1.11 Data literacy and privacy in the age of AI

As we increasingly integrate Artificial Intelligence (AI) and particularly Generative AI (GenAI) tools into the fabric of adult education and our everyday digital interactions, a robust understanding of data literacy and a vigilant approach to data privacy become not just beneficial, but fundamentally essential skills for navigating the modern world responsibly and safely.

WHAT IS DATA LITERACY? A DEEPER DIVE

Data literacy, in essence, means possessing the ability to comprehend what data actually is, to understand the various mechanisms by which it is collected (often automatically and pervasively by numerous systems, including the AI tools we use), to grasp how this collected data is subsequently used and analysed by organizations, and, most crucially, to develop the knowledge and skills to use data ethically and protect one’s own personal data effectively.

Every time you interact with an AI chatbot, browse different websites, enrol in an online course, use a smartphone application, or even walk through a city with CCTV and sensor networks, some form of your data is likely being generated and collected. This data can encompass a wide spectrum:

Explicitly provided personal information: This includes details you knowingly provide, such as your name, email address, date of birth, postal address, or payment information when signing up for a service.
Interaction and behavioural Data: This is data generated by your activities, such as the specific questions you ask an AI (your prompts), the content the AI generates in response, the websites you visit and the links you click on, your search queries, the products you view or purchase, and even how long you spend on certain pages or features.
Usage data and metadata: This includes information about how you use a service, such as the frequency of use, the times of day you are most active, the type of device you are using, your IP address (which can indicate location), and other technical details about your connection and software.

Some of this data collection is undeniably necessary for a service to function correctly (e.g., your login credentials are required to access your account). Other data might be used to personalize your experience (for instance, an AI learning your writing style to offer better suggestions, or a streaming service recommending shows based on your viewing history) or, very commonly, to improve the AI model itself by providing it with more examples of real-world interactions. Being data-literate means being consciously aware of this complex data ecosystem, understanding the value of your data, and knowing your rights concerning its use.

ELEVATED PRIVACY CONCERNS IN THE ERA OF AI

When you interact with AI tools, especially those that are cloud-based or accessed online, the data you input (like your detailed prompts, uploaded documents, or personal queries) and the data the AI generates for you might be stored on servers controlled by the company providing the tool. This raises several important privacy considerations:

Data storage, retention, and potential for re-use: It’s critical to consider that this data could potentially be stored for extended periods and might be used by the AI provider to train future versions of their AI models, to develop new products, or for other analytical purposes. In some cases, if a platform’s security measures are inadequate or breached, or if its data sharing policies are overly broad, your data could even be accessed by unauthorized third parties.
Handling of sensitive and confidential information: Adult learners and educators must exercise particular caution and discretion when considering inputting highly sensitive or confidential information into public or third-party AI tools. This category of information includes, but is not limited to, private financial details (bank account numbers, credit card information), personal health records, unpublished academic research or proprietary business data, or deeply personal and sensitive stories (such as those that might be collected with great care in a project like HER[AI]TAGE, which absolutely require robust, consent-based handling and secure storage). It is imperative to always thoroughly check the privacy policy and security credentials of any AI platform before entrusting it with such information. Look for clear statements on data encryption, access controls, and data deletion options.

TAKING CONTROL: STRATEGIES FOR PROTECTING YOUR DATA AND ENHANCING YOUR PRIVACY

While data collection is widespread, you are not entirely powerless. The following table outlines proactive steps you can take:

Concept / practice area	Explanation / key information	Why it’s important with AI tools
Data literacy: types of data collected by AI	AI tools may collect: Explicitly provided data (name, email during signup); Interaction data (prompts, AI responses, clicks); Usage data/Metadata (frequency of use, device type, IP address).	Understanding what data is shared helps assess privacy risks. Prompts can contain sensitive information. Usage patterns can be analysed by providers.
Data privacy: review privacy policies & terms of service	Before using an AI tool, read its privacy policy to understand how your data is collected, used, stored, shared (e.g., for model improvement), and retained. Check for user-configurable privacy settings.	AI providers have varying data practices. Some may use your data to train future models. Knowing these terms helps you make informed choices.
Data privacy: data minimisation	Share only necessary personal information. If a field is optional, consider if providing the data is essential for the tool’s function or your benefit.	The less data you share, the lower your potential exposure in case of a data breach or policy change.
Data privacy: strong digital security	Use strong, unique passwords for each AI platform. Employ a password manager. Enable Two-Factor Authentication (2FA/MFA) whenever available.	Protects your AI tool accounts from unauthorized access, preventing misuse of your data or generated content.
Data privacy: phishing awareness	Be vigilant for suspicious emails, messages, or links impersonating AI services, attempting to trick you into revealing login credentials or personal data.	Scammers adapt to new technologies; AI service impersonation is a potential phishing vector.
Data privacy: handling sensitive information	Exercise extreme caution when inputting highly sensitive or confidential information (financial, health, proprietary business data, deeply personal stories) into public or third-party AI tools.	Unless the platform guarantees robust end-to-end encryption and clear, trustworthy data handling policies, such information could be at risk. Essential for HER[AI]TAGE data.
Data rights (e.g., GDPR)	Be aware of your rights under data protection regulations, which may include the right to access, correct, or request deletion of your personal data held by AI service providers.	Empowers you to have some control over your personal data held by AI companies.

