Ethical considerations for implementing generative AI in marketing

Generative AI gives marketing teams new ways to produce personalized, on-brand content at scale — but only when organizations pair that speed with clear ethical guardrails around data privacy, bias, accuracy, and regulatory compliance.

The stakes are not abstract. Air Canada faced a court ruling after its AI-generated chatbot invented a bereavement fare policy that did not exist. A GM dealership's AI assistant agreed to sell a vehicle for one dollar. These failures share a root cause: genAI systems operating without grounding in verified company knowledge, permissions, or human oversight.

Marketing leaders now face a dual mandate. They need to capture the efficiency and personalization gains genAI offers while building governance structures that prevent brand-damaging errors, protect customer data, and satisfy a fast-moving regulatory environment that spans the EU AI Act, GDPR, FTC enforcement actions, and state-level laws like the Colorado AI Act.

How generative AI creates opportunities for brand messaging

Marketing teams can now use genAI to draft ad copy variations, localize campaigns across markets, and personalize messaging at a pace that manual workflows cannot match. A single campaign brief can generate dozens of headline and CTA options in minutes, freeing copywriters and designers to focus on creative strategy and brand differentiation rather than first-draft production. With 73% of marketing departments already employing generative AI, the technology has moved well beyond experimentation. McKinsey estimates genAI could add $2.6 trillion to $4.4 trillion annually to the global economy (McKinsey, 2023), and marketing content creation is one of the most immediate applications driving that figure.

Personalization becomes more precise when AI analyzes behavioral signals — purchase history, content engagement patterns, browsing sequences — to tailor messaging for specific audience segments. Ad platforms like Meta Advantage+ and Google Performance Max already auto-generate images, headlines, and calls to action from existing brand assets, reducing production hours and creative costs in the process. Teams looking to get started can explore practical AI prompts for marketing to accelerate campaign ideation.

These gains compound, though, only when the underlying system understands your organization's knowledge, context, and access permissions. Without that grounding, genAI content drifts off-brand, surfaces outdated product details, or references internal data a campaign audience should never see. Enterprise knowledge graphs help solve this by mapping relationships across company data — enabling AI systems to deliver contextually accurate outputs. Glean's Work AI platform addresses this directly: Glean Assistant delivers permission-aware, cited answers grounded in company knowledge, so marketing teams can generate and validate content against verified source material rather than ungrounded model output.

Key risks of using generative AI in brand messaging

Hallucinations and misleading content

Most genAI models generate text by predicting the next likely token, not by verifying facts. That statistical approach produces fluent, confident output — even when the underlying claims are false. The scale of the problem is significant: AI hallucinations cost businesses an estimated $67.4 billion globally in 2024, according to aggregated industry research. Marketing teams that publish AI-drafted product descriptions, pricing details, or policy statements without verification expose their brands to real financial and reputational damage.

Samsung learned this the hard way. In 2023, employees pasted proprietary source code and internal meeting notes into ChatGPT, inadvertently leaking trade secrets to a third-party model provider (Forbes, 2023). Virgin Money's AI assistant flagged the word "virgin" as inappropriate during a routine customer inquiry about an ISA account, turning a simple support interaction into a viral embarrassment.

These incidents share a pattern: AI tools generating outputs with no connection to approved, company-specific source material. Glean Assistant addresses the accuracy gap directly by delivering cited answers grounded in company knowledge, so marketing teams can trace every claim back to an approved source document rather than trusting unverifiable model output.

Bias and fairness in AI-generated content

AI models inherit the biases embedded in their training data. For marketing, that risk shows up in subtle but consequential ways: image generators that default to narrow demographic representations, copy engines that adopt different tones when describing products for different ethnic groups, and personalization algorithms that systematically exclude or over-target specific customer segments.

The problem is accelerating alongside adoption. Stanford's 2026 AI Index Report documented 362 AI incidents in 2025 — a 55% increase over the previous year and the highest annual count in the AI Incident Database's history. A 2024 McKinsey analysis of genAI adoption found that organizations deploying AI-generated creative at scale frequently encounter bias in outputs — image generators that default to narrow demographic representations and copy engines that shift tone based on audience ethnicity (McKinsey, 2024). For a brand running AI-generated creative at scale, even a single biased output can erode trust with the audiences you're trying to reach.

