AI Privacy Scrutiny Intensifies

The global pushback against AI-generated content is intensifying, with 61 data protection authorities from four continents issuing a joint statement. This declaration, coordinated by the Global Privacy Assembly, explicitly classifies the creation of non-consensual intimate imagery as a privacy violation, putting AI image-generation companies on notice. The regulators are particularly concerned about harms to children and other vulnerable groups, such as cyber-bullying and exploitation. In the Netherlands, two victim support groups, Offlimits and Fonds Slachtofferhulp, are taking legal action against X and its AI tool, Grok. The lawsuit, set to be heard in Amsterdam on March 12, alleges the tool facilitates the creation and distribution of images depicting sexual abuse of minors. The groups are seeking a daily penalty of €100,000 until the nudity-generation function is removed. This legal challenge in the Netherlands is part of a broader European scrutiny. The European Commission has opened a formal investigation into X under the Digital Services Act (DSA) to assess risks associated with Grok, particularly the spread of illegal content. Under the DSA, X is designated as a "major online platform" with heightened responsibilities to protect minors and combat illegal material. The controversy around Meta's smart glasses centers on their potential for discreet recording in sensitive environments. While Meta states an LED light indicates when the camera is active, privacy advocates have raised concerns about its small size. Incidents of the glasses being worn in settings like beauty salons and on university campuses have sparked debate over consent and the adequacy of current privacy laws for wearable recording devices. These regulatory actions are unfolding as the EU prepares for the full enforcement of the AI Act in 2026. This legislation takes a risk-based approach, banning systems that pose an unacceptable threat and imposing strict obligations on high-risk applications, such as those in critical infrastructure or education. The Act will work in concert with GDPR, requiring transparency and giving users rights regarding automated decision-making. In the public sector, European governments are cautiously exploring AI to improve services, with about 27% of local governments having implemented AI solutions. Case studies include a multilingual virtual assistant in Kortrijk, Belgium, and a mobility assistance project for citizens with disabilities in Nicosia, Cyprus, which prioritized co-design with disability organizations and data protection experts to build trust. However, the adoption of AI in the public sector lags behind the private sector, with a notable gap in AI governance policies. A global survey found that only 52% of public-sector organizations had a generative AI policy, compared to 65% in the private sector. Challenges for public services include data infrastructure gaps, skills shortages, and ensuring fairness and transparency in AI implementation. The joint statement from global regulators emphasizes that organizations must provide clear and accessible ways for individuals to request the removal of harmful material and respond quickly. It also calls for enhanced protections for children, including age-appropriate information and integrating safeguards into the design phase of AI systems.