WHY DATA LITERACY AND PRIVACY ARE PARAMOUNT IN ADULT EDUCATION

Ensuring digital safety and security: A solid understanding of data risks and privacy best practices helps protect adult learners from a growing range of digital harms, including identity theft, financial fraud, online scams, and unauthorized surveillance.
Empowering informed and autonomous choices: Data literacy empowers adults to make more informed and autonomous decisions about which AI tools and digital services they choose to use, and what level of information they are comfortable sharing in different online contexts.
Fostering critical engagement with the digital world: It helps learners to understand the underlying mechanisms of the digital economy, such as how targeted advertising works, why an AI might recommend certain content or products, or how algorithms can influence the information they see, thereby fostering a more critical and discerning view of the digital world.
Promoting responsible and ethical AI use: Data literacy is a cornerstone of the ethical and responsible use of AI for personal learning, academic pursuits, educational activities, and workplace tasks. For educators and researchers involved in projects like HER[AI]TAGE, ensuring the scrupulous protection of privacy for all participants, especially potentially vulnerable individuals like elderly storytellers sharing deeply personal narratives, is a critical and non-negotiable ethical responsibility.

Ultimately, promoting comprehensive digital and AI literacy – which inherently includes robust data literacy and privacy awareness – is a core component of preparing adults for equitable, safe, and empowered participation in our increasingly complex and technology-driven society.

PRACTICAL EXAMPLES

An adult learner is signing up for a new online language learning platform that uses AI to personalize lesson plans and track progress. Before completing their detailed profile, they carefully locate and review the platform’s privacy policy and data usage agreement to understand how their learning activity data, voice recordings for pronunciation practice, and personal goals will be used and protected. They decide to use a slightly modified version of their name (a pseudonym) for their public-facing profile to maintain a degree of privacy while still benefiting from the personalized features.
An educator is planning to use an AI-powered survey analysis tool to gain insights from anonymous feedback collected at the end of a course. They meticulously ensure that all potentially identifiable information (such as names, specific job titles if the group is small, or very unique qualitative comments that could inadvertently reveal an individual’s identity) is thoroughly removed or generalized from the raw data before uploading it to the AI tool for thematic analysis.
During a practical digital skills workshop for adult learners, the facilitator dedicates a significant portion of time to explaining the importance of strong, unique passwords and the benefits of using a reputable password manager. They demonstrate how to create complex passwords that are hard to guess, explain the concept of two-factor authentication (2FA), and guide participants through enabling 2FA on a sample online service, emphasizing its role in protecting accounts from unauthorized access.
A learner actively involved in the HER[AI]TAGE project is responsible for transcribing sensitive oral history interviews conducted with elderly community members. They are extremely careful to store the digital audio files and the resulting transcripts securely on an encrypted hard drive, using strong password protection for all relevant files and folders. They ensure that these raw, identifiable data are not uploaded to any public AI transcription tools or cloud storage services without explicit, documented, and informed consent from each interviewee specifically regarding such data use and storage.
After receiving an unsolicited email that appears to be from a popular AI service, urgently asking them to “verify their account immediately due to suspicious activity” by clicking a provided link and entering their password, an astute adult learner recognizes the tell-tale signs of a sophisticated phishing scam (e.g., generic greeting, sense of urgency, slightly off-brand URL). They wisely delete the email without clicking any links and, if possible, report it to their email provider or the impersonated service.
An adult learner is exploring various AI image generation tools for a personal creative project. They notice that some tools require creating an account with a verified email address and agreeing to broad data usage terms, while others offer more limited functionality but can be used more anonymously or with minimal data sharing. They carefully weigh the advanced features of some tools against the data privacy implications before deciding which one is most appropriate for their non-sensitive creative task, opting for the one that requests fewer personal data.
An adult education institution revises its data governance policy to include specific guidelines for the ethical use of AI tools by staff and learners. The policy mandates privacy impact assessments before adopting new AI platforms, requires transparency about how learner data is used by AI systems, and provides clear procedures for learners to request access to or deletion of their AI-related data.