Upcoming privacy policy changes on social media platforms and other digital services, which allow user interactions with AI tools to be used for personalising ads and curating content, create a significant new cybersecurity risk by centralising a highly sensitive class of personal data.
The latest such policy announcements this week mean that conversations users have with popular AIs integrated into their daily apps including questions, personal thoughts, and sensitive queries will be logged and analysed to inform the ads and content they see.
While these policies, in general, state they will exclude specific sensitive topics from ad targeting, the data must still be collected and processed to be categorised. Additionally, the 'right to object' mentioned in many of the notifications recently sent out is not a simple opt-out for all users. In regions with strict data privacy laws, such as the EU and UK, these policies will not be allowed to be implemented. But users in other regions may have limited recourse beyond simply not using the AI features in question.