Innovation vs privacy: can AI have both?

July 2026  |  FEATURE | DATA PRIVACY

Financier Worldwide Magazine

July 2026 Issue

Akin to an evolving and pervasive industrial revolution, artificial intelligence (AI) is disrupting the corporate status quo, attracting advocates and detractors in broadly equal measure.

Welcomed, on the one hand, for its ability to collect, analyse and repurpose vast amounts of data at unprecedented scale, AI also generates considerable data privacy concerns – issues likely to escalate as the technology continues to evolve and expand.

As of early 2026, AI-related privacy incidents have increased significantly. According to World Economic Forum data, 87 percent of organisations identify AI-related vulnerabilities as their fastest-growing cyber risk, with documented cases ranging from data breaches to algorithmic failures that compromise sensitive information.

“AI has the ability to reuse data at scale, derive sensitive inferences and act in opaque ways,” says Ellie Hurst, commercial director at Advent IM. “It can also infer health status, financial stress, political views or behavioural vulnerabilities without directly collecting those attributes, stretching traditional notions of consent and data minimisation to breaking point.

“Stronger governance, accountability mechanisms and human oversight are essential to ensure that productivity gains do not erode trust, individual rights or social legitimacy,” she continues. “The real failure is not that AI uses data, but that it is often deployed without adequate transparency, proportionality or respect for individuals’ fundamental rights.”

Evidence of the benefits of investing in privacy is provided by Cisco’s 2026 survey, ‘A Shifting Paradigm: Governance in the Age of AI’, which reveals that 99 percent of organisations surveyed report at least one tangible benefit from their privacy initiatives, including faster innovation, improved operational efficiency and increased customer loyalty.

At the same time, Cisco notes that AI is driving a surge in demand for data to train new technologies, placing pressure on existing privacy and data governance frameworks. As the regulatory environment evolves, organisations must be prepared to adapt their privacy programmes to remain both competitive and compliant.

“The implications of AI on data privacy are particularly acute as we are often dealing with highly sensitive, decision-critical data,” points out Gavin McGahey, chief technology officer and co-founder of AccountsIQ. “The core risk is not just data exposure, it is a loss of control over decision-making processes. Leaders need absolute confidence in data lineage, traceability and accuracy.

“From a data ethics standpoint, the priority is to ensure AI does not become a ‘black box’ in processes that underpin integrity,” he continues. “That is why the approach should be to embed AI within existing controls – so that it enhances productivity without weakening governance.”

The race between AI and regulation

With organisations pushing the boundaries of AI and opaque algorithms increasingly shaping decisions, regulations such as the European Union’s (EU’s) General Data Protection Regulation (GDPR) and AI Act, alongside the UK’s Data Use and Access Act, are struggling to keep pace.

“Regulatory frameworks focus on the collection, use and transformation of personal data, regardless of the technology, making them relevant to new technologies like agentic AI without being prohibitive,” says Gabriela Zanfir-Fortuna, vice president for global privacy at the Future of Privacy Forum. “Their underlying philosophy is to provide ‘rules of the road’ type provisions for how personal data should be used in a way that respects individual rights and promotes accountability.”

As AI continues to proliferate, organisations face increasing pressure to uphold their data privacy commitments while meeting AI’s demand for large volumes of data. Achieving this balance is central to maintaining trust.

However, while regulations such as the GDPR have strengthened data privacy provisions, the continued evolution of AI and rising expectations around accountability, transparency and contractual clarity mean such frameworks are increasingly viewed by some as insufficient.

According to Cisco’s 2026 ‘AI Readiness Index’, security systems originally designed for human-driven environments must adapt to contexts where autonomous agents can modify records and trigger code through application programming interfaces. Closing this gap, Cisco contends, will be key to securing the next generation of AI-powered systems.

Concern is also expressed in the IBM and Ponemon Institute Cost of a Data Breach Report 2025, which highlights how AI adoption is outpacing security and governance. The report shows that ungoverned AI systems are more likely to be breached and incur higher costs when breaches occur, with the global average cost standing at $4.4m.

“There is inconsistency across regions, which is particularly challenging for multi-entity and multijurisdictional organisations,” notes Mr McGahey. “In practice, organisations cannot wait for perfect regulatory clarity.”

Confident in existing data privacy legislation is Mike Gillespie, chief executive of Advent IM. “Contrary to frequent claims, there is no complete regulatory vacuum around AI and data privacy,” he says. “In the UK, for example, existing data protection law already applies fully to AI deployment, supported by detailed guidance from the Information Commissioner’s Office (ICO) on AI, data protection and automated decision making.”

The real challenge, he suggests, is not the absence of regulation but fragmentation across laws, regulators and standards, combined with uneven organisational engagement.

Driving innovation without compromising trust

As AI continues to proliferate, organisations face increasing pressure to uphold their data privacy commitments while meeting AI’s demand for large volumes of data. Achieving this balance is central to maintaining trust.

“Individuals’ fundamental right to privacy is non-negotiable and must form the starting point,” asserts Ms Hurst. “AI systems should only be permitted to operate within those boundaries, not redefine them. Proactively, organisations must build privacy in from the outset rather than bolting it on after deployment.”

