This thesis presents a comprehensive analysis of privacy risks associated with General Purpose AI (GPAI) Systems. It systematically catalogs privacy risks, explores system-wide factors, and addresses practical solutions, mitigation strategies, and countermeasures. Through thematic analysis, the study identifies eight primary categories of privacy risks in GPAI systems: Data Management; Transparency and Control; Identification and Anonymization; Model Development and Deployment; Compliance and Regulatory; Security and Misuse; Application of System; and Bias Risks. The analysis catalogs 44 risks, with 36 identified as unique, highlighting the diverse and evolving nature of privacy challenges in GPAI. Additionally, the thesis explores key system-wide factors impacting privacy risks in GPAI systems. These include the alignment of AI systems with ethical standards and societal norms; the role of secure interfaces in safeguarding privacy; the necessity of balancing the extension of AI functionalities; and the complexities of system integrations. The study underscores the importance of dynamic and ethical alignment, secure and transparent interfaces, careful functional extensions, and mindful integrations in addressing the privacy risk landscape. The final aspect of the thesis delves into practical solutions, such as Privacy Enhancing Technologies (PETs), mitigation strategies like human-in-the-loop systems and explainable AI, and countermeasures including privacy by design and Privacy Impact Assessments (PIAs). These approaches form a multi-layered framework that addresses the myriad privacy risks in GPAI systems, advocating a proactive stance in harmonizing AI advancements with ethical and privacy considerations. In conclusion, this work offers a valuable resource for developers, policymakers, and researchers. It strives to harmonize technological innovation in GPAI with a strong commitment to privacy. The thesis aims to raise awareness, spur informed dialogue, and inspire future research on privacy risks in GPAI systems, thereby making a significant contribution to the field.
Research Questions:
What privacy risks are associated with general-purpose AI systems? How can these risks be systematically identified, classified, evaluated, and mitigated?
How do system-wide factors such as alignment, interfaces, extensions, and integrations contribute to the privacy risks in general-purpose AI systems?
What are the existing practical solutions, mitigation strategies, and countermeasures for addressing the identified privacy risks associated with general-purpose AI systems?
| Name | Type | Size | Last Modification | Last Editor |
|---|