Data & AI: Critical Thinking
Data Privacy & Ethics Basics
Data literacy isn't just about reading charts—it's about understanding the responsibilities that come with data. As a data consumer and contributor, you need to know the basics of privacy and ethics.
Why Privacy Matters to Everyone
Even if you're not a data professional, you interact with data that affects real people:
- Customer information in your CRM
- Employee data in HR systems
- User behavior tracked on websites
- Personal information shared with AI tools
The Golden Rule of Data: Treat others' data the way you'd want your data treated.
The Core Privacy Concepts
1. Personal Data
Definition: Any information that can identify a person, directly or indirectly.
| Direct Identifiers | Indirect Identifiers |
|---|---|
| Full name | IP address |
| Email address | Device ID |
| Phone number | Location data |
| Social Security Number | Browsing history |
| Photo of face | Purchase patterns |
Key insight: Combining indirect identifiers can often identify someone just as easily as a name.
2. Consent
Definition: Permission given by a person for their data to be collected and used.
Types of consent:
| Type | Description | Example |
|---|---|---|
| Explicit | Clear, affirmative action | Checking a box, signing a form |
| Implied | Inferred from behavior | Continuing to use a service after notification |
| Informed | Given after understanding what's happening | Reading privacy policy before agreeing |
What you should know:
- Consent should be freely given, not forced
- People can withdraw consent at any time
- Consent for one purpose doesn't mean consent for all purposes
3. Purpose Limitation
Definition: Data should only be used for the purpose it was collected.
Example:
- ✅ Customer gives email to receive order confirmations
- ✅ Company sends order confirmations to that email
- ❌ Company adds email to marketing list without asking
Question to ask: "Was this data collected for the purpose I'm using it for?"
4. Data Minimization
Definition: Only collect and keep the data you actually need.
| Good Practice | Poor Practice |
|---|---|
| Collect email for newsletter signup | Collect full address "just in case" |
| Keep purchase history for 2 years | Keep all data forever |
| Delete old customer records | Archive everything indefinitely |
Understanding GDPR (The Global Standard)
GDPR (General Data Protection Regulation) is the European law that has become the global benchmark for data privacy. Even if you're not in Europe, you likely follow GDPR-inspired practices.
GDPR Rights Everyone Should Know
| Right | What It Means | Business Implication |
|---|---|---|
| Right to Access | People can request their data | You may need to provide it |
| Right to Deletion | People can ask for data removal | You must be able to delete |
| Right to Portability | People can take data elsewhere | You must export in usable format |
| Right to Rectification | People can correct their data | You must update when asked |
| Right to Object | People can opt out of processing | You must respect preferences |
Key GDPR Principles in Plain Language
- Lawfulness: You need a valid reason to process data
- Transparency: Tell people what you're doing with their data
- Purpose limitation: Use data only for stated purposes
- Data minimization: Don't collect more than needed
- Accuracy: Keep data correct and up to date
- Storage limitation: Don't keep data longer than necessary
- Security: Protect data from breaches and misuse
Data Ethics: Beyond Legal Compliance
Legal compliance is the minimum. Ethical data use goes further.
The Data Ethics Framework
| Question | What You're Checking |
|---|---|
| Is it legal? | Does it comply with regulations? |
| Is it fair? | Does it treat all groups equitably? |
| Is it transparent? | Would people understand and expect this? |
| Is it necessary? | Is there a less invasive way? |
| Is it secure? | Is the data protected appropriately? |
Common Ethical Dilemmas
Scenario 1: AI and Historical Bias
- Your hiring AI was trained on 10 years of company data
- Historically, the company hired mostly men for technical roles
- The AI now recommends men more often for these roles
Ethical question: Is it ethical to use this AI, even if it's legally compliant?
Answer: Likely not. You're perpetuating historical discrimination.
Scenario 2: Data for "Good" Purposes
- You have employee health data from wellness programs
- You notice patterns that could predict burnout
- Using this data could help employees—but they didn't consent to this use
Ethical question: Should you use this data to help employees?
Answer: Not without explicit consent, even if intentions are good.
Scenario 3: AI Training on Company Data
- You want to use an AI tool that learns from your inputs
- Those inputs include customer information
- The AI company's terms say they can use input data for training
Ethical question: Can you use customer data this way?
Answer: Probably not—you'd be sharing customer data with a third party without consent.
Practical Privacy Guidelines
What You Can Do as a Data Consumer
- Question data sources: Ask where data came from and whether consent exists
- Limit access: Only access data you actually need for your work
- Report issues: Speak up if you see potential privacy violations
- Protect data: Don't share sensitive data in unsecured ways (email, chat)
- Think before AI: Consider what data you're sharing with AI tools
Red Flags to Watch For
| Red Flag | Why It Matters |
|---|---|
| "We've always done it this way" | Practices may predate privacy regulations |
| No documented consent | Using data without clear permission |
| Collecting "just in case" | Violates data minimization |
| Sharing data freely across teams | Purpose limitation issues |
| No data retention policy | Storage limitation concerns |
| Using personal devices for sensitive data | Security risks |
AI and Privacy: Special Considerations
When using AI tools with data, consider:
1. What Data Are You Sharing?
| Data Type | Risk Level | Example |
|---|---|---|
| Public data | Low | Industry statistics |
| Internal data | Medium | Company revenue figures |
| Customer data | High | Customer names, emails |
| Sensitive data | Very High | Health info, financials |
2. Where Is the Data Going?
| AI Type | Data Handling | Consideration |
|---|---|---|
| Enterprise AI (private) | Stays within company | Lower risk |
| Cloud AI (shared) | Goes to AI provider | Check their policies |
| Free AI tools | May be used for training | Higher risk |
3. The "Newspaper Test"
Before using data with AI, ask:
"Would I be comfortable if how I'm using this data appeared on the front page of a newspaper?"
If the answer is no, reconsider.
Your Privacy Checklist
Before working with data, ask:
COLLECTION
□ Was this data collected with consent?
□ Was the purpose of collection clear?
□ Is this data actually needed?
USE
□ Am I using it for the stated purpose?
□ Do I have authorization to access this?
□ Am I being transparent about how I'm using it?
PROTECTION
□ Is this data stored securely?
□ Am I sharing it appropriately?
□ Am I being careful with AI tools?
RETENTION
□ Is there a reason to keep this data?
□ Should old data be deleted?
□ Am I following retention policies?
Key Insight: Data privacy isn't just the legal team's concern—everyone who touches data shares responsibility. When in doubt, ask for guidance before acting.
Next Module: Learn how to communicate with data effectively and work with data teams. :::