Guiding Principles for Responsible AI in Genealogy: Privacy

• 
  

 

https://craigen.org/ 

Privacy

AI usage can lead to unintended data exposure, putting private information at risk of being publicly disclosed. Therefore, members of the genealogical community take reasonable measures to safeguard private information when using AI. https://craigen.org/ 

The fundamental rule of privacy on the internet is simple: Don't put what you consider to be private on the internet. From the perspective of a long time trial lawyer, I find the laws and customs of privacy to be one of the messiest part of law in the United States and I am guessing the rest of the world also.

There are no uniform privacy laws in the United States; instead, there is a complex patchwork of sector-specific federal laws (like HIPAA for health data) and a growing number of individual state-level comprehensive privacy laws. This lack of a single, national standard creates inconsistent obligations for businesses and complicates compliance across different states. 

See “Data Protection Laws in the United States - Data Protection Laws of the World.” Accessed September 23, 2025. https://www.dlapiperdataprotection.com/index.html?t=law&c=US.

As the statement above indicates, despite the admonition about refraining for putting private information on the internet, we end up with medical, legal, and other information that should not be disclosed after its intended use. Because of its pervasive nature, AI can contain this information and disclose it without our permission. 

Here are some of the ways AI can obtain information both directly and indirectly. 

Direct Data Collection involves users knowingly providing their information. This includes:

• User Inputs: When you interact with a chatbot or AI assistant, the queries and personal details you enter are often collected and stored. For example, a generative AI tool may capture your profile information, location, device details, and network activity.
• Surveys and Feedback: Companies use surveys to gather specific, structured data on user preferences, opinions, and behaviors to help train their AI models.

See: Guide to Data Collection for Artificial Intelligence (AI) | Netnut. Uncategorized. May 9, 2023. https://netnut.io/data-collection-for-ai/.

Indirect Data Collection happens without the user's explicit awareness. This is often where privacy risks are most significant. It includes:

• Web Scraping: AI systems can automatically harvest vast amounts of information from public websites, including social media, forums, and news sites. While this data is publicly available, it can contain personal details that are scraped without user consent or knowledge.
• Internet of Things (IoT) Devices: Smart devices in homes and public spaces, like smart speakers, security cameras, and fitness trackers, continuously collect real-time data about your habits, location, and daily life. This stream of information is then used to train AI models.
• Biometric Data: AI can collect sensitive biometric information, such as facial patterns, fingerprints, and voice recordings, through technologies like facial recognition systems in public places or on personal devices. This data is unique to an individual and cannot be changed if compromised.

See: “Data Collection Strategies.” Accessed September 23, 2025. https://www.cloudfactory.com/blog/ai-data-collection.

See the following for further information:

“AI and Privacy: Safeguarding Data in the Age of Artificial Intelligence | DigitalOcean.” December 15, 2023. https://www.digitalocean.com/resources/articles/ai-and-privacy.

“AI Tools and Your Privacy: What You Need to Know | J.P. Morgan Private Bank U.S.” Accessed September 23, 2025. https://privatebank.jpmorgan.com/nam/en/insights/markets-and-investing/ideas-and-insights/ai-tools-and-your-privacy-what-you-need-to-know.

Coalfire. “The Dark Side of AI Data Privacy.” Accessed September 23, 2025. https://coalfire.com/the-coalfire-blog/the-dark-side-of-ai-data-privacy.

“Exploring Privacy Issues in the Age of AI | IBM.” September 30, 2024. https://www.ibm.com/think/insights/ai-privacy.

“How To Navigate Data Privacy Laws in an AI-Driven World.” Accessed September 23, 2025. https://www.axiomlaw.com/blog/artificial-intelligence-data-privacy-challenges.

“Privacy in an AI Era: How Do We Protect Our Personal Information? | Stanford HAI.” Accessed September 23, 2025. https://hai.stanford.edu/news/privacy-ai-era-how-do-we-protect-our-personal-information.

Transcend. “Examining Privacy Risks in AI Systems.” Accessed September 23, 2025. https://transcend.io/blog/ai-and-privacy.

AI was used in doing the research for this post.