Privacy and Artificial Intelligence - Checklist for 3.7: Consumers and Users

Checklist for 3.7: Consumers and Users

Objective

1. Exercise informed control over personal data when interacting with AI systems, seeking transparency, protecting privacy, and asserting rights in accordance with evolving regulations (DataGrail, 2025; GDPR Local, 2025; Sharma, 2025).
     Related to Part 2 Sub-Point: 2.4 Dynamic Consent Management and User Empowerment; 2.3 Transparency and Explainability.

Key Actions

1. Actively review and manage privacy settings and consent options for AI-powered services and platforms.
     Example: Regularly update permissions and opt-out of unnecessary data collection where possible (DataGrail, 2025).
     Related to Part 2 Sub-Point: 2.4 Dynamic Consent Management and User Empowerment.

2. Request clear information about how personal data is used, stored, and shared by AI systems.
     Example: Seek out privacy notices, ask for explanations of AI-driven decisions, and use available transparency tools (GDPR Local, 2025).
     Related to Part 2 Sub-Point: 2.3 Transparency and Explainability.

3. Understand the risks and rights associated with AI, including the right to access, correct, or delete personal data.
     Example: Utilize data subject access requests (DSARs) and exercise rights under applicable privacy laws (Sharma, 2025).
     Related to Part 2 Sub-Point: 2.4 Dynamic Consent Management and User Empowerment.

4. Be vigilant for signs of bias, discrimination, or errors in AI-generated outputs and report concerns to service providers.
     Example: Provide feedback or file complaints if AI systems produce unfair or inaccurate results (PCPD, 2025a).
     Related to Part 2 Sub-Point: 2.5 Bias Mitigation and Fairness Audits.

5. Stay informed about privacy best practices and regulatory changes affecting AI and digital services.
     Example: Follow updates from trusted privacy authorities and consumer protection organizations (PCPD, 2025a).
     Related to Part 2 Sub-Point: 2.10 Regulatory Compliance and Adaptive Governance.

Metrics for Success

1. Increase in the number of consumers exercising their data rights (e.g., submitting DSARs or changing consent settings) by at least 25% annually (DataGrail, 2025).
     Related to Part 2 Sub-Point: 2.4 Dynamic Consent Management and User Empowerment.

2. Reduction in privacy complaints related to AI services as reported by consumer protection agencies (Sharma, 2025).
     Related to Part 2 Sub-Point: 2.7 Continuous Monitoring, Auditing, and Incident Response.

3. Growth in consumer awareness, as measured by surveys on AI privacy knowledge and engagement (PCPD, 2025a).
     Related to Part 2 Sub-Point: 2.9 Cross-Functional Collaboration and Training.

Common Pitfalls to Avoid

1. Accepting default privacy settings without review or failing to update them as services evolve (GDPR Local, 2025).
     Related to Part 2 Sub-Point: 2.2 Data Minimization and Robust Access Controls.

2. Ignoring privacy notices, terms of service, or updates from service providers (PCPD, 2025a).
     Related to Part 2 Sub-Point: 2.3 Transparency and Explainability.

3. Not reporting suspicious, biased, or erroneous AI behavior, missing the opportunity to correct or challenge outcomes (DataGrail, 2025).
     Related to Part 2 Sub-Point: 2.5 Bias Mitigation and Fairness Audits.

References
DataGrail. (2025, June 16). The future of data privacy: Five predictions for 2025. https://www.datagrail.io/blog/data-privacy/the-future-of-data-privacy-five-predictions-for-2025/

GDPR Local. (2025, January 20). How AI GDPR will shape privacy trends in 2025. https://gdprlocal.com/ga/how-ai-gdpr-will-shape-privacy-trends-in-2025/

PCPD. (2025a, April 15). Checklist on guidelines for the use of generative AI by employees. Privacy Commissioner’s Office. https://www.pcpd.org.hk/english/news_events/media_statements/press_20250331.html

Sharma, A. (2025, June 6). Protecting consumer rights in the age of artificial intelligence: Legal implications and challenges in consumer protection. In Proceedings of the International Conference on New Strategies for Enhancing Personal Data Protection and Digital Awareness (pp. 234–242). Atlantis Press. https://www.atlantis-press.com/proceedings/nseppda-25/126011901

InfoBytes Daily. (2025, January 4). AI vs. privacy: Balancing innovation and compliance in 2025. https://infobytesdaily.com/blog/ai-vs-privacy-balancing-innovation-and-compliance-in-2025/