Bias auditing requires more than spot-checking finished assets. Teams need to evaluate training data composition, test outputs across demographic variables, and build feedback loops that flag skewed patterns before campaigns go live. Glean Agents support this kind of structured review — agents that plan, adapt, and act with enterprise context and governance rather than producing outputs in isolation.

Data privacy and sensitive information exposure

Every time a marketer pastes customer data, internal briefs, or competitive research into a third-party genAI tool, that information may enter a training pipeline the organization does not control. The risk extends beyond accidental leaks — organizations need robust AI security frameworks to address threats that range from data exfiltration to adversarial prompt injection. Many AI vendors' terms of service permit using input data to improve their models unless customers explicitly opt out.

Gartner predicts that improper use of genAI will cause at least 40% of AI-related data breaches worldwide by 2027 (Gartner, 2025). Marketing teams handle particularly sensitive material — customer segmentation data, unreleased campaign strategies, pricing models, and partner agreements — making them a high-exposure function.

Permission-aware architectures reduce this risk. Glean's platform respects existing permissions at every layer, so a marketing coordinator pulling insights for a campaign brief sees only the data their role authorizes. No proprietary customer records, restricted financial projections, or embargoed product plans surface in outputs they generate.

Intellectual property and copyright risk

Legal ownership of AI-generated marketing assets remains unresolved in most jurisdictions. The U.S. Copyright Office has ruled that purely AI-generated images cannot receive copyright protection, while courts in multiple countries are hearing cases about whether AI training on copyrighted material constitutes fair use. For marketing teams, the practical question is immediate: if your AI tool reproduces a competitor's tagline structure, a stock photographer's composition, or a copyrighted illustration style, who bears liability?

The safest position is to treat AI-generated content as a draft that requires human review, creative modification, and documented provenance. Teams should maintain records of which assets were AI-generated, which prompts produced them, and what human edits were applied before publication. Grounding genAI outputs in your own verified content — the approach Glean's Enterprise Graph and retrieval-augmented generation (RAG) architecture enable by connecting outputs to your organization's approved source material — reduces the likelihood of reproducing external copyrighted work in the first place.

Why traditional marketing governance falls short for generative AI

Most marketing approval workflows were designed for a predictable production process: a copywriter drafts, an editor reviews, legal approves, and the asset publishes. Each stage assumes a human author whose output is deterministic — the same brief produces roughly the same draft every time. That predictability no longer holds with genAI. The same prompt, submitted twice, can yield materially different outputs with different factual claims, tonal shifts, and structural choices.

That non-deterministic behavior makes traditional QA insufficient. A checklist that verifies "brand voice" against a single draft version misses the reality that tomorrow's AI-generated version of the same campaign email may violate guidelines the first version passed. Legacy compliance processes focus on input controls — approving the brief, the target audience, and the channel — rather than monitoring the actual outputs that reach customers.

Shadow AI compounds the problem. Research shows that 59% of employees use unauthorized shadow AI tools at work, while only 16% use employer-authorized AI tools (Awareways, 2025). A 2024 Gartner survey found that individual contributors adopt genAI tools faster than IT or legal teams can evaluate them. Marketers paste brand messaging into free-tier AI tools, generate social posts with unvetted image generators, and use personal accounts on large language model platforms — all outside the organization's visibility or control. The result is a growing volume of AI-generated content that bypasses every governance layer the company has built. Glean Search gives marketing leaders a single, permission-aware entry point for enterprise knowledge, reducing the incentive for team members to route around approved systems by making sanctioned tools faster and more accurate than shadow alternatives.

