Skip to content

November 2025 wrap-up

What have I been doing and learning this month? This blog post triples as my notes, a status update, and a way to share the things I found interesting this month.

Highlights

This month I did a short contract for Kapa AI. It was great to get to know the team. I'm still really excited about the product.

Watching

The Marketing Meetup: AI & The Law - Ryan Lisk

Webinar recording on YouTube

Easy to sleepwalk into legal issues, but also easy to avoid once you know.

Three examples:

The angry photographer and Nano Banana: a photoshoot for new product packaging for a supplements brand, managed by an agency. Agency used a photographer to go create assets for the brand. Photographer later took legal action because the agency had taken the images from that job, fed them into Nano Banana, and modified them and used them for purposes beyond the scope of the initial campaign. Because the photographer was a contractor, they owned the copyright unless there were clauses to transfer IP ownership. An additional complication: agency had a contract assigning rights to the brand, but didn't have the rights in the first place from the photographer. And the agency had now fed the photographer's images to AI, which would likely train on it.

There should have been a conversation up front with the photographer, with the agency paying a suitable fee and the contract transferring intellectual property from photographer to agency.

And the agency should have been careful of feeding images into AI: the brand clearly wanted to own the IP, so by feeding the IP images into the AI, the agency put the brand's assets at risk. So either don't use AI, or be transparent with clients that IP ownership can't be guaranteed when using AI. Make sure your client accepts the risk. Using AI makes IP ownership very murky. You can't guarantee ownership of AI output, and there is no guarantee that the assets won't appear in other people's generative AI output. You can only guarantee IP ownership if you don't use AI.

Be careful when using AI to draft contracts and policies: in this example, someone used AI to generate a referral agreement that would provide for 10% commission for new business opportunities. Fortunately they decided to double check with a lawyer. It didn't cover things like what qualified as a referral, or how to handle referrals that didn't convert.

Pay the experts, at least to review what you've created.

Confidentiality: be clear about what tools can be used, and why/why not. People are plugging in third party tools that are swallowing up sensitive data. Depending on the end user agreement, the tools may use this data to train models. Check licenses carefully! In this example: an agency warned by a client's (in the healthcare space) legal team that there was a suspected breach of confidence. The client had used the agency to take a white paper and create a social media campaign using it, with sensitive timing around a product launch. The contract made it clear AI shouldn't be used and the campaign was confidential. But traces of the paper started appearing in the output of ChatGPT. The agency didn't know what AI tools their team actually had access to, and they didn't have a license in place with ChatGPT (meaning people were using their personal licenses). The agency had done no training of the team to prevent this.

Be very clear what your client's expectations are: can you use AI? What are the confidentiality terms?

Be especially careful with regulated industries and listed companies.

Be extremely careful about pluggin AI into email in particular. Check the terms on your autotranscription tools.

Scraping data:

You can't guarantee the data you're getting is safe and legal to use. You might get data covered by GDPR, but you can't state where you got it from (no audit trail), which is risky.

Many companies are putting in their terms of use that you can't use AI to scrape their sites. Make sure you're not breaching this when scraping. It is a criminal offence to scrape data without permission, and people could pursue a private prosecution if motivated (and well-resourced).

Things to do:

  • Get a clear audit of what you're currently using, their end user licenses, and any risks.
  • Create internal and external policies.
  • Make sure your contracts are clear about AI usage and IP (both with your clients and your freelancers).
  • Sanitise any data you put into AI.

Resources:

Interesting side note: crazy vulnerabilities, such as hackers emailing with white text to target AI tools that read email.