Showing posts with label data privacy. Show all posts
Showing posts with label data privacy. Show all posts

Monday, November 4, 2024

What AI knows about you; Axios, November 4, 2024

Ina Friend, Axios; What AI knows about you

"Most AI builders don't say where they are getting the data they use to train their bots and models — but legally they're required to say what they are doing with their customers' data.

The big picture: These data-use disclosures open a window onto the otherwise opaque world of Big Tech's AI brain-food fight.

  • In this new Axios series, we'll tell you, company by company, what all the key players are saying and doing with your personal information and content.

Why it matters: You might be just fine knowing that picture you just posted on Instagram is helping train the next generative AI art engine. But you might not — or you might just want to be choosier about what you share.

Zoom out: AI makers need an incomprehensibly gigantic amount of raw data to train their large language and image models. 

  • The industry's hunger has led to a data land grab: Companies are vying to teach their baby AIs using information sucked in from many different sources — sometimes with the owner's permission, often without it — before new laws and court rulings make that harder. 

Zoom in: Each Big Tech giant is building generative AI models, and many of them are using their customer data, in part, to train them.

  • In some cases it's opt-in, meaning your data won't be used unless you agree to it. In other cases it is opt-out, meaning your information will automatically get used unless you explicitly say no. 
  • These rules can vary by region, thanks to legal differences. For instance, Meta's Facebook and Instagram are "opt-out" — but you can only opt out if you live in Europe or Brazil.
  • In the U.S., California's data privacy law is among the laws responsible for requiring firms to say what they do with user data. In the EU, it's the GDPR."

Thursday, September 5, 2024

Intellectual property and data privacy: the hidden risks of AI; Nature, September 4, 2024

 Amanda Heidt , Nature; Intellectual property and data privacy: the hidden risks of AI

"Timothée Poisot, a computational ecologist at the University of Montreal in Canada, has made a successful career out of studying the world’s biodiversity. A guiding principle for his research is that it must be useful, Poisot says, as he hopes it will be later this year, when it joins other work being considered at the 16th Conference of the Parties (COP16) to the United Nations Convention on Biological Diversity in Cali, Colombia. “Every piece of science we produce that is looked at by policymakers and stakeholders is both exciting and a little terrifying, since there are real stakes to it,” he says.

But Poisot worries that artificial intelligence (AI) will interfere with the relationship between science and policy in the future. Chatbots such as Microsoft’s Bing, Google’s Gemini and ChatGPT, made by tech firm OpenAI in San Francisco, California, were trained using a corpus of data scraped from the Internet — which probably includes Poisot’s work. But because chatbots don’t often cite the original content in their outputs, authors are stripped of the ability to understand how their work is used and to check the credibility of the AI’s statements. It seems, Poisot says, that unvetted claims produced by chatbots are likely to make their way into consequential meetings such as COP16, where they risk drowning out solid science.

“There’s an expectation that the research and synthesis is being done transparently, but if we start outsourcing those processes to an AI, there’s no way to know who did what and where the information is coming from and who should be credited,” he says...

The technology underlying genAI, which was first developed at public institutions in the 1960s, has now been taken over by private companies, which usually have no incentive to prioritize transparency or open access. As a result, the inner mechanics of genAI chatbots are almost always a black box — a series of algorithms that aren’t fully understood, even by their creators — and attribution of sources is often scrubbed from the output. This makes it nearly impossible to know exactly what has gone into a model’s answer to a prompt. Organizations such as OpenAI have so far asked users to ensure that outputs used in other work do not violate laws, including intellectual-property and copyright regulations, or divulge sensitive information, such as a person’s location, gender, age, ethnicity or contact information. Studies have shown that genAI tools might do both1,2."

Thursday, October 26, 2023

How Americans View Data Privacy; Pew Research Center; Pew Research Center, October 18, 2023

COLLEEN MCCLAINMICHELLE FAVERIOMONICA ANDERSON AND EUGENIE PARK, Pew Research Center; How Americans View Data Privacy

"In an era where every click, tap or keystroke leaves a digital trail, Americans remain uneasy and uncertain about their personal data and feel they have little control over how it’s used.

This wariness is even ticking up in some areas like government data collection, according to a new Pew Research Center survey of U.S. adults conducted May 15-21, 2023.

