AI applications frequently process sensitive personal information, requiring careful privacy engineering. PII detection and redaction: use Microsoft Presidio (open source) for detecting and anonymizing PII in text before sending to external LLM APIs. Supports 50+ entity types (email, phone, SSN, credit card, names, addresses). Integrates with spaCy for NER-based detection. Data minimization: collect only data necessary for the specific AI task. Avoid including full user profiles when a user ID suffices. Implement data retention policies - delete training data after model training. Differential Privacy: add calibrated Gaussian or Laplace noise to model outputs or training gradients to prevent membership inference attacks. TensorFlow Privacy and Opacus (PyTorch) implement DP-SGD for private training. Trade-off: higher privacy budget epsilon = less noise = less privacy. Typical epsilon 1-10 for reasonable utility-privacy balance. Federated Learning: train models on distributed devices without centralizing data. Suitable for mobile apps where user data should not leave device. PySyft and TensorFlow Federated for implementation. GDPR compliance checklist: lawful basis for processing, privacy by design, right to erasure (model unlearning is hard - consider excluding PII from training), data processing agreements with AI providers, breach notification process. Practical: for EU users, prefer EU-based or GDPR-compliant AI providers (Azure OpenAI, Mistral, Aleph Alpha).