It is your team’s responsibility to keep users empowered with control over their interactions. Pew Research recently found that being in control of our own information is “very important” to 74% of Americans. The European Commission found that 71% of EU citizens find it unacceptable for companies to share information about them without their permission. These percentages will rise as AI is further used to either amplify our privacy or undermine it. Your company should be fully compliant with the applicable portions of EU’s General Data Protection Regulation and any comparable regulations in other countries, to make sure users understand that AI is working in their best interests.
Users should always maintain control over what data is being used and in what context. They can deny access to personal data that they may find compromising or unfit for an AI to know or use.
Allow users to deny service or data by having the AI ask for permission before an interaction or providing the option during an interaction. Privacy settings and permissions should be clear, findable, and adjustable.
Provide full disclosure on how the personal information is being used or shared.
Users’ data should be protected from theft, misuse, or data corruption.
Forbid use of another company’s data without permission when creating a new AI service.
Recognize and adhere to applicable national and international rights laws when designing for an AI’s acceptable user data access permissions.
“Individuals require mechanisms to help curate their unique identity and personal data in conjunction with policies and practices that make them explicitly aware of consequences resulting from the bundling or resale of their personal information.”