Privacy and safety
Privacy and safety deals with the challenge of protecting the human right for privacy and the necessary steps to secure individual data from unauthorized external access. Many organizations employ AI technology to gather data without any notice or consent from affected citizens (Coles, 2018).
ENTITY
1 - Human
INTENT
1 - Intentional
TIMING
3 - Other
Risk ID
mit324
Domain lineage
4. Malicious Actors & Misuse
4.1 > Disinformation, surveillance, and influence at scale
Mitigation strategy
1. Require the implementation of a rigorous process to obtain explicit, informed, and unambiguous consent from individuals for the collection, storage, and processing of their personal data by AI systems, ensuring full transparency regarding the AI's function and data usage. 2. Enforce data minimization, anonymization, and encryption techniques on all personal and sensitive data utilized by AI models to limit data exposure and ensure compliance with global data privacy regulations (e.g., GDPR, CCPA). 3. Establish and maintain strict Role-Based Access Controls (RBAC) for data stores and model endpoints, supplemented by continuous monitoring and regular security audits of AI inputs and outputs to proactively detect and mitigate unauthorized data access or leakage.
ADDITIONAL EVIDENCE
For instance, when searching for a fast way to get home from work, a navigation system has to access the current location of the user or the government uses AI services to monitor public spaces to prevent criminal activities (Power, 2016). Without informed consent from the affected individuals, these AI applications and services endanger their privacy