A guide to AI adoption in retail — must-know legal considerations explained

From online ‘conversions’, in-store targeted marketing and customer service to automating inventory management, detecting fraud and the post-purchase experience, AI is now transforming the retail sector and our shopping experience.

Here, Emma Horscraft and Irem Tarasek lay out the must-know legal considerations to aid the compliant roll-out of AI in any retail business.

How are retailers using AI?

Some key areas where AI is being deployed by retailers include:

• Customer behaviour analysis: AI-powered engines are analysing purchase histories and search queries to offer personalised product suggestions. This level of personalisation can not only boost sales but also improve customer loyalty.
• Operational efficiency: From inventory management to demand forecasting, AI tools are helping retailers to optimise their supply chains and reduce waste — ensuring that products are available when and where customers need them while achieving cost savings and improved customer satisfaction.
• Customer service: Chatbots have evolved into sophisticated AI voice agents that provide personalised interactions and the ability to offer 24/7 customer support. Sentiment analysis tools can even detect customer emotions, allowing brands to tailor their responses and improve service quality. This shift towards enhanced AI customer service is crucial in meeting the growing expectations of today's consumers who expect world-class service.
• AI-generated content: Generative AI is increasingly used to create content, product descriptions and marketing materials. This may lead to disputes based on misrepresentation or the ownership of content.

Three must-know legal considerations

1. Data protection

One of the fundamental considerations when introducing AI is that of data protection. The retail sector is renowned for its collection of personal data, including for marketing purposes, loyalty schemes and digital receipts. AI can therefore raise significant concerns around how personal data is stored and processed. 

This topic has recently entered the spotlight due to the devastating cyber-attacks on M&S, Co-op and Harrods — with the hackers themselves warning that further attacks on retailers are in the works.

Under the data protection laws, anyone processing personal data (where ‘processing’ means any use of personal data, including simply storing it) must comply with the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR). The regulations require businesses to be transparent about the processing of personal data and publish a privacy notice that informs customers of what’s happening with their data, why it’s happening and how long it’ll be stored. 

If your business is thinking of integrating AI into its systems, you must ensure compliance with the data protection regulations or risk incurring significant fines (up to £17.5m or 4% of global annual turnover, whichever is higher) and reputational damage. 

Our data protection team offers specialist management training and GDPR compliance, including support on handling rights requests, complaints and investigations that relate to data protection, data subject rights, subject access requests (SARs) and dealings with the ICO.

2. Bias & discrimination

Integrating AI into existing workflows can be challenging and retailers must understand the complexities of AI implementation to ensure that this complements human roles rather than replaces them. Retailers must be mindful of the societal impact of AI and address potential employment law concerns, such as the impact of automation on job security and the need for reskilling employees to adapt to new technological demands. 

With the Government still in the process of drafting AI-specific legislation, we’re in a grey area with AI training data — and this can inadvertently lead to discriminatory practices. The White Paper on AI Regulation highlighted that the subsequent legislation must implement safeguarding measures to detect and mitigate bias in AI systems. 

It set out five key principles for regulators: 

1. Safety, security & robustness.
2. Appropriate transparency & explainability.
3. Fairness.
4. Accountability & governance.
5. Contestability & redress.
    

The Government’s AI Playbook — which includes guidance from the Department for Science, Innovation and Technology (DSIT) — indicates that this can be achieved by including responsible access to demographic data. By exposing AI systems to such data, the Fairness Innovation Challenge delivered by DSIT indicates that AI will be able to adapt and determine what fair outcomes look like, as well as how they’re achieved using appropriate metrics, assurance tools and techniques and socio-technical interventions.

This will also be achieved by using techniques such as synthetic data generation, which involves the feeding of computer-generated data into AI models to counter any imbalances or underrepresentation in real-life data. This should all lead to more ethical AI procedures that prevent discrimination against protected characteristics under the Equality Act 2010 — age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex and sexual orientation.

These biases have been highlighted by the Human Rights Commissioner, who stated that “AI hoovers up every fact, every datum in our world, with all of the discriminations, the hatreds, the biases to be found in that data”.

One interesting trend is the rise of AI influencers and AI-generated fashion models. Such use of AI raises questions about authenticity and representation, with brands urged to balance innovation with ethical considerations to avoid alienating consumers — particularly around unrealistic beauty standards. Beauty brand Dove has taken the step of declaring that it’ll never use AI to create or distort women's images to help build trust with its customers. Any use of AI in influencer marketing requires careful management of legal risks, with retailers required to comply with advertising regulations and disclose any non-human works to avoid misleading consumers.

3. Intellectual property (IP)

The use of AI in creating content is currently the subject of considerable legal debate, specifically with relation to copyright infringement law. The Government is now working on the challenge of establishing appropriate accountability frameworks. 

Retailers must remain cautious of AI’s creative output on the basis that the AI model consumes a vast amount of creative content and may not necessarily have been trained to differentiate between protected and non-protected works. Significant harm may be caused to your business if you inadvertently infringe someone else’s copyrighted works. 

Our IP team has contributed to the recent Government consultation on this topic and there are a few ways to minimise the risk of potential infringement by your integrated AI model. 

Firstly, just by being aware that generative AI models may have been trained using protected works will allow you to treat any creative output with relative caution. From there, your business can ensure that any input into the model isn’t subject to copyright protection or — if it is — that the appropriate licence has been obtained prior to use. Keeping up to date records of any licences acquired and subsequent generative output will ensure that your business can demonstrate the exact creative origin of an output.

Talk to us

As AI is ever evolving, we’re in the midst of legal, regulatory and ethical changes that will ultimately shape the future of the retail sector. It’s essential that retailers remain proactive in ensuring consistent regulatory compliance that safeguards customer interests. This includes being aware of how personal data is being processed by AI and which data protection regulations you must therefore comply with. 

You must remember that AI won’t always supply you with representative data and can contain biases. Retailers should also remain cautious when it comes to AI’s creative outputs and what sources it has used.

While the EU AI Act applies only to the EU, UK retailers with a customer base within the EU must stay compliant with it. It’s expected that the Act will set a universal standard and provide guidance, much like the GDPR did following its implementation.

With specialists in data protection, cybersecurity, intellectual property and more, our retail team is here to support your digital transformation journey, including the adoption of AI.

Talk to us by giving us a call on 0333 004 4488, sending us an email at hello@brabners.com or completing our contact form below.