Skip to main content
MIT AI Risk Initiative
BackPrivacy and data collection concerns (collecting personal information or personally identifiable information)
Home/Risks/G'sell (2024)/Privacy and data collection concerns (collecting personal information or personally identifiable information)
Legal challenges
Privacy and data collection concerns (da…

Privacy and data collection concerns (collecting personal information or personally identifiable information)

Regulating under Uncertainty: Governance Options for Generative AI

G'sell (2024)

SourceDOI
Sub-category
Risk Domain
2Privacy & Security
2.1Compromise of privacy by leaking or correctly inferring sensitive information

AI systems that memorize and leak sensitive personal data or infer private information about individuals without their consent. Unexpected or unauthorized sharing of data and information can compromise user expectation of privacy, assist identity theft, or cause loss of confidential intellectual property.

"Generative AI developers train their models with extensive datasets often gathered through online web scraping of websites that may include personal data or personally identifiable information (PII). For most generative AI applications, such as initial model training, the primary concerns are the quantity, variety, and quality of the data, not whether they include personally identifiable information. However, some web-scraped datasets may inadvertently include personal data. Additionally, when downstream developers integrate generative AI into their products or services by fine- tuning a pre-trained model, they often use their own in-house data, which may include personal information."(p. 97)

EntityWho or what caused the harm

Human

Due to a decision or action made by humans

AI system

Due to a decision or action made by an AI system

Other

Due to some other reason or is ambiguous

IntentWhether the harm was intentional or accidental

Intentional

Due to an expected outcome from pursuing a goal

Unintentional

Due to an unexpected outcome from pursuing a goal

Other

Without clearly specifying the intentionality

TimingWhether the risk is pre- or post-deployment

Pre-deployment

Occurring before the AI is deployed

Post-deployment

Occurring after the AI model has been trained and deployed

Other

Without a clearly specified time of occurrence

Part of Legal challenges

Other risks from G'sell (2024) (33)

Technical and operational risks

7.3 Lack of capability or robustness
AI systemUnintentionalOther

Technical and operational risks > Technical vulnerabilities (Robustness - unexpected behaviour)

7.3 Lack of capability or robustness
AI systemOtherPost-deployment

Technical and operational risks > Technical vulnerabilities (Robustness - vulnerability to jailbreaking

2.2 AI system security vulnerabilities and attacks
HumanIntentionalPost-deployment

Technical and operational risks > Technical vulnerabilities (The risk of misalignment)

7.1 AI pursuing its own goals in conflict with human goals or values
AI systemOtherPost-deployment

Technical and operational risks > Factually incorrect content (inaccuracies and fabricated sources)

3.1 False or misleading information
AI systemUnintentionalPost-deployment

Technical and operational risks > Opacity (the black box problem)

7.4 Lack of transparency or interpretability
OtherUnintentionalOther
View all 33 risks from this paper →