Privacy in AI
A storm is brewing.
In the early days of the web, people didn’t talk about privacy. As Google honed their search algorithms, it became clear that our data fed those algorithms. If you hadn’t noticed before, once tracking cookies and targeted advertising hit the market, and sharing of your data across platforms became the main source of personalization, you couldn’t help but notice that you were being targeted across everything. It was spooky.
Here is background data from Anthropic’s Claude on this history:
Early Web (1991-1996): Cookies were first introduced in 1994 but their use was not widely known to the public at the time, with the Financial Times only publishing an article about them in February 1996.
In 1997, the Electronic Privacy Information Center reviewed 100 of the most frequently visited Internet sites and found that only 17 had explicit privacy policies, with none meeting basic standards for privacy protection.
Google’s Algorithm Development (1996-2000s): Larry Page and Sergey Brin developed PageRank at Stanford University in 1996, with Google being founded in 1998.
Third-Party Cookies and Cross-Site Tracking (Late 1990s-2000s): Within a year of the cookie framework becoming accepted, advertising agencies like DoubleClick realized they could use cookies for cross-site user tracking, allowing them to track individual users as they moved around the Web.
Third-party cookies were introduced in the early 2000s, allowing advertisers to track users across different websites and show them targeted ads, which led to concerns about privacy.
The “Spooky” Personalization Era (Mid-2000s onward): The main shift came in the mid-2000s with behavioral targeting, where advertisers could target people who visited specific sites, with Google AdWords launching in 2000 and Facebook ads in 2007, and by 2010 programmatic advertising enabled real-time auctions for individual ad impressions based on personal data.
Lawmakers globally took notice and the EU passed laws on handling of data and consumer privacy. California and others followed. Then tracking cookies required an opt-out mechanism which is today implemented inconsistently. I prefer a brand and my loyalty increases if they make opting out easy and transparent. There have been many class action lawsuits related to these consumer privacy laws.
Here is background data from Anthropic’s Claude on these customer privacy laws:
EU Data Privacy Laws
The ePrivacy Directive, commonly called the Cookie Law, was passed in 2002 and was amended in 2009. The GDPR, which was devised and implemented by the European Union on 25 May 2018, is the world’s most comprehensive and detailed data protection law that has been issued so far. The ePrivacy Directive requires businesses to receive users’ consent before using any cookies except strictly necessary cookies, and make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.
California and Other US States
The California Consumer Privacy Act (CCPA) was passed by the California State Legislature and signed into law by Governor Jerry Brown on June 28, 2018, and came into effect on January 1, 2020. While the US does not have a federal cookie law, five states adopted their own by 2023: California, Virginia, Colorado, Utah, and Connecticut. Virginia’s Consumer Data Protection Act (VCDPA) took effect in January 2023, and Colorado’s Privacy Act (CPA) went into effect July 1, 2023.
Meanwhile, the damage that has resulted from bad actors exploiting the lack of privacy for people has been immense. Billions of dollars have be lost through fraud and theft. Access to data has allowed manipulation of consumers with consequences ranging from minor to life threatening. Meanwhile, consumers often have little option and are forced into using advertising based platforms for required or important tasks such as accessing communications services or government information. The option to pay for the services without forfeiting personal data has not been generally available or is hidden well as the advertising business is immensely profitable.
Now we have entered the AI or more precisely the GenAI era where Large Language Models (LLMs) form the basis of sophisticated intelligent and interactive systems. Search engines are being converted to AI first search or even AI only search. And LLMs are being evolved to replace search functions along with many other online services. Winner take all.
Browsers are now AI based or soon will be. All interfaces will ultimately be AI based. But there’s a problem for LLMs. In order for LLMs to be able to give you the best experience, they require context for your conversation. Context requires memory of past conversations. LLMs are now saving an increasing about of data in order to perform better. Although you can opt out of having your chat history saved, if you do so, you give up LLM performance. It’s a chicken and egg problem. Concerningly, the information being shared with LLMs is increasingly personal. LLMs are often designed to engage, to feel human and compassionate, which encourages a deeper of sharing. Trust is implied, but it’s not earned.
Next comes the advertising and commerce. Your data is used as context to provide personalized answers. Going forward this will become highly targeted as vendors pay for access to you. We’re repeating the exploitation patterns of the past, only this time with much deeper data and a more more sophisticated means to leverage it for profit due to the capabilities of AI. A storm is brewing.
As with most innovation that has come before it, AI brings many positive benefits. The technologies are not bad, but business models that are slanted towards profit only without regard to consumer safety or long term health will cause irreparable harm if the past is any indicator.
We need a more balanced world in which technology is seen as a basic need like food, clean water, clean air and housing. In this case, there would be standards and laws to protect basic accessibility and quality of life. Sure, you could have more disposable income and buy bigger and better, but there would be a minimum threshold of technology equity (and food, clean water, clean air and housing). This is a world with “balanced capitalism.” As AI workers replace human ones, a form of “balanced capitalism” or other shared income model, like basic income, will be required to keep our civilizations stable.
Data privacy, ownership and control is one means to enable balanced capitalism in this new AI driven world. It is not sufficient, but it is necessary. It also opens up a broad set of markets where consumers can innovate and profit from their own data. Capitalism, and all the positive that goes with it, can be a legitimate and healthy long term framework for a healthy world. Capitalism should be balanced and cannot be unbridled, or else you get immense income and technology inequity which is inherently unstable. Fortunately, it’s not too late, yet.