In recognition of Data Privacy Day, observed annually on 28 January, Carla Roncato, Vice President of Identity at WatchGuard Technologies, shared insightful commentary on the evolving intersection of artificial intelligence (AI), machine learning (ML), and data privacy.
This year, Data Privacy Day brings a critical focus to the advancements in AI and ML technologies. Roncato emphasised the dual nature of these developments, highlighting both their benefits and potential risks. “Considering the widespread proliferation of AI tools in just this past year, it’s critical that we in the information security community seize this opportunity to raise awareness and deepen understanding of the emerging risk of AI for our data,” Roncato stated, drawing attention to the urgent need for vigilance in the face of rapidly evolving AI capabilities.
In her commentary, Roncato pointed out the less obvious costs associated with 'free' services, a concern that extends to AI tools. “Remember, if a service you use is 'free,' it’s likely that you and your data are the product,” she cautioned. Drawing parallels between early AI services, such as ChatGPT, and social media giants like Facebook and TikTok, Roncato elaborated on the hidden trade-off users often make: their private data in exchange for service. This data, she noted, is often leveraged by companies for targeted advertising.
The risk associated with this data collection, however, extends beyond simple monetisation. “A free AI service can collect data from your devices and store your prompts, then use that data to train its own model,” Roncato explained, outlining the underlying danger. She further warned that in the event of a data breach, threat actors could gain access to personal data, potentially using it to the detriment of individuals.
Despite these concerns, Roncato acknowledged the undeniable upsides of AI. She stated, “In fact, many AI tools are quite powerful and can be used securely with proper precautions.” She stressed the importance of crafting an AI policy tailored to an organisation’s unique needs and regularly communicating and updating this policy to ensure compliance and understanding among the workforce.
Roncato’s commentary on Data Privacy Day serves as a timely reminder of the complexities and responsibilities that accompany the integration of AI into our daily lives. As AI becomes more ingrained in everyday interactions, understanding its implications for data rights is not just advisable but essential. As Roncato succinctly put it, “In security, everything starts with policy.” This statement underscores the need for a proactive approach in navigating the AI landscape, balancing its advantages against the inherent risks to data privacy.