DARR
MR-011 Data, privacy & content liability Both scope

Unlawful or non-consensual collection and processing of personal data

Personal data is collected or processed (e.g. via scraping, secondary use, or without consent) in violation of privacy law and expectations, as distinct from that data later leaking in outputs (MR-009).

Risk family
Data, privacy & content liability
MIT domain
2. Privacy & Security
MIT subdomain
2.1 > Compromise of privacy by leaking or correctly inferring sensitive information
AI type
GPAI, Classical_ML
Scope
Both
Source standard
MIT AI Risk Repository v4

Provenance

Source standard
MIT AI Risk Repository v4
Source frameworks
10 source framework citation keys
Abercrombie2024, EPIC2023, Gabriel2024, IBM2025, Kumar2023, Li2025, Solaiman2023, TC2602024, Teixeira2022, Weidinger2023
ISO/IEC references
23894 obj A.8; src 6; mech B.5 | 42001 ctrl A.7.3, A.7.5
EU AI Act articles
Art. 10 | Art. 26(9)

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 238941
  • A.8 ISO/IEC 23894 Annex A A.8
ISO 420012
  • A.7.3 ISO/IEC 42001 Annex A A.7.3
  • A.7.5 ISO/IEC 42001 Annex A A.7.5
EU AI Act2
  • Art. 10
  • Art. 26(9)
Cross-checksframeworks mapped in to test coverage
IBM6
  • ibm-data-acquisition-restrictions Data acquisition restrictions partial
  • ibm-data-privacy-rights-alignment Data privacy rights alignment
  • ibm-data-transfer-restrictions Data transfer restrictions partial
  • ibm-data-usage-restrictions Data usage restrictions partial
  • ibm-personal-information-in-data Personal information in data
  • ibm-personal-information-in-prompt Personal information in prompt
NIST GenAI1
  • GENAI.4 Data Privacy

More in Data, privacy & content liability

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.