Today, as in the past, most Americans are concerned about how companies and the government use their information. But there have been some changes in recent years:"

Wednesday, April 8, 2020

The Ethical Data Dilemma: Why Ethics Will Separate Data Privacy Leaders From Followers; Forbes, March 31, 2020

Stephen Ritter, Forbes; The Ethical Data Dilemma: Why Ethics Will Separate Data Privacy Leaders From Followers

"Companies themselves should proactively take a principled stand on how they will handle the personal data they collect. There’s a saying that if a product or service is free, then the users themselves are the product. It’s a disheartening view, but unfortunately one that’s been validated too many times in recent years.

Because the commoditization of consumer data isn’t likely to end anytime soon, it’s up to the businesses that gather and profit from this data to engage directly with their customers and establish data protections they will trust."

Tuesday, January 15, 2019

Top ethics and compliance failures of 2018; Compliance Week, December 17, 2018

Jaclyn Jaeger, Compliance Week; Top ethics and compliance failures of 2018 

 

"Shady data privacy practices, allegations of financial misconduct, and widespread money-laundering schemes make up Compliance Week’s list of the top five ethics and compliance failures of 2018. All impart some key compliance lessons."

Tuesday, November 6, 2018

Why 'Right To Delete' Should Be On Your IT Agenda Now; Forbes, October 22, 2018

Yaki Faitelson, Forbes; Why 'Right To Delete' Should Be On Your IT Agenda Now

"As California goes, at least concerning data laws, so goes the rest of the country. In 2002, California became the first state to require organizations to report breaches to regulators. Now, it’s the law in all 50 states."

Monday, November 5, 2018

Data Self-Autonomy and Student Data Analytics; Kip Currier, November 5, 2018

Kip Currier: Data Self-Autonomy and Student Data Analytics

When I first saw this PittWire article's headline (Pitt Sets Course for Student Success With Inaugural Advanced Analytics Summit) about Pitt's first-ever Advanced Analytics Summit, my initial thought was, "will the article address the potential downsides of student data analytics?"

Certainly, there are some benefits potentially offered by analysis of data generated about students. Chief among them, greater self-awareness by students themselves; assuming that students are given the opportunity to access data collected about themselves. (Let's remember, also--as surprising as it may seem to digital cognoscenti--that not everyone may want to know and see the kinds of educational data that is generated and collected about themselves in the digital age, just as biomedical providers, ethicists, and users have been debating the thorny issues implicated by the right to know and not know one's own medical information (see here and here, as some examples of varying perspectives about whether to know-or-not-know your own genetic information.) Some among those who do see their educational data analytics may still want to elect to opt out of future collection and use of their personal data.

(Aside: Consider that most U.S. consumers currently have no statutorily-mandated and enforceable rights to opt out of data collection on themselves, or to view and make informed decisions about the petabytes of information collected about them. Indeed, at a privacy conference in Brussels recently, Apple CEO Tim Cook excoriated tech companies for the ways that "personal information is being "weaponized against us with military efficiency.""

Contrast this with the European Union's game-changing 2018 General Data Protection Regulation. 

Perennial consumer protection leader California, with its legislature's passage of the most stringent consumer data privacy protection law in the nation and signing into law on September 23, 2018 by California Governor Jerry Brown, was recently sued by the U.S. Department of Justice for that law's adoption.

All the more reason that a recent Forbes article author exhorts "Why "Right To Delete" Should Be On Your IT Agenda Now".)

Having qualified persons to guide students in interpreting and deciding if and how to operationalize data about themselves is crucial. (Student Data Analytics Advisor, anyone?) In what ways can students, and those entrusted to advise them, use data about themselves to make the best possible decisions, during their time as students, as well as afterwards in their personal and professional lives. As Pitt Provost Ann Cudd is quoted in the article:
“Two of our main objectives are raising graduation rates and closing achievement gaps. Things to focus on are excellence in education, building a network and identifying and pursuing life goals and leading a life of impact.”

Kudos that Provost Cudd, as reported in the article, explicitly acknowledged "that as advanced analytics moves forward at the University, two topics of focus include identifying whether the use of data is universally good and what potential dangers exist, and how to keep the human components to avoid generalizing." The overarching, driving focus of student data analytics must always be on what is best for the individual, the student, the human being.

