AI trends for 2025: Data privacy and cybersecurity

January 10, 2025

A convergence of rapidly evolving technological developments is leading to an increased focus on privacy and security by design and effective AI and data governance by companies and regulators around the world as the practical impact of AI on data privacy and security becomes clearer. The dynamic landscape of data privacy and security is demanding continuous adaptation from organizations and regulators, which privacy and security by design combined with strong governance help to achieve.

The past year was marked by an increased scrutiny of AI's impact on privacy, a heightened focus on protecting children's data, a need for businesses to adapt their models to comply with stricter data privacy laws and a growing practical risk arising from AI-enabled cyber threats.

Governments globally are enacting stricter data privacy regulations to protect personal information. Regulators are also scrutinizing the ethical implications of AI systems, prompting businesses to adopt privacy-preserving techniques like federated learning and differential privacy. Recent examples of AI-powered chat bots urging minors to engage in self-harm, suicide and violence against parents have led to intense scrutiny of whether these undesirable outcomes are the result of poor design choices or failures of governance. As privacy laws become more complex and intertwined with AI-specific regulations, and as litigation risks increase, businesses face greater challenges in complying with inconsistent requirements without unnecessarily hindering technological innovation.

Privacy by design

Privacy by design - embedding privacy features into products, services and processes from their inception - has become a cornerstone for organizations prioritizing data protection, particularly in the AI age. By addressing privacy concerns early, businesses can ensure compliance, reduce risks and build consumer trust. Engaging in privacy by design can help to reduce the likelihood that personal information used for training of AI models is inappropriately disclosed in the results produced by the models or that personal data is incorporated into training data without appropriate consideration and mitigations. The widespread adoption of privacy by design signals a shift in attitudes toward privacy from treating privacy as a strategic asset rather than a mere afterthought. Companies embracing privacy by design are also better able to demonstrate a proactive commitment to transparency and responsibility, meeting the expectations of regulators and consumers for ethical data handling and AI development.

Cyberattacks

Cyberattacks, often supported by AI-powered tools, are more frequent and sophisticated, creating significant risks for organizations and governments worldwide. For example, Chinese state-linked hackers, known as "Salt Typhoon", infiltrated global telecommunications networks, compromising sensitive communications of senior officials. Integrating security by design is essential to withstanding these cyberattacks and enhancing digital resilience. Many organizations are more effectively integrating security into the design of their systems, adopting zero trust architecture to more effectively control and verify access to resources, using AI to detect threats in real time, automate responses and prevent attacks, moving more data to the cloud to take advantage of third-party expertise, and implementing extended detection and response to integrate data from multiple security products into a single system to provide a more holistic view of potential threats. Robust and pragmatic governance structures and practices are critical for ensuring that the security measures implemented by design - security by design - continue to function as intended and remain updated with the latest intelligence and technology patches, and helping organizations that have suffered a security incident demonstrate that they had taken reasonable security measures to regulators and plaintiffs.

Collaboration among stakeholders is critical to address these challenges. Governments, industry groups and businesses are increasingly working more effectively together to establish global standards for data privacy and security, harmonize approaches and promote cross-border cooperation. Increased harmonization and collaboration would simplify compliance and enhance cybersecurity resilience.

In the face of rising cyber risks, stricter regulations and increasingly sophisticated technology, proper design and governance is a necessary foundation for balancing innovation with responsible risk management. Proactive, thoughtful and integrated approaches to data privacy and security will become increasingly important to efficiently navigate challenges and capture opportunities.

Download the full global AI trends report or navigate to our key areas listed below. Visit Dentons' AI: Global Solutions Hub for the latest legal insights, webinar recordings and regulatory overviews from around the world.

Download the report

• Our overview for 2025
• AI regulation, governance and ethics
• AI projects and procurement
• Employment and talent management
• IP protection and enforcement
• Disputes and managing liability
• M&A and investments
• Competition and antitrust