Privacy Isn’t Dead, but AI Is Rewriting the Rules
Privacy Isn’t Dead, but AI Is Rewriting the Rules
In an age shaped by artificial intelligence, privacy has taken on new meaning. It is no longer just about what we share, but what can be learned from the countless digital traces we leave behind every day. Every action online, every interaction with technology, silently contributes to a narrative about who we are.
As AI amplifies the power of data, we must ask ourselves: how much privacy are we willing to trade for convenience? And should we have to make that trade at all?
Privacy experts at Telenor Asia, CelcomDigi and Grameenphone tell us that privacy today is about having control, security and human oversight in a world where algorithms can predict and shape choices.
Anonymisation is no longer a safety blanket
AI has fundamentally changed privacy risks. Previously, people assumed that giving or withdrawing consent controlled how their data was used. Today, AI systems continue learning from individuals even after consent is withdrawn, turning everyday digital traces – locations, clicks, messages, habits – into identifiable behavioural fingerprints. This means that anonymisation alone is not enough and more needs to be done to safeguard user privacy.
New privacy risks have also emerged, for example, those of identification, exposure, distortion, aggregation, and unwanted disclosure. For instance, Fitness app Strava’s 2018 heatmap aggregated fitness GPS data, inadvertently identifying military personnel by their unique movement signatures, exposing military bases worldwide.
“Artificial intelligence is redefining responsible innovation and digital trust. It’s no longer just about what we share, but about what can be inferred and learned from the digital traces we leave behind every day. Human oversight alone can’t scale with agent autonomy, so control must be built into identity, permissions, monitoring, and escalation, and not added as policy or review,” Kulani Kulasingam, Director of Privacy and Governance at Telenor Asia said.
Safeguarding your digital traces
As AI technology becomes more capable , users need to adopt stronger digital hygiene practices to protect themselves. Start by limiting the digital traces you create, review app permissions regularly, restrict location sharing, and turn off tracking features.
Use privacy tools such as secure browsers, VPNs, and encrypted messaging apps and when possible, opt out of data sharing for advertising and profiling.
Finally, stay alert to behavioural profiling: small habits such as consistent login times, movement patterns, or search history can reveal more than you think. In a world where anonymisation is no longer foolproof, conscious digital choices are the strongest protection.
Increasing demand for transparency and human oversight
In this new reality of AI, people are eager to embrace innovation but equally clear about the need for responsibility, transparency, and human oversight. According to Telenor Asia’s Digital Lives Decoded 2025 reports which surveyed 3000 respondents in Malaysia, Thailand and Bangladesh, two in three users are willing to share data only if trust and clear value are guaranteed.
While a majority are taking ownership of their own AI literacy, they also demand that companies and governments uphold ethical standards, ensure human oversight, and provide transparency in how AI systems operate and make decisions.
Telecommunications operators sit at the heart of the digital ecosystem, with visibility over network traffic, device behaviour, and service usage. This gives them a mandate to drive responsible AI practices across their sphere of influence.
A key risk identified is this data being used beyond the original objective or legal basis. To address this, telcos need to embed “privacy by design” into AI deployments: embed data protection into the architecture, minimise data used for analytics, apply strong anonymisation where possible, and invest in robust security and governance.
In Malaysia, building trust is a key priority at CelcomDigi. The telco’s governance approach is built on stringent data privacy processes in compliance to Malaysia’s Communications and Multimedia Act, the Personal Data Protection Act and all applicable regulations. Comprehensive reviews of its privacy and data protection compliance programme are undertaken rigorously to drive constant improvements, align with best practices as well as new and emerging legislation.[1]
The telco routinely convenes colleagues responsible for advancing its governance maturity and the existing robust structures it has today, establishing a core line of defence to guide and oversee the company’s responsible practices. Most recently, these custodians participated in GSMA’s Responsible AI framework workshop to reinforce a consistent, responsible, and trusted AI approach across the organisation.
“Trust and privacy form the foundation of our operations at CelcomDigi. As AI reshapes the digital landscape, we remain committed to implementing the highest standards of responsible business practices and aligning with global standards to protect customer data and uphold ethical innovation,” Benjamin Shepherdson, Head of Privacy at CelcomDigi says.
Entering a new era of digital governance
As digital economies expand and AI risks grow, countries are racing to establish or rewrite regulations to include AI[1]. In Bangladesh where Grameenphone operates, a Personal Data Protection Ordinance 2025 which regulates how personal data is collected and used was recently passed. This is the first ever privacy law in the country and a timely move welcomed by Monsur Quader Faruqui, Head of Privacy and AR at Grameenphone.
“The Ordinance gives users stronger control over their personal data and ensures that public and private entities handle that information responsibly. This is a big step toward building a safer, more trustworthy digital experience for everyone in Bangladesh. At Grameenphone, privacy has been embedded into everything we do from the start, and we will continue to strive for the highest standards in this new era of digital governance,” he said.
Beyond compliance, society expects telcos to act ethically and protect users’ rights. As a key infrastructure provider, telcos that demonstrate responsible AI practices and put in place strong privacy protections differentiate their brand, build deeper trust and foster long-term loyalty. They are also well-positioned to work with regulators, advocate for clear industry standards, and educate customers about digital hygiene and AI literacy.
“The future of privacy will not be secured by legislation alone. It will be shaped by the choices companies make when designing AI systems, the standards they uphold in their ecosystems, and the respect they show for the people behind the data. AI may be rewriting the rules, but with responsible governance, clear purpose, and respect for human autonomy, we can ensure it rewrites them for the better,” Kulani concludes.