Responsible AI and privacy: PwC

Summary

Privacy leaders are becoming key players in AI strategy, as responsible data use is central to building stakeholder trust and avoiding reputational risk.

Tiered AI governance models help manage risk efficiently, allowing innovation to continue while focusing oversight where it matters most.

Responsible AI practices create strategic advantage, improving brand trust, data quality and long-term scalability of AI initiatives.

This is the fifth in a series of articles focused on how Responsible AI is enhancing risk functions to deliver value and AI innovation.

As organizations race to adopt AI, privacy leaders are stepping into expanded roles, often leading or influencing AI governance efforts. This shift reflects the way emerging AI risks have collided with longstanding privacy principles. AI models are built on massive amounts of data, often including sensitive personal information, which means they have the potential to undermine privacy norms. This potential is well-known, and public debates about AI often focus on questions about how people’s data is used to train the models and whether it is being used with permission.

To leverage AI’s massive benefits responsibly while building trust, organizations should reevaluate their operating models, governance and risk tiering. To use AI responsibly, companies should safeguard sensitive information and maintain trust among stakeholders, including employees, suppliers, customers and investors. This warrants a renewed focus on privacy, positioning privacy leaders to drive influence and lead innovation.

How the status quo is changing in privacy

Enterprise leaders leveraging today’s emerging AI technologies should understand that data collection and processing are important prerequisites. AI’s appetite for vast datasets — and the use of consumer personal information to differentiate AI output — can increase the potential for privacy infringements. At PwC we’re helping these leaders manage the process effectively.

Take some of the obvious risks. AI’s ability to infer patterns and predict behaviors can lead to unintended exposure of personal information. Your organization might have secured consent from users to apply their data to user experience and personalization, but have those users consented to using that data to train an AI model? Third-party data can pose particular concerns. Does your organization have the right to use it for the AI applications you have in mind?

These risks highlight the importance of having an enhanced understanding of personal data and inputs that are making their way into AI models — an understanding that privacy leaders are well positioned to provide. Organizations should have holistic policies that address data minimization, consent and user autonomy. They also should find ways to demonstrate that AI-driven decisions are explainable to key stakeholders, including customers. This transparency and accountability is crucial for maintaining user trust.

At the same time, it’s crucial that your privacy and governance frameworks don’t become bottlenecks for innovation. Privacy teams now find themselves evaluating every AI use case across the organization. To stay effective — and avoid burying the organization in red tape — many organizations are shifting to tiered governance approaches. This focuses the privacy team’s attention on the projects with the greatest risk.

The rapidly changing AI landscape can pose additional challenges in aligning AI initiatives with privacy obligations.

Regulatory complexity: The rapid evolution of AI technologies is outpacing existing regulations, creating a complex compliance environment. Staying on top of developments such as the EU's AI Act and other emerging legal frameworks is crucial.
Data access and control rights: Some legal privacy frameworks have given individuals the right to access their data and request that it be corrected or even deleted. Responding to these requests when it comes to data used in training AI models may be extremely difficult.
Technical implementation: Privacy-preserving techniques, like differential privacy and federated learning, can help AI systems comply with these obligations. But implementation of these techniques demands significant technical expertise and resources.
Increased monitoring requirements: Continuous oversight of AI systems is essential to help detect and address privacy breaches promptly, which can add to operational demands.

Opportunities for Responsible AI in privacy

Addressing privacy in the context of AI is not just about mitigating risks. It can also offer strategic advantages and opportunities.

Demonstrating a commitment to privacy can enhance your brand’s reputation and foster customer loyalty. Organizations that prioritize Responsible AI practices can distinguish themselves in the marketplace, helping to appeal to privacy-conscious consumers. If you’re able to use AI in an innovative way without using personal data, advertising that fact can be a differentiator. If you do use personal data, putting in privacy guard rails — and being transparent about that — can reassure your customers.

Even in the absence of AI that uses personal data, companies that invest time in privacy management today will likely be able to move more quickly when their AI model usage has expanded and includes more sensitive information.

Moreover, implementing stringent data hygiene and privacy measures can improve your data integrity, which can lead to more reliable AI outputs. Disposing of old data can also increase confidence that the data available to your AI models is trustworthy, current and has clear provenance.

Key actions to prioritize

Driving responsible use isn’t just about meeting requirements — it can be a strategic advantage. Here are key actions you can take to embed privacy and trust into your AI initiatives from the start.

Establish holistic AI governance frameworks. Develop detailed policies that include guidelines, compliance measures and risk management strategies tailored to AI initiatives. Include privacy leaders in AI governance bodies.
Implement clear disclosure and consent practices. Informing users about AI use, especially in consumer-facing applications, is a high priority to help maintain trust. Clearly and conspicuously giving consumers the choice to let their data be used for AI (collecting consent) can help your organization scale and innovate with AI more rapidly.
Invest in privacy-enhancing technologies (PETs). Utilize tools such as encryption, anonymization and secure multi-party computation to help safeguard sensitive data within AI systems. Align tools with model risk. Not every model needs full anonymization.
Cultivate an organizational culture of privacy. Promote awareness and training programs to help your employees understand the importance of privacy and their role in upholding it.
Engage with regulatory bodies and industry consortia. Stay informed about regulatory changes and contribute to the development of industry standards.
Conduct regular audits of AI systems. Implement continuous monitoring and assessment protocols to confirm whether your AI applications comply with relevant privacy standards and function as intended. Include training data usage, consent tracking and model outputs in your audits.

How we can help

As regulatory scrutiny increases and customer expectations evolve, embedding privacy into AI is no longer optional — it’s foundational. At PwC we’re helping organizations like yours innovate faster and earn trust in today’s AI-first marketplace. Get started today to help build trust, comply with regulations and unlock significant value.