It was good to see that data privacy and cybersecurity issues were identified at the summit as significant concerns. These are HUGE issues with no magic bullets or easy answers. In an age in which even the Pentagon and White House are not innoculated from documented cyberintrusions, does anyone really feel 100% sure that student data won't be breached and misused?

Disappointingly, the article sheds little light on the various stakeholder interests who are eager to harvest and harness student data. As quoted at the end of the article, Stephen Wisniewski, Pitt's Vice Provost for Data and Information, states that "The primary reason is to better serve our students". Ask yourself, is "better serving students" Google's primary reason for student data analytics? Or a third party vendor? Or the many other parties who stand to benefit from student data analytics? Not just in higher education settings, but in K-12 settings as well. It's self-evident that the motivations for student "advanced analytics" are more complex and nuanced than primarily "better serving students".


As always, when looking at ethical issues and engaging with ethical decision-making, it's critically important to identify the stakeholder interests. To that end, when looking at the issue of student data analytics, we must identify who all of the actual and potential stakeholders are and then think about what their respective interests are, in order to more critically assess the issues and holistically apprise, understand, and make highly informed decisions about the potential risks and benefits. And, as I often remind myself, what people don't say is often just as important, if not sometimes more important and revealing, than what they do say.
Any mention of "informed consent", with regard to data collection and use, is noticeably absent from this article's reporting, though it hopefully was front and center at the summit.

Student data analytics offer some tantalizing possibilities for students to better know thyself. And for the educational institutions that serve them to better know--with the goal of better advising--their students, within legally bound and yet-to-be-bound limits, human individual-centered policies, and ethically-grounded guardrails that are built and reinforced with core values.

It's paramount, too, amidst our all-too-frequent pell-mell rush to embrace new technologies with sometimes utopian thinking and breathless actions, that we remember to take some stabilizing breaths and think deeply and broadly about the ramifications of data collection and use and the choices we can make about what should and should not be done with data--data about ourselves. Individual choice should be an essential part of student data analytics. Anything less places the interests of the data above the interests of the individual.

Pitt Sets Course for Student Success With Inaugural Advanced Analytics Summit; PittWire, November 2, 2018

PittWire; Pitt Sets Course for Student Success With Inaugural Advanced Analytics Summit


"Ann Cudd, provost and senior vice chancellor at Pitt, said that as advanced analytics moves forward at the University, two topics of focus include identifying whether the use of data is universally good and what potential dangers exist, and how to keep the human components to avoid generalizing...

While the vast amounts of information may be overwhelming, data privacy is seen as a key fundamental of building and maintaining trust between students and universities.

“It is vitally important that the storage of data be secure,” [Stephen] Wisniewski [vice provost for data and information at the University of Pittsburgh] said. “To that end, experts in the field collectively work to understand and address the ever-changing technology landscape to protect sensitive data.”

Wisniewski said that Pitt’s focus on advanced analytics has one driving principle.

“The primary reason is to better serve our students. That is our ultimate goal,” he said.  “That’s what we want out of this. We want them to have the best experience possible and we’re using analytics to help that process.”"

Thursday, November 1, 2018

A Rising Crescendo Demands Data Ethics and Data Responsibility; Forbes, October 29, 2018

Randy Bean, Forbes; A Rising Crescendo Demands Data Ethics and Data Responsibility

"It is against this backdrop that data ethics has rapidly moved to the forefront of any meaningful discussion about data. A spate of recent articles -- Never Heard of Data Ethics? You Will Soon, It’s Time to Talk About Data Ethics, Data Ethics: The New Competitive Advantage, Will Democracy Survive Big Data and Artificial Intelligence – underscore the increasing urgency and highlight the ethical considerations that organizations must address when managing data as an asset, and considering its impact on individual rights and privacy.

I recently convened two thought-leadership roundtables of Chief Data Officers and executives with responsibility for data initiatives within their organizations. The increased focus and concern for the ethical use of data is born out of widespread reaction to recent and highly publicized misuses of data that represent breaches of public trust -- whether this be unauthorized data sharing by social media platforms, reselling of customer information by businesses, or biased algorithms that reinforce social inequalities.