How to build an AI governance framework for marketing

Inventory and classify AI use cases

Start by cataloging every point where your marketing team uses or plans to use genAI. Map each use case against two variables: the sensitivity of the data involved and whether the output is internal or customer-facing. A social media caption generator using only public product descriptions carries lower risk than an AI tool drafting personalized email offers using purchase history. Classify each use case into tiers — low, medium, and high risk — and assign review requirements accordingly. Implementing active data governance supports this inventory process by giving teams visibility into where genAI tools are already accessing enterprise knowledge across connected systems.

Define acceptable use policies

Acceptable use policies should specify which content types can be fully AI-generated, which require human editing, and which must be entirely human-authored. Product claims that affect purchasing decisions, legal disclosures, and pricing information typically belong in the human-authored category. Blog outlines, internal meeting summaries, and first-draft social copy may qualify for AI generation with editorial review.

Write the policy in concrete terms marketers can apply without interpretation. Instead of "use AI responsibly," state: "AI-generated customer emails must be reviewed by a brand editor before scheduling. No AI tool may access customer PII without written approval from the data privacy team." Glean Assistant models this approach by delivering cited answers grounded in company knowledge, so teams can see exactly which sources informed each output.

Enforce permission-aware access and data controls

Data controls determine what information genAI tools can access, not just what they produce. Marketing teams should restrict AI tool access to approved data sources and enforce role-based permissions that mirror your existing information security policies. Building a permission-aware architecture is essential — when a junior campaign manager queries an AI assistant for competitive positioning data, the system should surface only what that person's role authorizes, not board-level strategy documents or restricted financial forecasts.

Glean's permission-aware architecture enforces this at the platform level. Every query respects existing permissions across your connected systems, so outputs reflect only what a given user is authorized to see. That principle eliminates an entire class of data exposure risk that policy documents alone cannot address.

Establish human oversight and review workflows

Human review should be proportional to risk. Low-risk outputs (internal brainstorming notes, draft outlines) may need only a quick scan. High-risk outputs (product claims, regulatory disclosures, customer-facing personalization) require structured review by subject matter experts and, in some cases, legal counsel.

Build review workflows directly into your content production pipeline rather than adding them as a separate step. When the review gate sits inside the same tool where content is generated, compliance becomes a default behavior rather than an afterthought. Glean Agents support this model — agents that plan, adapt, and act with enterprise context and governance, flagging outputs that reference restricted data or unverified claims before they reach a reviewer's queue.

Monitor outputs continuously

Governance does not end at publication. Marketing teams should audit live AI-generated content on a regular cadence — monthly for high-volume channels, quarterly for lower-frequency assets — to catch drift in tone, accuracy, or compliance. Periodic red-team exercises, where team members deliberately test AI tools with adversarial prompts, reveal vulnerabilities that standard testing misses. Forrester recommends treating AI output monitoring as a continuous program rather than a one-time audit (Forrester, 2024). Glean Agents produce auditable outputs that map back to approved data sources and organizational permissions, giving monitoring teams a clear record to review.

Navigating regulatory compliance for AI-driven marketing

Marketing teams operating across multiple markets face a fragmented and fast-evolving regulatory environment. The EU AI Act classifies AI systems by risk level — from minimal to unacceptable — and imposes documentation, transparency, and human oversight requirements that scale with that classification. Marketing personalization engines and automated content generators fall into categories that require clear disclosure and ongoing compliance documentation.

GDPR adds a separate layer. Any AI system processing personal data of EU residents needs explicit consent for training, clear data processing agreements with vendors, and the ability to honor data subject access and deletion requests. FTC guidelines in the United States target deceptive AI practices specifically — including fake AI-generated reviews, undisclosed AI authorship, and misleading capability claims. The Colorado AI Act introduces state-level obligations for AI systems that make consequential decisions affecting consumers.

The practical challenge is that a single marketing campaign may trigger obligations under multiple frameworks simultaneously. An email personalization campaign targeting customers in Germany, California, and Colorado could implicate GDPR, FTC guidelines, and the Colorado AI Act in a single send. Compliance requires treating regulatory monitoring as a continuous process, not a one-time legal review. Glean Search helps compliance and marketing teams stay current by surfacing the latest internal policy documents, legal guidance, and regulatory updates — grounded in company knowledge and scoped to what each team member is authorized to access.

