Artificial Intelligence (AI) is making its presence felt across domains and generating demonstrable efficiencies. From financial services to communication to healthcare, it’s becoming a ubiquitous part of our lives. However, with the increasing utilization of AI, there are also concerns about data confidentiality.
Not just ordinary users but businesses also understand how AI can affect their data privacy. Most of the big tech companies have released statements regarding data privacy and confidentiality. In this article, we analyze the statements from leading tech companies to better understand their positions on data confidentiality in AI.
DSLMs from Evalueserve
At Evalueserve, our position has always been tech-agnostic. We use best-of-breed technology and integrate with the best LLM that suits the specific needs of your organization. Since generic LLMs are not specific enough for domain-centric requirements, most enterprises need something that’s fine-tuned to their sectoral needs.
That’s why LLM has fine-tuned generic LLMs to create DSLMs or Domain Specific Language Models. We host them in the Evalueserve or client environment. In certain instances, it may be better to create an enterprise language model that’s calibrated to the specific data within a company. Evalueserve can also help you build this.
Azure
You control your data: Azure assures its users that they are the owners of the data they provide. The company doesn’t share it with advertiser-supported services or use it for advertising or market research.
You choose where your data is stored: As a user, you decide where to store your data. You can choose from more than 60 regions linked by one of the largest interconnected networks on the planet, including more than 150 datacenters.
Azure secures your data at rest and in transit: With state-of-the-art encryption, Azure protects your data both at rest and in transit. Azure secures your data using various encryption methods, protocols, and algorithms, including double encryption.
Microsoft defends your data: Through well-established response policies and processes, strong contractual commitments, and if need be, the courts, Microsoft is committed to defending user data. The company believes that all government requests for your data should be directed to the user. It doesn’t give any government direct or unfettered access to customer data.
Sharing: Google doesn’t share personal information with companies, organizations, or individuals outside of Google except in the following cases: with the user’s consent, with domain admin, for external processing, and for legal reasons.
Keeping info secure: All Google products are built with strong security features that continuously protect user information. The company detects and automatically blocks security threats. Moreover, Google will also notify users and help them take steps to stay better protected.
The company uses encryption to keep user data private while in transit. Google offers a range of security features such as Safe Browsing, Security Checkup, and 2 Step Verification. The company reviews its information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to systems.
Google restricts access to personal information to Google employees, contractors, and agents who need that information. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Retaining your info: Google retains the data it collects for different periods depending on what it is, how it uses it, and how the user configures their settings.
Facebook/Meta
Information collected: Meta collects information on the user’s activity and the information they provide. The company also has access to information regarding the user’s friends, followers, and other connections. App, browser, and device information is also accessible to the firm along with data from partners, vendors, and other third parties.
How the info is used: The company uses the information it collects to provide personalized experiences to its users such as ads. The company uses information across its products and the user’s devices. This information is automatically processed by its systems. But in some cases, there’s also a manual review to access and review user information.
How long is info kept: Meta keeps information as long as it needs it to provide its products, comply with legal obligations, or protect the company’s or the user’s interests. The company decides how long it needs information on a case-by-case basis.
Why and how the info is processed: Meta claims that it needs to process information to personalize its products. The company’s systems automatically process the information it collects to understand the user’s interests and preferences to personalize features and content and make relevant suggestions to the user.
OpenAI
Model usage and training: The user’s API inputs and outputs do not become part of the training data unless they explicitly opt in.
Model outputs: The output generated by OpenAI’s models is a prediction built from the understanding it has gained from its training. These outputs are not directly lifted from the training data.
Compliance: The company maintains a security program to implement and maintain enterprise-grade security on its products and services.
Abuse monitoring: The company prohibits the use of its services and tools for any illegal activity. A limited group of employees along with specialized third-party contractors can access data for abuse and misuse monitoring purposes.
Stability AI
What personal info is processed: When you visit, use, or navigate Stability AI’s services, the company may process personal information depending on how you interact with Stability AI, your choices, and the products and features you use.
How the info is processed: Stability AI processes user information to provide, improve, and administer its services, communicate with the user for security and fraud prevention, and comply with the law. The company may also process information for other purposes with the consent of the user. It will process user information only when it has a valid legal reason.
How is the info kept safe: The company has organizational and technical processes and procedures to protect personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so it cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat its security and improperly collect, access, steal, or modify user information.
Anthropic
Aggregator or de-identified information: Anthropic may process a user’s personal data in an aggregated or de-identified form to analyze the effectiveness of its services, conduct research, analyze the behavior of users, and train its models and interfaces. Usually, the company only does this with the authorization of the user.
Data transfers: When a user accesses the platform’s website or services, their personal data may be transferred to the company’s servers in the US, or other countries outside the EEA and the UK. This may be a direct provision of the user’s personal data to the firm or a transfer that the company or a third party makes.
Conclusion
Considering the ability of generative AI to process personal data at an exponential scale, there are credible privacy concerns. While these tech giants have clarified their positions, it remains to be seen how they will uphold data confidentiality in AI and whether there will be iterations to these policies due to revenue, market, or competitive pressures.
At Evalueserve, we are committed to protecting the data of our clients. All user information is always kept confidential and won’t be shared with third-party service providers or for marketing and advertising purposes.
