Artificial intelligence is rapidly transforming businesses and society, unlocking new opportunities while introducing complex challenges around data privacy, regulation, and trust. In this evolving landscape, aligning AI with strong data protection principles has become a strategic priority for organizations worldwide.
The trust challenge: how AI is redefining data privacy
From Frank Rosenblatt’s Perceptron (1957) to tomorrow’s vision of Artificial General Intelligence (AGI) and Artificial Super Intelligence (ASI), the fast-paced development of AI and its widespread adoption are creating what has been described as a “paradox of trust” (Yuval Noah Harari). Alongside innovation, new risks are emerging—particularly in the area of data privacy.
This challenge is amplified by the growing demand for data across the entire AI lifecycle, from training and inference to testing and fine-tuning. As organizations deploy increasingly complex and specialized AI systems—especially in areas such as customer support or financial risk management—the need for high-quality data often involves highly sensitive personal information.
Balancing innovation with privacy protection requires a combination of legal expertise, technical capabilities, and strong AI/ML alignment skills.
Why Privacy Engineering is becoming a critical capability in the AI era
Despite the rapidly evolving data landscape, organizations can build on established knowledge in data protection and governance. The principles defined in Article 5(1) of the GDPR remain a foundational reference, particularly concepts such as data minimization and purpose limitation.
At the same time, Privacy-Enhancing Technologies (PETs)—including differential privacy, homomorphic encryption, and secure multi-party computation (SMPC)—continue to play a crucial role, even in high-risk AI use cases.
Together, these approaches enable organizations to combine regulatory compliance with practical, scalable solutions.
Europe’s regulatory push: from GDPR to the AI Act
Since the introduction of the GDPR, the European Union has been steadily building a unified digital framework for data, often referred to as the “Data Union Strategy.” More recent regulations such as the Data Act and PSD3/PSR further reinforce this direction.
The EU AI Act represents another major step, linking data governance and AI system oversight. Even before its introduction, the GDPR had already addressed key challenges, such as automated decision-making under Article 22.
As regulatory complexity increases, there is growing demand for more agile and innovation-friendly frameworks. As Telefónica Chairman Marc Murtra has highlighted, “we need scale, pro-technology regulation, and more speed.”
Designing an effective data privacy strategy for AI
A cornerstone of any successful approach is Privacy by Design (and by Default), ensuring that privacy is embedded from the earliest stages of development.
Organizations must also establish end-to-end governance across the entire AI value chain, safeguarding personal data not only as system input but also as output. Mechanisms such as input sanitization and output masking act as critical safeguards against unintended exposure of personally identifiable information (PII).
In this context, hybrid professionals—often referred to as “dual specialists”—who can bridge legal and technical domains will become increasingly valuable.
Key strategies to mitigate regulatory risk and ensure AI compliance
Implementing a robust data privacy framework requires combining technical analysis, business processes, and legal assessments (e.g., DPIAs, contractual safeguards such as DPAs and SCCs).
Key strategies include:
- Moving from “black-box” AI models to more transparent “glass-box” approaches
- Leveraging Edge AI to enable decentralized and secure data processing
- Strengthening industry collaboration and shared knowledge frameworks
- Using synthetic data to reduce reliance on real personal data
- Applying advanced techniques such as data clean rooms and noise injection
These approaches not only reduce regulatory risk but also position data privacy as a competitive advantage.
At the same time, the rise of LLMs and widely accessible AI tools makes user awareness increasingly important—both from a technical and legal perspective.
Data privacy as the foundation of digital trust in AI
Ultimately, data privacy must be a core pillar of responsible AI adoption. Strong governance frameworks, combined with best practices and ethical considerations, are essential to ensuring sustainable innovation.
Organizations that successfully integrate expertise across data privacy, cybersecurity, requirements engineering, and AI alignment will be best positioned to build and maintain digital trust.
Strategic closing
In this context, Telefónica places data privacy, artificial intelligence, and digital trust at the heart of its strategy, with the ambition of becoming the best gateway for citizens to access digital technologies. By combining responsible innovation, European leadership, service excellence, and talent development, the company is driving a model where technology not only enhances competitiveness but also strengthens transparency, security, and sustainable progress.
