AIFC Publishes Guidance on Data Protection and the Use of Artificial Intelligence
The Office of the Commissioner for Data Protection at the Astana International Financial Centre (AIFC), in collaboration with the law firm Digital Rights Center Qazaqstan (DRCQ), has developed and published a publicly accessible guide on data protection and artificial intelligence (AI). The document provides recommendations on the use of personal data in AI systems and aims to help mitigate associated risks. It is targeted at a wide audience, including legal professionals, and can be used by organisations to ensure additional protection for sensitive information.
Personal Data refers to any information that relates to or identifies a specific individual. This includes, for example, a person’s name, residential address, email and phone numbers, geolocation, job title, or other personal details. Given this, it is critical to pay attention to how AI systems process such data to prevent leaks or its unauthorised disclosure to the public.
Beibut Dosmurzinov, Acting Commissioner of Data Protection of AIFC, commented: “AI technologies are developing rapidly, and their integration into financial services brings both opportunities and potential risks. The AIFC places great importance on protecting personal data, and the guidance we have developed helps reduce these risks in the innovation sector. This initiative underscores our commitment to creating a safe and innovative environment for financial services both in Kazakhstan and beyond.”
Ruslan Daiyrbekov, Managing Partner at Digital Rights Center Qazaqstan (DRCQ), stated: “The development of this guidance is an important step towards increasing transparency and security in the use of artificial intelligence in the financial sector. We aim to create a legal framework that will minimise risks related to the processing of personal data and ensure the protection of individuals’ rights. While AI holds tremendous potential, its use requires a responsible approach to data privacy and security. We are pleased to collaborate with the AIFC and are confident that this guide will serve as a valuable tool for market participants.”
AI systems frequently process large volumes of personal data to function effectively. This may include information such as user profiles, behavioural predictions, and other analytical data that can be used to identify individuals. As a result, improper use can cause significant harm to individuals and organisations. Therefore, AI developers and operators must ensure that the collection and processing of such data comply with data protection regulations.
The guidance highlights that, to avoid negative consequences, AI system developers must implement strict security measures. These may include advanced encryption, access controls, and anonymisation techniques to safeguard this data from unauthorised access.
Additionally, the AIFC guidance emphasises that AI systems must operate with transparency, providing data subjects with clear information on how their data will be used and processed. Furthermore, developers and operators of AI systems must ensure mechanisms are in place to hold them accountable for the data processing activities of their systems.
The full version of the Guidance on Data Protection and Artificial Intelligence can be read via the following link. (https://aifc.kz/legal-framework/regulatory-guidance-on-using-ai-in-the-aifc-2024/)
Reference:
The Astana International Financial Centre (AIFC) is an independent jurisdiction with a favourable legal and regulatory environment, offering developed infrastructure for starting and conducting business, attracting investment, creating jobs, and fostering economic growth in Kazakhstan. www.aifc.kz
Digital Rights Center Qazaqstan (“Центр цифровых прав Казахстан”) is a law firm established as a Central Asian hub to provide professional legal assistance to citizens and businesses in the digital space, as well as in the use of electronic communications. DRCQ is part of the international DRC Group. www.kz.drc.law
