Safeguarding Data Privacy in the Age of AI

By Dr. Young M. Lee

Artificial intelligence (AI) is transforming industries at an unprecedented pace, driving innovation, efficiency and personalization across sectors. From intelligent assistants and predictive analytics to generative models and autonomous systems, AI is increasingly embedded in our devices, workplaces and daily decisions.

At the heart of every AI system lies data, often personal, sensitive and deeply revealing. This data enables AI to learn, adapt and deliver value. However, it also introduces risks that can compromise privacy, erode trust and expose individuals to harm.

The role of data in AI systems

AI models require vast amounts of data for training. This applies to traditional supervised machine learning (ML) models, including deep learning (DL), as well as generative AI (GenAI) systems, such as large language models (LLMs). When AI systems are used to make predictions or generate responses, they may also process significant amounts of data as input, such as when a user enters a prompt to an LLM. The data may include personally identifiable information (PII), behavioral patterns, usage data, sensitive documents and even biometric details.

The quality, diversity and security of this data directly impact the performance, fairness and safety of AI systems. But without proper safeguards, this data can be misused, leaked or exploited. According to a 2025 study, 13% of organizations reported AI-related security incidents, and 60% of these breaches led to compromised data. Illustrating the importance of safeguards, 97% of those compromised reported having no AI access controls in place.¹

Understanding data privacy risks

AI systems pose unique challenges to data privacy.

Key risks include:

• Unintended data exposure – AI models may memorize or inadvertently reveal sensitive information.
• Linkage attacks – Anonymized data can be combined with external sources to reidentify individuals.
• Unauthorized access – Weak access controls can lead to data breaches.
• Opaque processing – Users may not understand how their data is used or shared.
• Bias and discrimination – Poor data governance can result in unfair or discriminatory outcomes.

To address the risks and harms associated with data privacy, organizations must consider privacy as a foundational design principle — in alignment with applicable standards. For example, ISO/IEC 42001:2023, Artificial Intelligence Management System (AIMS), establishes a comprehensive framework for the responsible development and deployment of AI technologies. It addresses AI-specific risks — including bias, transparency and privacy — and is designed to align with ISO/IEC 27001:2022, which defines best practices for securing information assets to support confidentiality, integrity and availability. Together, these standards address the management of both general and AI-specific security concerns.

Complementing these standards, ISO/IEC 31700:2023, Privacy by Design for Consumer Products, outlines requirements for embedding privacy protections into consumer-facing products, including AI systems. It emphasizes proactive privacy measures throughout the product life cycle to support regulatory compliance and foster user trust.

Proactively taking responsibility for the ethical integrity of AI

While compliance with industry standards provides an important foundation, organizations must take a proactive approach to advancing ethical integrity and boosting consumer confidence. UL Solutions can help organizations communicate their commitment to responsible innovation with our AI data privacy Marketing Claim Verification services.

AI data privacy Marketing Claim Verification: Assessment and verification processes and considerations

In the context of this program, we first assess all relevant documentation about the AI-enabled system to verify that:

• Data privacy claims are present in the system design and specifications.
• Use cases, consent flows, encryption methods and access controls are clearly described.
• The provided information is complete and consistent.

We then employ hands-on testing. The generic model is trained in the cloud, deployed to the PC and personalized within the specific PC. We assess the data flow inside the software application; how the AI model captures, processes, and stores PII and confidential data; and whether data leakages occur outside the local PC. Through this process, we verify whether the following is true:

• The system is implemented according to the documentation provided.
• No undocumented modules related to data privacy in the system’s AI functionality exist.
• PII or confidential data that is used by various AI models in the PC never leaves the PC or is protected by appropriate security measures.
• The system meets other applicable data privacy criteria.

This assessment considers core aspects of data privacy: data collection and consent, data storage and access control, model deployment and inference, data processing and usage, data sharing and transfer, incident response and data breach management. Assessed products that meet applicable requirements are eligible to receive the UL Verified Mark for AI Model Data Privacy, signaling to customers and stakeholders that AI data privacy claims are truthful, credible and reliable.

Conclusion: Elevating AI through data privacy and trust

As AI continues to reshape our world, data privacy remains a central concern. It is not a barrier to innovation but a foundation of trust. To foster ethical and responsible AI development, privacy must be embedded into the design, development and deployment of AI systems.

By prioritizing data privacy, organizations can be better equipped to meet rising accountability expectations from users and markets. UL Solutions supports organizations in their efforts to advance responsible AI with our AI data privacy Marketing Claim Verification services.