Privacy Risks in Generative AI Deployments (2025 Update)

As generative AI tools are rapidly adopted across industries, attorneys advising on data privacy, compliance, and technology must navigate increasingly complex and high-stakes risk landscapes. This 2025 update examines the evolving privacy and regulatory concerns presented by generative AI - from data collection and training risks to output-related liability, surveillance capabilities, and automated decision-making.

Led by attorney and AI legal scholar Eran Kahana, this program explores legal frameworks including the GDPR, Colorado AI Act, and the NIST Privacy Framework, as well as emerging issues around consent, inference-based profiling, algorithmic accountability, and re-identification. Attendees will gain a deeper understanding of how privacy-enhancing technologies (PETs), risk-based regulation, and AI governance strategies intersect - and how legal professionals can advise clients, mitigate risk, and shape trustworthy deployments of generative AI.

Learning Objectives:

1. Identify the unique privacy risks posed by generative AI at both the data input and output stages
   

2. Analyze legal and compliance challenges under U.S. and international frameworks, including GDPR, CPRA, and the Colorado AI Act
   

3. Evaluate risk mitigation strategies through privacy-enhancing technologies (e.g., federated learning, differential privacy, synthetic data)
   

4. Apply the NIST Privacy Framework and AI Data Stewardship tools to support client compliance and governance
   

5. Advise clients on transparency, accountability, and contractual safeguards in AI deployments, particularly in vendor and third-party contexts

You can contact Eran Kahan at eran.kahana@maslon.com or via LinkedIn at linkedin.com/in/erankahana.