As the use of AI grows, so do concerns around data privacy. Generative AI, in particular, uses vast amounts of data farmed from across the internet to simulate human qualities. Many large tech companies have already amended their user agreements to allow the scraping of personal information to collect this data.

This intersection between the data used by AI and the privacy of the individuals the data is collected from is being scrutinized by law makers the world over. In October 2023, the White House published a declaration of eight principles for governing AI development and use. Later, the European Union adopted the European Union Artificial Intelligence Act (EU AI Act), the world’s first comprehensive AI regulation. The law was implemented in August 2024, with its provisions being gradually enforced over two years until full enforcement begins in August 2026.

With more AI governance laws sure to follow, companies would do well to pre-empt these by building ethical AI usage into their privacy programs.  

Privacy Concerns & AI

The vast farming of data has several implications at the enterprise level affecting data accuracy and protection along with the introduction of biases. AI algorithms “learn” from large amounts of representative data. However, these data sets may not be representative of real-world situations, overlooking underrepresented groups or minorities, leading to unintentional bias. A famous example is Amazon’s experimental (now discontinued) recruiting engine. It was biased against women for technical roles because it was trained on résumé data predominantly submitted by men. The end results reflected the tech industry’s male dominance. Ultimately, the recruiting engine only widened the gap.

Even if anonymized, large data sets are at the risk of being breached allowing individuals to be identified. In fact, researchers from Belgium’s Université Catholique de Louvain (UCLouvain) and Imperial College London demonstrated that 99.98% of individuals in a dataset could be identified from as little as 15 demographic attributes. Using such data for AI training could still constitute a privacy violation.

Strategies for AI Governance

A central AI governance policy can help businesses meet regulatory compliance and safeguard their customers while allowing them to maximize the value derived from AI technology. Let’s look at just a few.

Data Hygiene

The foundation for preserving privacy is to practice good data hygiene. Minimize the amount of data you collect and only keep it for the duration it is needed for. Remove personally identifiable information from your datasets and restrict access to data to authorized personnel. Regular audits help ensure that your security protocols are up to date.

Implement Differential Privacy Frameworks & Federated Learning

Differential privacy frameworks introduce ‘noise’ into your datasets to prevent individual records from being identified. Adopting this system allows your AI model to learn from and analyze patterns within your datasets without exposing personal information.

If applicable adopt a decentralized approach to training AI models via federated learning. Here, the AI model learns locally where the data is stored and only sends its model updates back to your server. This can prevent you from collecting sensitive data and helps minimize data collection.

Build Written Policies & Procedures

AI governance policies can only be followed when clearly defined. Define and document key principles like fairness, transparency, and accountability. Link these to policies and procedures that can be implemented. This can serve as a great jumping off point for your AI governance program. Include applicable regulatory requirements with a framework to apply changes to your policy as a new technology, client requirements, and regulations come into play.

Champion a responsible AI culture across the organization and include employee training as necessary.

Be Ethical & Transparent

Transparency is key to building trust with your customers and maintaining regulatory compliance. Clearly communicate how data is collected, used and protected and allow customers the ability to consent to the use of their data in AI models.

Prove That AI & Privacy Can Go Hand-in-Hand

A well-designed, thoughtful AI governance policy can demonstrate to your customers that AI can be beneficial to them while still protecting their privacy. Giving them control over their data, good data hygiene, advanced privacy-preserving techniques, robust governance frameworks, and ethical practices all work towards a trustworthy digital future.

If you need help integrating AI governance into your existing privacy program, our team of privacy experts is here to help. Contact us to learn more.