Technology Overview
The AI technology stack for commerce — foundational models, agentic AI, LLMs, privacy & security, investment costs, and what comes next — based on Book Part 5 of the AI Best Practices for Commerce reference.
Privacy & Security
Foundational principles for responsible AI systems
Special Considerations for Sensitive and Biometric Data
Sensitive and biometric data require heightened protection because they carry a higher risk of harm if misused or exposed. Biometric identifiers such as facial images, fingerprints, iris patterns, or voice characteristics are deeply personal and often irreversible. Once compromised, they cannot be “reset” like passwords. AI systems that process such data must minimize the retention of raw biometric inputs, using them only for the immediate purpose of verification, transformation, or analysis.
AI systems also increasingly infer sensitive traits from non-sensitive data. For example, linguistic cues, browsing behaviors, or physiological markers such as voice or posture may reveal emotional states, health indicators, or behavioral tendencies. Individuals may have no awareness that such inferences are possible, raising ethical questions about consent and fairness. Responsible deployment requires transparency about what is being inferred, robust safeguards against unauthorized profiling, and controls that prevent sensitive attributes from influencing decisions in discriminatory or opaque ways.
Regulatory frameworks often treat biometric and sensitive data as requiring special handling, including explicit consent, strict retention limits, and enhanced security controls. Organizations must ensure that their AI systems comply with these requirements and adopt ethical frameworks that respect user autonomy, dignity, and expectations.
Last updated: March 12, 2026