Former AWS executive Matt Domo warns that AI projects fail when companies ignore human factors, but adds that privacy compliance must be central to any successful implementation.
Enterprise AI projects often derail when companies fixate on technology rather than people and organizational change, according to Matt Domo, co-founder of AWS's database division and founder of AI consultancy FifthVantage. However, as AI adoption accelerates, Domo's insights must be extended to include privacy compliance as a critical component of successful implementation.
"The number one reason these fail is because the business and leadership, and how work gets done and decisions get made, don't change in kind for the new way things are done," Domo explained. "That's the biggest failure here."
When implementing AI systems that process customer data, organizations must consider their obligations under regulations like the GDPR and CCPA. These frameworks impose strict requirements on how personal data is collected, processed, and secured – particularly when AI systems make automated decisions that affect individuals.
"The feature war is over. It's about value," Domo stated. "Ask how many CIOs are happy with the eight-digit forklifts they did with software packages like CRM and what value came from it." This value proposition must now include demonstrating compliance with data protection regulations, as non-compliance can result in fines reaching 4% of global annual turnover under GDPR.
Domo emphasized that companies need to analyze what their organization is trying to accomplish, who might benefit from AI implementation, and how to measure success. Privacy impact assessments should be an integral part of this analysis, identifying potential risks to individuals' rights and freedoms before deployment.
"We've crossed from theory to 'Stuff's gotta work now'. We gotta get value. People have to see ROI. We have to see benefits," Domo said. For AI systems processing personal data, this ROI must be balanced against privacy obligations and the potential reputational damage from breaches or non-compliance.
As an example, Domo recounted work with a SaaS company that addressed customer churn by analyzing user behavior patterns. While such data analysis can provide valuable insights, organizations must ensure they have proper consent mechanisms in place and that their processing activities have a clear legal basis under regulations like GDPR.
"Customers want it hyper-personalized, they want it easy. They want it focused on what they're trying to do," Domo noted. This personalization must be achieved transparently, with individuals informed about how their data is being used and having meaningful control over their information.
The implementation of AI systems also requires organizations to establish appropriate governance frameworks. This includes appointing Data Protection Officers where required, implementing robust security measures, and ensuring that individuals can exercise their rights such as access, rectification, and erasure of their data.
"At the speed all of this is going, the number one thing to focus on is reducing the delta between deciding and doing," Domo advised. "Start small, move fast, learn and iterate." This approach should include privacy considerations from the outset, with organizations conducting privacy assessments and implementing appropriate safeguards before scaling AI initiatives.
As Domo correctly identifies, successful AI implementation requires organizational change. However, in today's regulatory environment, this change must be privacy-centric, embedding data protection principles into the design and operation of AI systems rather than treating compliance as an afterthought.
Comments
Please log in or register to join the discussion