User data rights
AI must be designed to protect user data and preserve the user’s power over access and uses.
It is your team’s responsibility to keep users empowered with control over their interactions. Pew Research recently found that being in control of our own information is “very important” to 74% of Americans. The European Commission found that 71% of EU citizens find it unacceptable for companies to share information about them without their permission. These percentages will rise as AI is further used to either amplify our privacy or undermine it. Your company should be fully compliant with the applicable portions of EU’s General Data Protection Regulation and any comparable regulations in other countries, to make sure users understand that AI is working in their best interests.
01
Users should always maintain control over what data is being
used and in what context. They can deny access to personal data
that they may find compromising or unfit for an AI to know or
use.
02
Allow users to deny service or data by having the AI ask for
permission before an interaction or providing the option during
an interaction. Privacy settings and permissions should be
clear, findable, and adjustable.
03
Provide full disclosure on how the personal information is being
used or shared.
04
Users’ data should be protected from theft, misuse, or data
corruption.
05
Forbid use of another company’s data without permission when
creating a new AI service.
06
Recognize and adhere to applicable national and international rights laws when designing for an AI’s acceptable user data access permissions.
“Individuals require mechanisms to help curate their unique identity and personal data in conjunction with policies and practices that make them explicitly aware of consequences resulting from the bundling or resale of their personal information.”
- The IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems
To consider
- Employ security practices including encryption, access control methodologies, and proprietary consent management modules to restrict access to authorized users and to de-identify data in accordance with user preferences.
- It is your responsibility to work with your team to address any lack of these practices.
Questions for your team
- What types of sensitive personal datadoes the AI utilize and how will this data be protected?
- What contractual agreements are necessary for data usage and what are the local and international laws that are applicable to our AI?
- How do we create the best user experience with the minimum amount of required user data?
Data rights example
- The hotel provides guests with a consent agreement to utilize the AI hotel assistant before they begin using the AI’s services. This agreement clearly outlines to guests that the hotel does not own their data and they have the right to purge this data from the system at any time, even after checkout.
- During user interviews, the design researchers find that the guests feel they should be provided with a summary of the information that was acquired from them during their stay. At checkout, they can instruct the hotel to remove this information from the system if they wish.