Practical steps to implement ethical generative AI in marketing

Standing up a cross-functional AI oversight committee is the single highest-leverage move a marketing organization can make. The committee should include representatives from marketing, legal, IT, data privacy, and compliance — meeting monthly to review active AI use cases, evaluate new tools, and update policies based on regulatory changes and incident reports. Understanding the foundational requirements for integrating GenAI agents into the workplace helps ensure this committee builds governance that scales with the technology. Without cross-functional input, marketing teams make governance decisions in isolation, and legal teams discover AI-related risks only after they materialize.

Prioritize genAI tools that ground outputs in your organization's verified knowledge and respect your existing permission structures. Tools that pull from open internet data without source attribution introduce accuracy and IP risks that no amount of post-production review can fully mitigate. Audit vendor contracts specifically for data usage clauses: confirm whether your inputs are used for model training, where data is stored, and what happens to your data if the vendor relationship ends.

Training matters as much as tooling. Marketing teams need practical guidance on what genAI can and cannot do, which use cases require human review, and how to identify hallucinated or biased outputs. The challenge is structural: only 13% of businesses have hired AI ethics specialists to oversee responsible use, governance, and risk mitigation (McKinsey, 2024). The American Marketing Association's 2024 survey found that fewer than 30% of marketing organizations had provided formal AI training to their teams (AMA, 2024) — a gap that leaves individual contributors to develop their own informal, inconsistent practices.

Measure governance effectiveness with specific metrics: the percentage of AI-generated content that passes brand review on first submission, the number of data exposure incidents per quarter, the time from policy update to team-wide adoption, and the ratio of sanctioned to unsanctioned AI tool usage. Glean Agents give oversight committees a concrete mechanism for enforcement — agents that plan, adapt, and act with enterprise context and governance, producing auditable outputs that map back to approved data sources and organizational permissions.

Frequently asked questions

What are the biggest risks of using generative AI for brand messaging?

The primary risks are hallucinations (AI producing false but plausible claims), bias in generated text and images, exposure of proprietary or customer data to third-party model providers, and unresolved intellectual property ownership of AI-generated assets. Each risk requires distinct controls — grounding, bias auditing, data access restrictions, and legal review, respectively.

How should marketing teams disclose AI-generated content?

Disclosure requirements vary by jurisdiction. The EU AI Act requires clear labeling of AI-generated content in many contexts, and FTC guidelines prohibit passing AI-generated material off as human-created when that distinction affects consumer trust. As a baseline, maintain internal records of which assets were AI-generated and apply visible disclosure labels wherever regulations or platform policies require them.

Can generative AI be used for personalized marketing without violating privacy regulations?

Yes, but only with proper data governance. Personalization that relies on personal data must comply with GDPR consent requirements in Europe and FTC standards in the United States. Use permission-aware systems that restrict AI access to data each user or campaign is authorized to use, and confirm that your AI vendor's data processing agreements prevent input data from entering model training pipelines.

How often should an AI governance framework for marketing be updated?

Review policies quarterly at minimum, with immediate updates triggered by regulatory changes, significant AI incidents, or the adoption of new AI tools. The regulatory environment is shifting fast enough that annual reviews leave organizations exposed to compliance gaps for months at a time.

What role does human oversight play in AI-driven marketing?

Human oversight is the final quality gate for accuracy, brand alignment, and regulatory compliance. AI can generate drafts, suggest variations, and flag anomalies, but a human reviewer must verify factual claims, evaluate tone and cultural sensitivity, and authorize publication — especially for customer-facing content that involves product claims, pricing, or legal disclosures.

The ethical considerations for genAI in marketing are not a checklist you complete once — they are a set of operational practices that evolve alongside the technology, the regulations, and your own marketing ambitions. Organizations that build governance into their AI workflows from the start move faster, produce more trustworthy content, and reduce the risk of costly missteps.

If you're ready to see how permission-aware, grounded AI can support your marketing team's content operations, Request a demo to explore how Glean and AI can transform your workplace.