Information Commissioner's Office (ICO) means the UK's independent authority responsible for upholding information rights and promoting privacy;

• Joint controller means two or more organisations jointly determining the purposes and means of processing personal data;

• Legitimate Interests Assessment (LIA) means a risk evaluation process used to determine whether a data processing activity can be justified under the legitimate interest legal basis set out in Article 6.1(f) of the GDPR;

• Meaningful human involvement means human oversight that is genuine and substantive, requiring the reviewer to: 

   

  (a) have access to all relevant information, not just the AI recommendation;

  (b) have the authority and competence to override the AI decision;

  (c) be given sufficient time and resources to conduct an independent assessment;

  (d) actively consider rather than automatically adopt the AI output; and

  (e) document their review process and reasoning;
  
  

• Output means information, recommendations or decisions produced by an AI tool in response to a user prompt;

• Processor means the person or organisation processing personal data on behalf of a controller;

• Prompt means instructions or queries you input into an AI tool to generate outputs;

• Self-assessment derogation means a procedure under Article 6(3) of the EU AI Act allowing AI providers to demonstrate that their system, whilst falling within a high-risk category, does not actually pose high risks in practice. This allows the system to be reclassified as not high-risk rather than remaining high-risk but self-certified. Providers must document their assessment and maintain records;

• Shadow AI means unauthorised or unmonitored AI tools used by employees without your organisation's knowledge or approval; and

• Special category personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning a natural person's sex life or sexual orientation.