"We are not Future-ready": Understanding AI Privacy Risks and Existing Mitigation Strategies from the Perspective of AI Developers in Europe
Alexandra Klymenko, Stephen Meisenbacher, Patrick Gage Kelley, Sai Teja Peddinti, Kurt Thomas, Florian Matthes
TL;DR
This study investigates privacy risks in General-Purpose AI Systems from the perspective of 25 European AI developers. By combining a literature-derived taxonomy with semi-structured interviews, the authors assess perceived risks, mitigation readiness, and future drivers. They find substantial heterogeneity in risk prioritization, with data management, memorization/leakage, and misuse repeatedly salient, yet adoption of advanced privacy technologies remains limited. The work argues for clearer practical guidance, improved accessibility of privacy-enhancing technologies for developers, and a multi-stakeholder ecosystem involving developers, end users, researchers, and regulators to advance privacy-preserving GPAI.
Abstract
The proliferation of AI has sparked privacy concerns related to training data, model interfaces, downstream applications, and more. We interviewed 25 AI developers based in Europe to understand which privacy threats they believe pose the greatest risk to users, developers, and businesses and what protective strategies, if any, would help to mitigate them. We find that there is little consensus among AI developers on the relative ranking of privacy risks. These differences stem from salient reasoning patterns that often relate to human rather than purely technical factors. Furthermore, while AI developers are aware of proposed mitigation strategies for addressing these risks, they reported minimal real-world adoption. Our findings highlight both gaps and opportunities for empowering AI developers to better address privacy risks in AI.