Coming Soon
E4OECD AILit — Engaging with AI, Competency 4
AI and Your Privacy
Your Data Fuels AI
Every app on your phone wants to know more about you. Some ask directly — “can I see your contacts?”, “can I use your location?”. Most collect data quietly in the background — what you tap, when you open it, how long you stay. Behind this is a simple trade: free apps stay free by turning your data into something they can sell. GrabFood knows where you live and work. Facebook knows what stops your scroll. Your bank app knows every transaction you’ve ever made. Most of it is used for legitimate purposes — but “legitimate” isn’t the same as “only what you’d agree to if asked clearly”. This mission is about seeing what your apps actually take, and deciding what you’re OK with.
How We Got Here
In the early 2000s, most online services charged money. You paid, they gave you the service. When Gmail launched free in 2004 with 1 GB of storage — a number that seemed absurdly generous — it opened a new model. Free, but they read your emails to target ads. Many users signed up anyway.
Over the next decade, this became the default across the web. Facebook, Instagram, TikTok, YouTube, Google Search — all free at the door, all funded by showing you ads targeted by everything they can learn about you. The product isn’t the app. You are the product. The app is the bait.
AI supercharged this pattern. Machine learning turns raw clicks into startlingly accurate predictions. Shopee can predict which products you’ll buy. Your music app can predict which song you’ll skip before you skip it. Dating apps can predict which profiles you’ll swipe right on. The model doesn’t just know what you did — it often knows what you’ll do next.
Not all of this is sinister. Some of it is useful — better recommendations, faster replies, more scams caught. But once the data exists, it can be sold, leaked, subpoenaed, or repurposed in ways nobody explained when you tapped “Allow”. The rest of this mission is about what gets collected, who sees it, and what you can actually do about it.
Over the next decade, this became the default across the web. Facebook, Instagram, TikTok, YouTube, Google Search — all free at the door, all funded by showing you ads targeted by everything they can learn about you. The product isn’t the app. You are the product. The app is the bait.
AI supercharged this pattern. Machine learning turns raw clicks into startlingly accurate predictions. Shopee can predict which products you’ll buy. Your music app can predict which song you’ll skip before you skip it. Dating apps can predict which profiles you’ll swipe right on. The model doesn’t just know what you did — it often knows what you’ll do next.
Not all of this is sinister. Some of it is useful — better recommendations, faster replies, more scams caught. But once the data exists, it can be sold, leaked, subpoenaed, or repurposed in ways nobody explained when you tapped “Allow”. The rest of this mission is about what gets collected, who sees it, and what you can actually do about it.
Pick Your Move
Each option shows its trade-off after you choose.
A new chat app you downloaded asks for access to your entire contact list so it can “help you find friends on the platform.” You only installed it to talk to one group of classmates. What’s your best move?
A weather app asks for location permission “Always” (even when closed) instead of “Only while using.” Does the difference matter?
A photo editor offers: Free (with ads and data sold to partners) or Paid (around $3 one-time, no ads, no data sharing). You plan to use it once a week. Which is the smarter long-term choice?
Privacy Data Flow
Toggle permissions to see how your data flows through different systems.
You controlShared with server3rd party access
What Data AI Collects
Every app collects something, whether you notice or not. The question isn’t whether, it’s how much and for what. There are three broad categories:
What you give directly — your name, email, phone number, payment info. Obvious, consented to, usually necessary. If an app asks for it, at least you see the ask.
What the app observes — every tap, scroll, pause, and back-button. How long you stay on each screen. Which items you look at but don’t buy. Which ads you scroll past without clicking. This data is the raw material for personalization and recommendation, and it’s much larger than what you typed in.
What your phone passively shares — location, device ID, network info, sometimes contacts, calendar, or photos. Apps ask with a permission prompt, but the ask is usually framed to sound necessary (“allow location for the best experience”). Once granted, the app can collect this data every time it runs.
On top of your direct data, apps combine with data they buy from other companies. Your shopping history at one store, your reading patterns on one news site, your GPS trails from a map app — data brokers package these and sell them to anyone who’ll pay, including other apps. The profile built about you often includes information you’ve never directly given anyone.
Where does it all go? The first hop is the app’s own servers. Then usually to third-party analytics (who’s using the app), ad networks (what ads to show you), cloud providers (where it’s stored), and sometimes partner companies (sister apps, advertisers, affiliates). Each hop is another chance for the data to be misused, sold further, leaked, or subpoenaed.
What you give directly — your name, email, phone number, payment info. Obvious, consented to, usually necessary. If an app asks for it, at least you see the ask.
What the app observes — every tap, scroll, pause, and back-button. How long you stay on each screen. Which items you look at but don’t buy. Which ads you scroll past without clicking. This data is the raw material for personalization and recommendation, and it’s much larger than what you typed in.
What your phone passively shares — location, device ID, network info, sometimes contacts, calendar, or photos. Apps ask with a permission prompt, but the ask is usually framed to sound necessary (“allow location for the best experience”). Once granted, the app can collect this data every time it runs.
On top of your direct data, apps combine with data they buy from other companies. Your shopping history at one store, your reading patterns on one news site, your GPS trails from a map app — data brokers package these and sell them to anyone who’ll pay, including other apps. The profile built about you often includes information you’ve never directly given anyone.
Where does it all go? The first hop is the app’s own servers. Then usually to third-party analytics (who’s using the app), ad networks (what ads to show you), cloud providers (where it’s stored), and sometimes partner companies (sister apps, advertisers, affiliates). Each hop is another chance for the data to be misused, sold further, leaked, or subpoenaed.
You Have More Control Than You Think
A useful way to think about permissions: the app deserves only as much as it needs for the feature you’re using. A map app needs location. A photo editor needs photo access. A calculator needs nothing. When the ask doesn’t match the job, pause. The easiest, highest-leverage move: open your phone’s privacy settings once a month and review which apps have access to location, contacts, and microphone. You’ll be surprised what you granted two years ago and haven’t used since.
Privacy Is a Practice, Not a Panic
Nobody is 100% private online in 2026 — that ship sailed. But privacy isn’t a binary; it’s a set of small daily habits that add up. Review one app’s permissions this week. Read the short privacy summary Apple or Google now shows in the App Store. Say no to “always on” location when “while using” works. Delete an app you don’t use.
None of this requires giving up convenience — it just requires knowing what the trade is. Free apps run on your data. Paid apps run on your money. Each has a cost and a benefit, and you’re now equipped to pick with your eyes open.
In the next mission, AI and Society, we zoom out from the personal: from what AI does to your phone, to what AI does to jobs, schools, hospitals, and public life. Privacy is individual. The next question is collective.
None of this requires giving up convenience — it just requires knowing what the trade is. Free apps run on your data. Paid apps run on your money. Each has a cost and a benefit, and you’re now equipped to pick with your eyes open.
In the next mission, AI and Society, we zoom out from the personal: from what AI does to your phone, to what AI does to jobs, schools, hospitals, and public life. Privacy is individual. The next question is collective.
Check Your Understanding
1. Which type of data is collected without you actively sharing it?
2. What is 'inferred data'?
3. What should you do to protect your privacy?
Answer all questions. You need 70% to pass.