EY, in its analysis ‘Six steps to confidently manage data privacy in the age of AI’, outlines a series of actions to support organisations in strengthening their privacy frameworks. It emphasises the importance of clearly articulating compliance risks, assessing the maturity of privacy controls and establishing a strong foundation for governance. Robust risk controls and accountability frameworks are identified as essential for building confidence in AI applications, particularly where regulation is still evolving.

The analysis also highlights the need to operationalise data ethics by embedding principles into everyday decision making and ensuring they are considered alongside regulatory obligations. Regular reporting of privacy and ethics risks at board level is recommended to support informed strategic decisions, alongside improved collaboration between stakeholders.

In addition, organisations are encouraged to expand horizon scanning to include customer sentiment, recognising that public perception of AI and data use is a critical factor. Investment in training is also vital, helping employees understand both the potential and the limitations of AI while fostering a culture that balances innovation with ethical responsibility.

“Ultimately, striking the right balance will depend on where on the AI value chain an organisation sits,” says Ms Zanfir-Fortuna. “If the organisation develops AI tools for commercial purposes or for its own use, there are many more opportunities to embed privacy protections into the tool itself. If the organisation is a user of AI tools, setting an internal acceptable use policy, limiting access rights on a need to know basis and privacy toggles are all options.”

Perils of non-compliance

The stakes for data privacy compliance are high, with significant risks including financial penalties, reputational damage and loss of trust.

“Perhaps the biggest danger of non-compliance with data protection regulations is losing the trust of customers, clients or users,” suggests Ms Zanfir-Fortuna. “In the dynamic age of AI, trust in such services and tools is perhaps the most important currency. There are, of course, fines and other sanctions and penalties that are punitive enough to act as deterrent, but those with a good privacy protection track record have more to win.”

For Mr McGahey, compliance is as much about credibility as regulation. “If AI starts to influence outputs without clear oversight, the risk is that inconsistencies into reporting or gaps in audit trails will be introduced,” he contends. “And those are not always obvious straight away – they tend to surface later, during audit or review, when they are much harder to fix. That is where the real cost sits, both in time and in confidence in the numbers.

“This is why training matters,” he continues. “Not in a heavy, technical sense, but in giving teams clarity on where AI fits into their workflows, where they still need to apply judgement and how it impacts the data they are responsible for.”

Commitment to privacy

As AI continues to transform industries, organisations that prioritise robust privacy practices will not only comply with evolving regulations and gain stakeholder trust, but also position themselves as leaders in responsible AI and data governance.

“Aligning AI-specific regulations with technologically-neutral data protection frameworks will be increasingly necessary, for both legal certainty and for striking the right balance between innovation and personal data protection,” says Ms Zanfir-Fortuna. “If they are developed and operate in silos, the regulatory burden, especially when putting double the pressure on compliance resources, might be more detrimental to innovation than the substance of the rules themselves.”

Looking ahead, new transparency obligations under the EU AI Act, specifically article 50, will become fully applicable on 2 August 2026, alongside targeted interim guidance updates from the UK ICO. These measures are designed to ensure that users are aware when they are interacting with AI and to curb digital deception, applying to both providers and deployers of AI systems within the EU.

In Ms Hurst’s view, the AI privacy landscape is likely to move beyond binary thinking that alternates between over-restriction and ungoverned experimentation. Technologically, privacy-enhancing capabilities are expected to become more deeply embedded in AI deployment, including improved anonymisation, de-identification, aggregation and differential privacy techniques.

“While these approaches may result in reduced accuracy or efficiency, they offer a more sustainable foundation for trust,” she suggests. “At the same time, organisations will increasingly be expected to account not only for the data they store, but for the inferences their AI systems can generate.”

One emerging dimension of this debate is the role of organisational culture in shaping how data is perceived and protected. Even the most sophisticated governance frameworks can falter if employees view privacy as an obstacle rather than an enabler. Embedding accountability therefore requires more than policies and controls – it demands consistent leadership messaging and incentives that reward responsible behaviour.

In practice, this means integrating privacy considerations into everyday workflows and decision-making processes, ensuring they are neither overlooked nor treated as exceptional. In doing so, organisations can transform privacy from a defensive requirement into a source of competitive differentiation, strengthening stakeholder confidence while enabling innovation to proceed with greater assurance and resilience over time.

This cultural shift also reinforces the importance of clear communication with customers, helping to demystify how AI operates and why data is used. Greater openness can build more durable trust relationships over the longer term.

“The future is not about choosing between locking AI down or allowing a digital Wild West,” says Ms Hurst. “It is about designing AI systems that earn trust by respecting rights, maintaining accountability and operating within clear ethical boundaries.”

The real differentiator will be how thoughtfully organisations embed AI into decision making. Trust will be earned through visible responsibility, where transparency shapes how technology is deployed.

Innovation and privacy are not opposing forces but interdependent priorities – with privacy acting as a catalyst for more sustainable AI. Organisations that recognise this will be better equipped to navigate uncertainty while ensuring progress remains grounded in principle.

© Financier Worldwide

BY

Fraser Tennant

©2001-2026 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.