ai-privacy-governance-skills
By mukul975
Conduct GDPR and EU AI Act privacy compliance assessments for AI/ML systems: run DPIAs, audit models for leakage and bias, evaluate training data lawfulness, implement federated learning and output safeguards, handle data subject rights, and generate deployment checklists and high-risk documentation.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin ai-privacy-governance-skillsComponent Overview
Component Details
Skills (15)
Preparing EU AI Act compliance documentation for high-risk AI systems. Covers Annex III classification, technical documentation under Art. 11, conformity assessment, risk management systems, and CE marking requirements. Keywords: EU AI Act, high-risk AI, Annex III, conformity assessment, CE marking.
Implements GDPR Art. 22 automated decision-making and AI Act Art. 14 human oversight requirements for AI systems. Covers identification of solely automated decisions, meaningful human intervention design, logic explanation mechanisms, and contestation procedures. Keywords: Art. 22, automated decision, human oversight, AI Act, profiling, contestation.
Assesses AI bias risks for GDPR Art. 9 special category data and AI Act Art. 10 data governance. Covers fairness metrics, bias detection methods, mitigation strategies, and documentation requirements for protected characteristics. Keywords: AI bias, special category, fairness metrics, discrimination, Art. 9, Art. 10.
Manages AI model retention and machine unlearning requirements. Covers training data deletion verification, model versioning for compliance, machine unlearning techniques (SISA, gradient-based), and retraining triggers. Keywords: AI retention, machine unlearning, model versioning, training data deletion, retraining, storage limitation.
Implements data subject rights mechanisms for AI systems including right to explanation of AI decisions, contestation procedures, human review, model output correction, and training data access. Covers GDPR Arts. 15-22 and AI Act Art. 86. Keywords: data subject rights, AI explanation, contestation, human review, training data access, model correction.
Pre-deployment privacy compliance checklist for AI/ML systems covering DPIA completion, lawful basis verification, transparency notices, human oversight mechanisms, bias testing, and post-deployment monitoring setup. Keywords: AI deployment, privacy checklist, go-live, model deployment, compliance gate.
Conducts Data Protection Impact Assessments for AI and ML systems per EDPB Guidelines 04/2025 on AI processing. Covers training data lawfulness evaluation, model risk assessment, automated decision triggers, and AI-specific DPIA methodology. Keywords: AI DPIA, machine learning impact assessment, EDPB AI guidelines, model risk, training data.
Implements federated learning architecture patterns for GDPR compliance. Covers secure aggregation protocols, differential privacy integration, communication protocols, and privacy-by-design distributed ML training. Keywords: federated learning, distributed training, secure aggregation, differential privacy, privacy-preserving ML.
Conducts privacy auditing of AI models including training data extraction testing, membership inference attacks, model inversion testing, and attribute inference assessment. Uses ML Privacy Meter and related tools to quantify privacy leakage. Keywords: model audit, membership inference, privacy meter, model inversion, training data extraction.
Provides combined DPIA and AI Act conformity assessment template with integrated risk scoring matrix. Covers GDPR Art. 35 DPIA elements, AI Act high-risk system requirements, mitigation measures, and human oversight assessment. Keywords: DPIA template, conformity assessment, risk scoring, AI Act, combined assessment, high-risk AI.
Managing privacy risks from AI-driven inferences about individuals including derived data classification, profiling under GDPR Art. 22, inference accuracy obligations, and controlling automated personality/behaviour predictions. Keywords: AI inference, derived data, profiling, automated predictions, GDPR.
Assesses lawful basis for AI training data processing per EDPB April 2025 report on LLMs and general-purpose AI. Covers legitimate interest balancing tests, consent challenges for ML training, public dataset assessment, and web scraping lawfulness. Keywords: AI training data, lawful basis, EDPB LLM, legitimate interest, consent, web scraping.
Implements AI transparency requirements under EU AI Act Arts. 13-14 and GDPR Arts. 13-14. Covers user notification of AI interaction, system capability disclosure, limitation documentation, and meaningful information about automated logic. Keywords: AI transparency, EU AI Act, GDPR notification, explainability, automated decision.
Determines controller-processor relationships for AI services and conducts privacy due diligence. Covers SaaS AI (processor), embedded AI (joint controller), API-based AI (assessment framework), and vendor risk assessment. Keywords: AI vendor, controller-processor, due diligence, SaaS AI, joint controller, Art. 28.
Assessing privacy risks in large language model outputs including training data memorisation, PII leakage in generated text, prompt injection leading to data extraction, and hallucinated personal data. Covers output filtering, guardrails, and monitoring. Keywords: LLM privacy, output risk, memorisation, PII leakage, prompt injection, hallucinated PII.
