The Exchange Rate on the AI App You Downloaded

Artificial intelligence (AI) technology can transform pictures taken on a phone into a masterpiece worthy of sharing on social media in a few minutes. Sometimes, this can be done for the nominal cost of $5.99. Behind the scenes, this exchange also includes you handing over access to your camera, self-selected photos, and possibly personal information from your phone.  

At the time of this Overwatch brief, 3 out of the top 10 apps are AI-generator filters, proving their growing popularity. While many consumers are skeptical of the risk versus reward factors when using their email address to sign up for a service, they often do not confront downloading an app with the same analytical rigor. This is for many reasons: the infrastructure of app stores that make the path to purchase seamless, demographics, the company or industry, the type of digital format, and most importantly, the understanding of privacy legislation for consumer data. All are factors that contribute to consumer trust.  

 This week, Overwatch analysts will explore how consumers determine the ‘value’ of their personal information and the ambiguity behind data privacy that has potential impacts ranging from personal loss to national security.  

 The Varying Exchange Rate for Consumer Data 

According to McKinsey and Pew Research Center research, healthcare and finance industries rank highest in trust because they commonly work with highly sensitive data and are protected by federal legislation. However, the pace of technological advancement and the relative newness of personal data as a valuable commodity has limited regulation and conversation about the subject has caused consumers to undervalue their personal data.  

mckinsey_business_trust_visualThis point is proven in the chart below. Whereas email data tops the chart for consumer privacy and protection concerns, apps and programs are towards the bottom. Arguably, email has been around since 1971, whereas apps and programs were not introduced until 1994, when the first smartphone was launched. The adoption of new technology has a life cycle, and privacy and protection are often an afterthought. The more familiar people are with the medium, the greater the understanding on benefits and abuses when personal information is mishandled.  

mckinsey privacy chart

As mainstream media continues to report on data breaches, cybercrimes, and spam, which are undoubtedly rising alongside technology, people are beginning to realize how vulnerable their data is. Along with this growth in worry has come increased concern about the lack of regulated privacy laws around their consumer data and where vulnerabilities lie. 

The Vulnerability of Personal Data 

Every 39 seconds, there is a new cyberattack somewhere on the web and an estimated 64 percent of companies worldwide have experienced some form of cyberattack, according to the University of Maryland and TechJury. 

Not all data breaches are hacks. Many bad actors looking to capture personal data keep their eyes on cultural trends like AI filters that spark virality by creating FOMO (fear of missing out) among the masses, in hopes the buzz to try a new app overshadows privacy concerns. It is why countries like Argentina who have seen a 403% increase in cybercrimes are seeing marketing campaigns like the video below from HBSC to educate consumers about information voluntarily provided.

This tactic is similar to what we saw in 2019 with the popularity of FaceApp, a face-filter aging app oscillating images of faces from young to old. Over 100 million people downloaded the app without questioning its origin. Then, on December 2, 2019, the Federal Bureau of Investigation (FBI) raised security concerns about the Russian-developed app. Ian Thornton-Trump, a CompTIA faculty member, summarizes the magnitude of this risk saying, “Concerns are only really valid if you are a high-profile name, a company that holds sensitive IP, or someone who works in the intelligence services. Russia would very much appreciate and encourage the use of FaceApp by anyone with a security clearance and their immediate family.” Similar concerns have been raised around Tiktok, an app owned by ByteDance in China. In both cases, the app companies in question have insisted U.S. user data is not shared and is safely stored, although concerns around anti-American influence still exist and data privacy laws are not the same.   

With the AI-generated apps and more conversation around potential usage of #chatgpt and artificial intelligence, information campaigns like HBSC need to be designed to encourage users to pause before downloading. App stores have attempted to deliver on transparency, although the information is buried and literacy around best practices is somewhat unknown vernacular to many.  

Overwatch analysts decided to investigate further into Wonder, one of the AI-apps topping charts. In plain sight, the app store confirms the company is based outside of the U.S. in Istanbul, Turkey. Analysts scrolled down further to find security practices and app privacy at the bottom of the details. At a quick glance, the information seems to provide clarity with two distinct columns describing what data is linked to you and what is not, but how “User Content” and “Usage Data” are in both columns sends mixed messages. 

To avoid bias of companies outside the U.S., Overwatch analysts explored the available information on Lensa AI, which is also topping app stores. Lensa AI is owned by Prisma Labs, a veteran in the filter app business. Prisma Labs operates out of San Francisco, California. Through further research, analysts uncovered the company Co-Founder and Chief Technology Officer, Oleg Poyaganov, is a Soviet from Moscow City who studied at Moscow State Technical University. This is an indicator to proceed with caution, and apply additional critical thinking skills to develop a deeper analysis before downloading the app to thoroughly understand the risk over the reward. 

The Market Value of Personal Data 

Depending on the buyer and how the information will be used, the going rate for personal data varies whether the lead was obtained legally or not. The average market price range varies and can be approximately $90 – $161 per person.  

The Harvard Business Review provides a great visualization on how the value of data can vary depending on how the information is used and protected. The visual goes on to display use cases with companies like financial institution, Mint, who restrain from sharing sensitive data for profiling usage and set parameters for the data that is sold. The alternative is Meta, who collects and sells all data with the expectation of delivering the most value to their users.  

Our Assessment 

Technology, like artificial intelligence, is rapidly advancing, improving scale, efficiency, and creativity for companies and consumers. The life cycle of technology is outpacing regulations, potentially creating vulnerabilities that cannot be recovered from, such as data leaks.  

Healthcare and finance, with a head start on regulations, will likely lead the way in educating consumers about data privacy vulnerabilities, much like HBSC did in Argentina. As more awareness campaigns educate consumers, transparency among companies and app stores will respond with disclaimers and features to protect users. The challenge will be collecting enough data to find the balance between leveraging information to improve users’ experiences and deliver value while protecting their privacy. Unfortunately, consumers may ignore warning signs and learn from being hacked directly, and at a similar pace to companies investing trillions into cybersecurity.  

This will likely occur before consumer data regulations are formalized; therefore, the homework lies in the hands of the consumer. Determine the market value wisely.  


“The consumer-data opportunity and the privacy imperative”; McKinsey 

“The First Ever Email, the First Tweet, and 10 Other Famous Internet Firsts”; Yahoo! Finance 

“Your selfies are helping AI learn. You did not consent to this.”; The Washington Post 

“The FBI Investigated FaceApp. Here’s What It Found.”; Forbes 

“Panic over Russian company’s FaceApp is a sign of new distrust of the Internet”; Washington Post 

“That Face-Aging App Made by a Russian Company Has an Odd Privacy Policy”; GQ 

“Consumer Data: Designing for Transparency and Trust”; Harvard Business Review 

“For Consumers, Data Privacy Has a Fluid Definition”; Morning Consult 

“How many cyberattacks happen per day?”; TechJury