Responsible AI Use in Practice – Module 3 Privacy Thinking in AI Data Use

📍 Module 3: Privacy Thinking – Protecting Data

đź“ť Overview

This module introduces how data privacy and artificial intelligence intersect. AI systems often rely on large volumes of data, and if that data includes personal or sensitive information, there are important responsibilities to consider.

You’ll revisit key data protection principles, learn how AI might affect individual privacy, and explore practical steps you can take to use AI in a way that respects people’s rights.

🎯 Learning Objective

By the end of this module, you’ll be able to:

  • Understand why privacy matters when using AI

  • Recognise how AI can create new data risks (even when not intended)

  • Refresh your awareness of core GDPR principles

  • Identify simple ways to minimise data risks in your workplace

  • Know when to check with a Data Protection Officer or specialist

đź“– Text version of the lesson

Why does privacy matter in AI use?
AI tools often rely on data to function — whether that’s customer reviews, business files, or user behaviour. If that data includes names, contact details, health info, or other identifiers, it may be classed as personal data under data protection law.

Even when you’re not actively collecting personal data, it’s possible for AI tools to infer or reveal private details.

Key privacy principles (from GDPR)
These still apply when using AI:

  • Data minimisation – Only use what’s necessary

  • Purpose limitation – Use data only for its original purpose

  • Accuracy – Keep data up to date

  • Security – Protect data from unauthorised access or loss

  • Transparency – Let people know when their data is used

  • Rights of individuals – People can access, correct, or request deletion of their data

Where AI and privacy overlap
AI may:

  • Combine different data points to create detailed profiles

  • Generate outputs that include or imply personal data

  • Store or log input data (depending on the tool)

  • Be used in decision-making that affects individuals

These risks aren’t always obvious, which is why awareness is important.

GDPR and AI-specific points

  • Article 22 of GDPR covers automated decision-making — including the right to request a human review

  • Organisations should let people know if they’re using AI in ways that impact access to services or opportunities

  • Some high-impact uses may require a Data Protection Impact Assessment (DPIA)

Practical steps you can take

  • Avoid pasting real names, addresses, or sensitive data into online AI tools unless the tool is clearly approved

  • Use dummy or anonymised data when testing AI

  • Check the privacy policy or data practices of any AI tool

  • Know where data is stored, who can access it, and for how long

Examples of risk in everyday AI use

  • Using an AI summary tool on customer complaints might surface personal names or medical info

  • A chatbot could accidentally store full names or contact details if used improperly

  • AI-generated reports might imply things about staff or customers that haven’t been verified

Questions to ask before using AI with data

  • What data is going in — and does it include personal info?

  • Who can access the data or outputs?

  • Could someone be identified or affected by this process?

  • Is consent or notification required?

  • Is the tool covered by your organisation’s existing privacy policies?

🪞 Reflective Prompt (Optional)

Consider a time you used an AI tool — even something simple like ChatGPT, a grammar checker, or a transcription service.

Question:

Did you enter any personal or business-sensitive data?

  • What kind of information was included?

  • Could it be stored, logged, or shared by the tool provider?

  • Would you do anything differently now?

âś… Suggested Next Step

We recommend checking whether your team has any internal guidance or policies for using AI with sensitive or personal data.

If not, consider drafting a short list of “safe use” practices, such as:

  • Don’t use real names when testing tools

  • Avoid uploading private documents unless authorised

  • Always sense-check AI outputs before sharing them

This can help build shared understanding and reduce the risk of accidental privacy breaches.

Previous Lesson
Back to Course
Next Lesson