Privacy is a key principle for developing ethical AI technologies, but how does including AI technologies in products and services change privacy risks? We constructed a taxonomy of AI privacy risks by analyzing 321 documented AI privacy incidents. We codified how the unique capabilities and requirements of AI technologies described in those incidents generated new privacy risks, exacerbated known ones, or otherwise did not meaningfully alter the risk. We present 12 high-level privacy risks that AI technologies either newly created (e.g., exposure risks from deepfake pornography) or exacerbated (e.g., surveillance risks from collecting training data). One upshot of our work is that incorporating AI technologies into a product can alter the privacy risks it entails. Yet, current privacy-preserving AI/ML methods (e.g., federated learning, differential privacy) only address a subset of the privacy risks arising from the capabilities and data requirements of AI.

翻译：隐私是开发合乎伦理的人工智能技术的关键原则，但将人工智能技术融入产品和服务会如何改变隐私风险？我们通过分析321个已记录的人工智能隐私事件，构建了人工智能隐私风险分类体系。我们系统梳理了这些事件中描述的人工智能独特能力与需求如何产生新的隐私风险、加剧已知风险，或未显著改变风险格局。研究提出了12类高层级隐私风险，这些风险或由人工智能技术全新引发（例如深度伪造色情内容带来的暴露风险），或经由其加剧恶化（例如收集训练数据带来的监控风险）。研究的一个重要启示是：将人工智能技术整合至产品中会改变其固有的隐私风险。然而，当前的隐私保护型AI/ML方法（如联邦学习、差分隐私）仅能应对人工智能能力与数据需求所引发的部分隐私风险。