Richard Taylor has the lowdown on new guidelines governing the use of AI and personal data.
On October 21, the Office of the Australian Information Commissioner (OAIC) released its guidance on privacy and generative AI models outlining key principles organisations must follow when developing AI models using personal data.
The implications for marketers and MarTech solutions with AI built-in are significant.
Does your business rely on automation, chatbots, or personalisation? Answer yes to any of these and it's crucial to familiarise yourself with the OAIC’s new guidance or you’ll be at risk of potential privacy breaches and jeopardising consumer trust.
So what do the guidelines say?
Transparency is key
The OAIC’s guidelines stress the importance of transparency, particularly around data collection and usage. This means being upfront with consumers about how their data is being used to train AI models.
AI-driven MarTech platforms often rely on vast amounts of customer data to personalise content and improve user experiences. However, if that data includes personal information, you’ll need to ensure consumers are fully informed and have consented to its use.
For example, if a MarTech tool uses personal data for product recommendations or to create dynamic ads, your business must clearly communicate this to customers. This could involve updating privacy policies to reflect AI usage or implementing a notification system that alerts users when their data is being processed for AI training purposes.
Consent and data minimisation
One of the cornerstones of the OAIC’s guidelines is consent. You need to ensure you are collecting explicit consent from users before their personal data is used to train AI models.
The OAIC places a strong emphasis on the collection of personal data only when necessary. In the context of MarTech, this could mean rethinking how data is collected and stored.
For example, some AI-driven marketing platforms might collect behavioural data to refine audience segmentation or improve ad targeting. However, if that data includes personally identifiable information (PII), you must ensure you are only collecting what is absolutely necessary for the task at hand.
Privacy by design
The OAIC’s guidance also encourages organisations to adopt a Privacy by Design approach, which means incorporating privacy considerations into the design and development of AI models from the outset. If you’re using AI-powered MarTech, this could involve working with vendors to ensure privacy is baked into the platform.
For instance, a MarTech solution that uses AI to track customer interactions across different touchpoints should have built-in features that allow for anonymisation or pseudonymisation of data. While anonymisation is the process of rendering personal data non-personal, pseudonymisation is the process of replacing identifying information with random codes that can be linked back to the person with extra information.
Businesses should seek also out platforms that enable users to opt out of data collection, and easily request data deletion in line with upcoming Australian privacy regulation changes.
Accountability and risk management
The OAIC guidelines place a strong emphasis on accountability meaning you must be able to demonstrate that you are complying with privacy regulations and have mechanisms in place to manage the risks associated with AI development.
This means working closely with your IT and data governance teams to ensure any AI-driven MarTech solutions are compliant with the OAIC’s principles.
This might involve conducting regular audits of AI systems, maintaining detailed records of how personal data is used, and implementing robust security measures to protect that data.
By taking a proactive approach to risk management, you can not only ensure compliance but also build trust with customers – a critical factor in an era where data privacy is a top concern for consumers.
The future of AI-driven MarTech and privacy
As AI continues to evolve, so too will the regulations governing its use.
While the OAIC’s guidelines provide a solid foundation for managing privacy in AI development, we should expect further refinements as the technology becomes more sophisticated and widespread.
With other regions like the EU pushing forward with more comprehensive AI regulations, Australian businesses may need to adapt to international standards, particularly if they operate across borders.
The key takeaway is that privacy cannot be an afterthought when using AI-powered MarTech. By staying informed of the latest guidelines, incorporating privacy into the development and use of AI tools, and maintaining transparency with customers, you can continue to innovate with AI while safeguarding the trust and loyalty of your audience.
Richard Taylor is the Managing Director of Digital Balance.