This ICO audit outcomes report distils what the regulator found in consensual audits of AI powered sourcing, screening, and selection tools used in recruitment, and translates those findings into practical recommendations under UK data protection law. It sits in the UK’s wider approach to AI governance by treating data protection principles as a core governance layer for AI systems in high impact settings such as hiring. The report identifies recurring risks including excessive data collection, opaque repurposing and scraping, weak role allocation between controllers and processors, and the use of inferred protected characteristics that are both unreliable and often processed without proper legal basis or awareness. It also signals what “good” looks like in AI assurance practices for recruiters and vendors.
Date
Instrument Type
Jurisdiction
Institution