AI & Law

🌐📖Stanford HAI: Foundation Models Pose “Unprecedented” Privacy Risks The Stanford Institute for Human-Centered Artificial Intelligence (HAI) published a paper assessing privacy risks associated with foundation models and potential governance responses. The study finds these systems create “unprecedented and largely unaddressed” risks across the entire lifecycle: large-scale scraping of personal data during training, memorization and reproduction of sensitive information in outputs, and disclosure of intimate data through user interactions with chatbots. The paper also highlights technical vulnerabilities, including prompt injection, data poisoning, and model inversion, which can bypass safeguards and expose personal data. It concludes that existing frameworks such as the GDPR are structurally misaligned with how foundation models are developed, while neither the EU nor the U.S. has adopted comprehensive rules to address these risks. In the absence of clear regulation, privacy protection largely depends on voluntary actions by developers, prompting calls for stricter governance, including data minimization, transparency, privacy-by-design, and limits on harmful outputs. #AIregulation#Privacy#FoundationModels#GDPR#AIGovernance

🇭🇰Hong Kong Regulator Flags Privacy Risks in Agentic AI Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) issued an alert highlighting privacy concerns related to agentic AI tools. The regulator pointed to risks arising from these systems’ ability to access files and process personal data as part of their autonomous operations. The PCPD advises users to continuously assess risks and closely monitor any requests by agentic AI to perform high-risk actions. Where decisions may significantly affect individuals, the authority recommends adopting a human-in-the-loop approach to retain final control over decision-making. #AIRegulation#Privacy#DataProtection#AIethics#HongKong

🌐Global Privacy Regulators Unite Against Nonconsensual AI Deepfakes Sixty-one data protection authorities worldwide have issued a joint statement raising concerns over the rapid spread of nonconsensual AI-generated explicit deepfakes. The coordinated action signals that privacy regulators are treating this phenomenon not as an edge case of content moderation, but as a cross-border data protection and fundamental rights issue requiring aligned oversight. The authorities committed to closer cooperation and stronger enforcement, calling on platforms to engage proactively with regulators and to implement safeguards from the outset. Their expectation is explicit: technological advancement must not come at the expense of privacy, dignity, safety, or other fundamental rights. #AIRegulation#Deepfakes#DataProtection#Privacy#AIGovernance

🇪🇺European Parliament Switches Off AI on Official Devices The European Parliament has disabled AI features on work devices used by lawmakers and their staff following cybersecurity and privacy concerns, according to an internal email reviewed by Politico. After an internal review, the Parliament’s IT department concluded it could not guarantee device security if AI functionalities remained active. This decision signals a governance posture where institutional risk tolerance is being recalibrated faster than AI deployment norms. By prioritizing control over convenience, the Parliament is effectively treating embedded AI not as a neutral productivity layer but as a potential attack surface with systemic implications for confidentiality and data protection. #AIRegulation#Cybersecurity#Privacy#PublicSectorAI#AIGovernance

📖Scraping vs. Privacy Daniel Solove and Woodrow Hartzog published the final version of their paper “The Great Scrape: The Clash Between Scraping and Privacy,” which offers important insights on the intersection of privacy and AI. The paper explores the fundamental tension between scraping and privacy law. With the zealous pursuit and astronomical growth of AI, we are in the midst of what we call the “great scrape.” There must now be a great reconciliation". #AI#Privacy

🇳🇱Dutch DPA Warns LinkedIn Users on AI Training Risks The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has issued a public warning urging LinkedIn users to opt out of data sharing before 3 November if they do not want their information used to train AI models. AP Vice-Chair Monique Verdier emphasized the permanence of such data use, noting: “once your data is shared with the AI model, you lose control: it’s impossible to remove it, and the consequences are difficult to predict.” This intervention reflects growing regulatory concern over how personal data is harvested and repurposed in AI development. By drawing attention to the risks of irrevocable data use, the AP is signaling the need for stronger safeguards to protect individual rights in the context of generative AI. #AIУthics#Privacy#DataProtection

🌐AI Assistants and the Privacy Mandate Var Shankar, founder of the Council on AI Governance, highlights a growing challenge in a new analysis for the OECD: AI assistants accumulate personal data that forms detailed user profiles, raising complex questions of privacy and control. This isn’t about whether the data exists — it already does — but about how it is handled, secured, and regulated. Shankar argues that responsibility should not rest on users deciphering long terms of service. Instead, the onus must shift to policymakers to establish clear, enforceable standards governing the use of such data. #AIgovernance#Privacy#DataProtection #