It is within this context that we are now witnessing increased corporate attention to data for good initiatives. Companies are increasingly recognizing and acknowledging that ethical action and doing well can be synonymous with doing good. A few corporations, notably Mastercard through their Center for Inclusive Growth, Bloomberg through Bloomberg Philanthropies and the Data for Good Exchange, and JP Morgan through the JP Morgan Institute have been among those corporations at the forefront of ethical data use for public good...

Increasingly, corporations are focusing on issues of data ethics, data privacy, and data philanthropy. An executive representing one of the nation’s largest insurance companies noted, “We are spending more hours on legal and ethical review of data than we are on data management”."

Monday, July 23, 2018

Embracing the privacy-first mindset in the post-GDPR world; AdNovum Singapore via Enterprise Innovation, July 23, 2018

Leonard Cheong, Managing Director, AdNovum Singapore via Enterprise Innovation; Embracing the privacy-first mindset in the post-GDPR world

"Privacy is a fundamental human right.

This is the proclamation that Apple made when updating their App Store policies to ensure that application developers can’t access consumer data without consent, in a bid to demonstrate their commitment to data privacy.

As the world becomes more digital, privacy has indeed become more sought after and consumers today are only willing to share data with companies they trust. On 25 May 2018 the European Union’s General Data Protection Regulation or EU-GDPR came into effect, sparking numerous conversations on privacy, ethics and compliance."

Tuesday, March 27, 2018

The Six Data Privacy Principles of the GDPR; Corporate Counsel, March 26, 2018

Amy Lewis, Corporate Counsel; The Six Data Privacy Principles of the GDPR

"Data privacy and personal data breaches have been in the news a lot recently. Over the past few years, companies have been collecting and processing ever-increasing amounts of data about their customers, employees, and users. As personal data becomes more valuable, governments around the world have begun the debate surrounding whether this data collection should be limited in favor of individuals’ fundamental right to privacy.

The Global Data Protection Regulation (GDPR) is the European Union’s answer to these debates. This new regulation strives to take the decisions regarding some uses of personal data out of the hands of companies and return control to the individuals that the data refer to—the data subjects. Any company that has a European presence or handles European residents’ personal data is subject to the GDPR. These companies will likely need to upgrade their data security and privacy procedures to meet the personal data handling requirements of the GDPR.

The GDPR’s data privacy goals can be summarized in six personal data processing principles: Lawfulness, Fairness and Transparency; Purpose Limitation; Data Minimization; Accuracy; Integrity and Confidentiality; and Storage Limitation."

Tuesday, August 1, 2017

Companies brace for European privacy rules; Axios, August 1, 2017

Sara Fischer, Kim Hart, Axios; Companies brace for European privacy rules

"U.S. companies are largely unprepared for what's about to hit them when sweeping new EU data laws take effect next year. The regulation — the General Data Protection Regulation (or GDPR) — is intended to give users more control of how their personal data is used and streamline data processes across the EU. Companies that fail to comply with the complex law will face steep fines of up to 4% of their global annual revenue.

Why it matters: Europe has by far taken the most aggressive regulatory stance on protecting consumer privacy and will in many ways be a litmus test for regulating the currency of the data economy. It impacts a huge number of businesses from advertisers to e-commerce platforms whose data flows through EU countries. That means everyone from Google to your neighbor who sells shoes on eBay could be affected."

Tuesday, July 4, 2017

GDPR Mastered: Preparing For History’s Biggest Data Privacy Revolution; Data economy, June 29, 2017

João Marques Lima, Data Economy; GDPR Mastered: Preparing For History’s Biggest Data Privacy Revolution

"Are GDPR sanctions enough to deter companies and make them change their behaviour?

SF: It has already got their attention. It certainly is the one area where C-level executives are starting to pay attention. Four percent of a global annual revenue is pretty substantial and will put some companies out of business.
It will still be those large multinational organisations that their entire business relies on data that will try to push back and in their head they might think: there is no way we will be fined this.
However, what is going to happen is that the data protection authority is going to look for that first case, and that first case that they find, that first company that they can actually hold it accountable and sanction will become the poster child to get companies to rethink their position. They cannot be arrogant any longer."