Privacy is a key principle for developing ethical AI technologies, but how does including AI technologies in products and services change privacy risks? We constructed a taxonomy of AI privacy risks by analyzing 321 documented AI privacy incidents. We codified how the unique capabilities and requirements of AI technologies described in those incidents generated new privacy risks, exacerbated known ones, or otherwise did not meaningfully alter the risk. We present 12 high-level privacy risks that AI technologies either newly created (e.g., exposure risks from deepfake pornography) or exacerbated (e.g., surveillance risks from collecting training data). One upshot of our work is that incorporating AI technologies into a product can alter the privacy risks it entails. Yet, current approaches to privacy-preserving AI/ML (e.g., federated learning, differential privacy, checklists) only address a subset of the privacy risks arising from the capabilities and data requirements of AI.

翻译：隐私是发展合乎伦理的人工智能技术的核心原则，但将人工智能技术融入产品和服务会如何改变隐私风险？我们通过分析321起已记录的AI隐私事件，构建了一套AI隐私风险分类体系。我们梳理了这些事件中描述的AI技术独特能力与需求如何引发新型隐私风险、加剧已知风险或未显著改变风险形态。研究揭示了12项由AI技术新创（如深度伪造色情内容引发的曝光风险）或加剧（如训练数据收集带来的监控风险）的高级别隐私风险。关键启示在于：将AI技术纳入产品会改变其涉及的隐私风险格局。然而，当前主流的隐私保护型AI/ML方法（如联邦学习、差分隐私、检查清单）仅能应对AI能力与数据需求所引发隐私风险的一部分。