🌐Researchers claim AI models show signs of tracking data to target users A joint study by researchers in Italy and the U.K. has revealed that 10 widely used AI models collect and transmit user data in ways that may violate data protection law. According to Euronews, the investigation traced how information flowed between the models, servers, and online trackers, uncovering practices that go beyond simple personalization. The findings are significant: AI browsing assistants were shown to capture highly sensitive information, including banking details, tax numbers, academic records, and even medical data. This raises pressing legal and ethical questions about whether AI systems that promise convenience are instead creating systemic risks to privacy and compliance. #AIethics#DataProtection#AIregulation#Privacy

🇨🇳DeepSeek: Privacy, Ethics, and IP Concerns DeepSeek’s rise in few days has been met with serious concerns over privacy, intellectual property, and national security: 1️⃣OpenAI has accused DeepSeek of distilling knowledge from its models, potentially violating its terms of use and infringing on intellectual property. If true, this raises major legal and ethical questions about AI model development and competition. 2️⃣ Regulators are also taking action. The Italian Data Protection Authority (DPA) is investigating DeepSeek for possible risks to user data, and eventually has blocked it. 3️⃣ The U.S. Navy has issued a "strict warning" to its members to avoid DeepSeek due to “potential security and ethical concerns.” With privacy policies stating that user keystroke data may be stored on servers in China, DeepSeek is already facing scrutiny that could impact its global reach. #AI#Privacy#DataProtection#IntellectualProperty#AIRegulation

Clearview AI Faces Largest GDPR Fine in Europe as Dutch Regulator Cracks Down Clearview AI, a U.S.-based facial recognition company, has been hit with a €30.5 million fine by the Netherlands' data protection authority, Autoriteit Persoonsgegevens (AP), for violating the EU’s GDPR. The penalty, the largest yet for Clearview AI in Europe, was imposed after it was confirmed that the company’s database contained images of Dutch citizens, collected without their consent. The AP warned that additional penalties of up to €5.1 million could follow if the company continues its non-compliance. This decision underscores the extraterritorial reach of GDPR, reinforcing that the regulation applies to the personal data of EU residents, regardless of where the processing occurs. Despite Clearview's claims that it operates outside EU jurisdiction, the Dutch regulator has made it clear that violations of EU privacy laws will not be tolerated, signaling a strong stance against illegal data practices. #GDPR#ClearviewAI#Privacy

Privacy at Stake: LegalShield Faces Lawsuit Over AI-Driven Call Interceptions LegalShield, a prominent online legal services provider, is under fire as a class action lawsuit accuses the company of secretly intercepting and analyzing confidential client communications. The lawsuit claims that LegalShield failed to inform customers that their interactions would be routed through Talkdesk, a call center technology provider, which uses AI to listen, record, and analyze every word in real-time. Talkdesk allegedly utilizes this intercepted data not just for enhancing customer service but also for its own purposes, including developing AI models. The lawsuit highlights the sensitive nature of the information at risk, such as credit card details and Social Security numbers, and suggests that clients would have refrained from engaging with LegalShield had they known about these practices. This case underscores the growing concerns over privacy and the ethical use of AI in customer interactions, particularly in industries where confidentiality is paramount. #AI#Privacy#DataSecurity#LegalTech

Clearview AI Agrees to Conditional Settlement in Privacy Lawsuit Clearview AI has reached a unique settlement agreement in a privacy lawsuit involving its data-scraping facial recognition technology. Unable to afford immediate compensation, Clearview AI will establish a fund representing 23% of the company's value as of last September. This fund will only be activated if the company undergoes an IPO or a significant event like a merger or asset sale. Based on Clearview's current valuation, this fund could be worth up to $51.7 million. The settlement, awaiting final court approval, also includes appointing a special master to demand cash from Clearview or sell settlement rights to third parties, with proceeds going to class members. Clearview AI has faced multiple lawsuits accusing it of privacy violations, leading to this creative resolution. The company, burdened by mounting legal costs, agreed to this settlement to avoid bankruptcy and provide potential relief to affected individuals. #Privacy#AI#ClearviewAI#FacialRecognition#LegalTech