In 2023, Artificial Intelligence (AI) is helping marketers automate workflows, gain deeper insights into their target audience and become more efficient.
However, while AI tools are a fantastic asset when it comes to streamlining, there are a few major pitfalls that marketers need to avoid. Some of them could even potentially lead to legal trouble.
In general, the legal context of using AI for marketing is not yet well-defined. With the rapid development of AI tools over the past few years, legislators -- never particularly agile -- have been struggling to keep up.
However, there are legal frameworks that do apply to AI, or at least the data that algorithms gather, process and analyse to help marketers reach their decisions. Most prominent among them is the European Union’s General Data Protection Regulation (GDRP). And while there is no federal equivalent in the US, state laws such as the California Consumer Privacy Act (CCPA) have similar implications.
In addition, the EU is also working on an AI Act to regulate the development and deployment of algorithms. It is expected to pass into law later this year.
Here are five mistakes to avoid to stay compliant, and harness AI without any data privacy ripples.
Gathering data without consent
First and foremost, you have to seek people’s consent if you want to gather their data. This may sound like a no-brainer, but the fact is that many websites fail to meet even these basic standards.
In fact, Alphabet and Meta were both fined heavily in late 2021 by the French data protection authority, Commission Nationale de l’Informatique et des Liberté, for using cookies illegally. And a recent analysis by a Brunel University law professor showed that only 15 out of 50 well-known websites adhered to GDPR privacy regulations when it came to data gathering.
To avoid this pitfall, you need to ask users for permission as soon as you begin gathering their data. Typically, this means a cookie pop-up when they open your website. Crucially, you need to make it easy for users to decline cookies in order to be compliant.
No thorough, accessible privacy policy
Another common privacy mistake marketers make when it comes to gathering data for AI algorithms is failing to have an accessible privacy policy.
Transparency is key when it comes to staying compliant with regulations such as the GDPR. That means having a comprehensive section on your site that explains how users’ data is being gathered and handled.
More importantly, that policy should be easily accessible -- and comprehensible. Rather than loading it with complex legal language, your data privacy policy has to be straightforward. An average user needs to be able to understand how you collect and process their data -- and why.
Failure to explain data gathering purposes
That “why” is another clincher. Not only do users need to be able to understand what data you gather -- and how you process it -- but also what your endgame is. What customer insights do you want to gather?
Are you recording their search history in your online store to fine-tune an algorithm and offer better suggestions to enhance their overall experience? Or are you planning to sell that data to third parties, so they can also custom-tailor ads to vie for their attention?
You can take this opportunity to outline to people how sharing their data with you is advantageous to them. Highlight how they benefit, whether they will ultimately receive better offers, have faster customer support or enjoy a more personalized experience.
No data deletion offer
According to GDRP, people must be provided fast access to the data you have gathered about them. And, if they ask you to, you have to delete it.
However, many marketers fail to factor this requirement into their data gathering and storing strategy. Customer data may end up siloed, or buried deep in an AI algorithm from which it can be hard to extract. Then, if a deletion request does come in, it’s a mad scramble to comply.
To pre-empt this situation, plan for individual data deletion requests. Make sure that when you set up your systems you will be able to comply -- and to hand over or delete customer data if someone requests it.
No transparency about algorithm use
Finally, there is a pitfall directly related to AI use -- and that is not being transparent about which algorithms you leverage and to what end.
While this is currently a legal gray area, the best policy is always to offer customers as many insights as possible about how the data you gather helps you reach decisions.
One way to do so is to use explainable AI, which outlines how models reach certain end results and what safeguards are taken to avoid biases.
If you use generative AI, you can use logos or banners to highlight the outputs of these tools. And if you use it for your recommendations, it’s a good idea to let users know at least which factors an algorithm takes into account.
Conclusion
For the moment, the legal situation around AI and data privacy in marketing is not yet defined clearly. However, there are certain safeguards you can establish.
Asking permission to gather user data, offering a transparent privacy policy and data deletion options, and being straightforward about which algorithms you use and why are the cornerstones of these safeguards. They’ll help you make sure you’re compliant with existing legislation and brace for future rules.
Hasan Saleem is a serial entrepreneur, investor, and founder of multiple technology and e-commerce startups. He now manages a marketing agency.
