4 Big Risks Associated with Generative AI Privacy Professionals Should Know About

Artificial intelligence—or variants of it—have mesmerized people for millennia. From ancient myths of men made from clay and clockwork automata to killer computers and sentient computer networks, people have been obsessed with the idea of creating a being capable of original thought and consciousness. Since the arrival of Chat GPT in late 2022, however, AI has dominated the news—and not just the imagination—in an unprecedented way.

While most discussion in 2023 has been around generative AI, for most of its history, AI hasn’t had much to do with large language models. Since the coining of the term “artificial intelligence” in 1955 by computer scientist John McCarthy, AI has referred to “the simulation of human intelligence processes by machines, especially computer systems,” typically abilities like visual perception, speech recognition, decision-making, and translation between languages.

To understand AI today, it’s helpful to learn some key terms that demonstrate the evolution of AI over the last several decades. The first generation of AI used rule-based approaches to perform tasks. Programmers hard-coded rules that computers could execute faster and more efficiently than humans. Rules-based AIs can be extremely effective at games, speech recognition, and textual analysis. Deep Blue, the first chess AI to beat a reigning world chess champion, was a rule-based AI.

The second generation of AI programmers embraced machine learning, a type of AI that uses algorithms

to learn from labeled training examples or iterative cycles of prediction and analysis of outcomes. Machine learning has applications across many fields, ranging from spam filters and Netflix recommendations to predictive coding in the review phase of e-discovery. Modern machine learning algorithms are known as deep learning, meaning they take advantage immense computing power to assimilate vast amounts of data rapidly, to produce more “intelligent” and accurate outputs.

Generative AI, which is what most people think of when using the term artificial intelligence in 2023, is a subset of deep learning AI that can produce new content outputs based on their understanding of the patterns and structure of their input training data. Chat GPT, Google Bard, DALL-E, and MidJourney are all examples of generative AI that have gained significant media attention.

Organizations of all sorts are scrambling to integrate AI into their technology platforms and deliver the benefits of AI to their customers—but of course there are risks. Let's look at four that privacy professionals should be aware of. 

Privacy Risks Associated with AI

Goli Mahdavi, Counsel, Global Data Privacy and Security Practice Group at Bryan Cave Leighton Paisner LLP, explains, “Large language models (LLMs) are trained on vast amounts of data, so there are going to be inherent privacy and security risks anytime you process a large amount of data, which has largely been scraped from the internet in most cases. There are questions around reconciling the use of large language models and privacy compliance obligations under existing frameworks like the GDPR. For example, if a data subject submits a deletion request, what is required? Can you actually delete data from a model?”

Transparency Risks Associated with AI

One of the pillars of a good privacy policy is providing consumers transparency into how data is processed and used, so they can offer clear and specific consent. This becomes more complicated with generative AI, says Christie Hawkins, Partner in the Consumer Financial Services, Data and Technology Practice Group at Akerman LLP. “Do you know enough about the AI tool to explain it to someone in a disclosure? AI can be very complex. Does transparency mean that we have to describe everything the tool is doing behind the scenes? Organizations should at least be able to tell someone that the AI tool is being used or applied, how decision making takes place, and what the consequences might be for the consumer.”

Intellectual Property Risks Associated with AI

There are additional considerations that come into play around information that either has or could potentially be subject to intellectual property protections. If some of the data scraped from the internet is protected IP, companies using it to train their LLMs may face lawsuits for copyright infringement. Mahdavi points out, “There’s also a question whether artistic collaborations and other outputs that blend human and machine creativity will be eligible for IP protection.”

Bias Risks Associated with AI

Organizations that use AI for applications like employment decisions or making loan decisions must be very careful to avoid bias, another risk that has cropped up in the news. Hawkins explains, “Let's say a company wants to introduce DEI initiatives to help the company identify roles for which new job applicants may be well-suited. If part of the data that you use to train the AI is the data of successful past employees, then we really need to drill down here and look at the data. Is it over representing certain characteristics or groups of people? Bottom line, when AI models learn, they learn from the data. But they can teach themselves in ways that we don't intend.”

For tips to help you deal with these risks, check out our whitepaper, 4 Keys to Using AI Responsibly.