Privacy Responsible Ai Skill

Privacy by Design Principles

Data Classification

PII Checklist

Personal Identifiable Information includes:

• Names
• Email addresses
• Phone numbers
• Physical addresses
• IP addresses
• Device IDs
• Location data
• Financial data
• Health data
• Biometric data

Responsible AI Principles

Microsoft's 6 Principles (2025 RAI Transparency Report)

Google's 3 Pillars (2024 AI Responsibility Report)

Key RAI Tools & Frameworks

Bias Detection

Ask:
1. What data was the model trained on?
2. Are there underrepresented groups?
3. What are the failure modes?
4. Who might be harmed by errors?
5. Have we tested with diverse inputs?
6. What demographic slices show performance gaps?
7. Are there proxy variables that encode bias?

Bias Categories

AI Transparency & Documentation

Model Card Template

## Model Card: [Model Name]

### Model Details
- **Developer**: [Organization]
- **Version**: [Version number]
- **Type**: [Classification/Generation/etc.]
- **License**: [License terms]

### Intended Use
- **Primary use cases**: [Description]
- **Out-of-scope uses**: [What NOT to use it for]
- **Users**: [Target users]

### Training Data
- **Sources**: [Data sources]
- **Size**: [Dataset size]
- **Known limitations**: [Data gaps]

### Performance
- **Metrics**: [Evaluation metrics]
- **Sliced analysis**: [Performance by demographic groups]
- **Failure modes**: [Known failure patterns]

### Ethical Considerations
- **Risks**: [Potential harms]
- **Mitigations**: [Steps taken]
- **Human oversight**: [Review processes]

AI Feature Transparency (User-Facing)

## How This AI Works

**What it does**: [Clear description]
**What it doesn't do**: [Limitations]
**Data used**: [What inputs, how stored]
**Human oversight**: [When humans review]
**How to appeal**: [Process for disputes]
**Confidence indicators**: [How certainty is communicated]

Human-AI Collaboration

Appropriate Reliance Framework

Design for Appropriate Reliance

1. Show confidence levels — Don't present all outputs as equally certain
2. Explain reasoning — Help users evaluate AI logic
3. Enable challenge — Make it easy to question or override
4. Provide alternatives — Show multiple options when available
5. Track calibration — Monitor if users trust appropriately

Code Patterns

Don't Log PII

// Bad
console.log(`User ${email} logged in`);

// Good
console.log(`User ${hashUserId(userId)} logged in`);

Consent Before Collection

// Get explicit consent
const consent = await showConsentDialog({
    purpose: 'Improve recommendations',
    data: ['usage patterns', 'preferences'],
    retention: '90 days',
    optOut: 'Settings > Privacy'
});

if (!consent.granted) {
    return fallbackBehavior();
}

Data Minimization

// Bad: Store everything
saveUser({ ...fullUserObject });

// Good: Store only what's needed
saveUser({
    id: user.id,
    preferences: user.preferences
    // Don't store: email, name, location
});

Right to Deletion

async function deleteUserData(userId: string) {
    await db.users.delete(userId);
    await db.userPreferences.delete(userId);
    await db.userHistory.delete(userId);
    await analytics.purge(userId);
    await logs.redact(userId);

    return { deleted: true, timestamp: new Date() };
}

Regulatory Quick Reference

EU AI Act Risk Tiers (Active 2025+)

For AI product builders: Check if your AI system classifies as "high risk" — if yes, you need a risk management system, data governance plan, human oversight mechanisms, and EU registration before market launch (deadline: Aug 2026).

AI Incident Response

When AI causes harm:

1. Stop — Disable the feature immediately
2. Assess — Who was affected, how severely
3. Notify — Inform affected users
4. Fix — Root cause + prevention
5. Document — Post-mortem for learning

Synapses

See synapses.json for connections.