Retailers using AI must tread lightly with privacy laws

Retailers and AI: Wendy Tembedza is a partner at Webber Wentzel, an African law firm headquartered in Johannesburg, South Africa. Photo: Supplied/Ventureburn
Wendy Tembedza is a partner at Webber Wentzel, an African law firm headquartered in Johannesburg, South Africa. Photo: Supplied/Ventureburn

Artificial intelligence (AI) is being deployed to help shoppers make better choices, but retailers must be aware of their obligations under personal privacy and cybercrimes laws. This is the view of Wendy Tembedza, a partner at Webber Wentzel. She says the viability of AI-driven consumerism depends on retailers’ ability to show they can process personal data responsibly.

The acceleration of the fourth industrial revolution due to the Covid-19 pandemic has contributed to our general understanding of artificial intelligence (AI). AI is no longer viewed as a creation of science fiction. Instead, it is now understood in relation to its capabilities that allow machines to perform tasks that require human intelligence.

Specifically, AI functions by using complex algorithms to assess large amounts of data and gain insights from the data. The continuous ingestion of data teaches the AI tool to identify patterns and provide insights that can be predictive in nature. Increasingly, retailers are seeing the benefits of using these AI capabilities to better service consumers.

Personalised retail achieved through AI is redefining customer shopping trends. AI can help deliver enhanced customer experiences by making better product suggestions, enabling faster checkouts, and facilitating more convenient in-person shopping.

An example of AI in retail can be seen in the use of facial and voice recognition. The SPD Group, a London-based e-commerce solutions company, has developed a system for product suggestions based on tracking a customer’s location and actions in-store. The system analyses video footage from cameras, identifies customers in frames and tracks the customer’s location in the store.

Walmart Tesco, and many other established retail brands, use Google or Amazon AI technology to provide customers with simple and quick voice searches. For example, the introduction of Walmart Voice Over by Walmart and Google allows customers to simply say “Hey Google, talk to Walmart and add milk to my cart” to their Google Assistant. The specific milk the customer regularly buys is then added automatically to the customer’s online cart.

Retailers are also using AI in virtual fitting rooms which are a great way for customers find the perfect outfit while saving time. A virtual fitting kiosk from Me-Ality can scan a customer in 20 seconds and measure 200,000 points of their body in this period. Companies like Levi’s and Gap have installed these scanners in selected stores and have seen a notable increase in sales as a result.

Locally, Superbalist.com recently launched Fit Finder – the first South African retailer to do so.  Consumers know all too well that certain brands do not always run true to size.  Fit Finder, developed by Fit Analytics GmbH, is an intuitive tool that assists consumers shopping online to make accurate sizing choices by answering a series of size- and brand-related questions. Fit Finder then uses the responses, along with sale and return records, to suggest the correct size.

The viability of AI-driven consumerism depends on retailers’ ability to show they can process personal data responsibly. While the use of AI creates opportunities for retailers, the deployment of any AI tool in the South African retail context must be carefully scrutinised for compliance with data protection laws.

AI tools and POPIA compliance

AI tools should be configured and operate in such a way that they help the retailer to meet its obligations under the Protection of Personal Information Act, 4 of 2013 (POPIA). For example, the use of facial recognition AI meets the definitional requirements of personal information regulated by POPIA. Retailers will therefore need to be comfortable that their chosen tool includes appropriate controls to reduce the risk of unauthorised access to the relevant data.

Retailers must also be aware of the implications of the Cybercrimes Act, 19 of 2020 (Cybercrimes Act) on their operations. The Cybercrimes Act creates offences in relation to cybercrime. AI requires access to vast volumes of data, which results in an increased risk of cybercrimes.

Cybersecurity is essential as a prerequisite and enabler of AI processing. It is best practice for retailers to put measures in place to reduce the risk of the occurrence of an offence contemplated in the Cybercrimes Act, for example, measures to prevent the unlawful access to, or interception of, data. Certainly, retailers should be alive to the reputational consequences of a failure to put measures in place to guard against the identified cybercrimes and should understand that their AI tools should be configured in such a way as to assist in this protection.

AI can have a significant positive impact on how retailers deliver personalised customer experiences. It has been shown that these experiences can result in retailers not only retaining their existing customer base, but also gaining new customers. However, when implementing AI retailers must be cognisant of their obligations under POPIA and the Cybercrimes Act.

ALSO READ: Young ed-tech founder equips learners with digital skills

More

News

Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Ventureburn

Sign up to our newsletter to get the latest in digital insights.