{"$schema":"https://policywindow.org/critique/api/schema","generated_by":"agi-social-scientist","url":"https://policywindow.org/critique/r/data-privacy","attestation":{"ok":true,"checks":[{"id":"coverage","label":"Coverage matrix re-derived from codings matches the published aggregate","pass":true,"detail":"12 codings → 5×6 matrix"},{"id":"gaps","label":"Re-derived empty cells are exactly the published gaps (identity, not just count)","pass":true,"detail":"24 re-derived; same cells; 24 published"},{"id":"included","label":"Unique included papers match the published inclusion count","pass":true,"detail":"12 re-derived vs 12 published"},{"id":"excluded","label":"Excluded records match the published exclusion count","pass":true,"detail":"20 re-derived vs 20 published"},{"id":"spans","label":"Every inclusion carries a verbatim rationale span (AGISS P1: ≥20 chars)","pass":true,"detail":"shortest span 45 chars (min 20)"}],"derived":{"coverage":{"data_protection_law":{"conceptual_normative":0,"legal_doctrinal":3,"empirical_qualitative":0,"empirical_quantitative":0,"technical_review_survey":0,"review_synthesis":0},"privacy_preserving_techniques":{"conceptual_normative":0,"legal_doctrinal":0,"empirical_qualitative":0,"empirical_quantitative":0,"technical_review_survey":2,"review_synthesis":0},"health_data_privacy_governance":{"conceptual_normative":3,"legal_doctrinal":0,"empirical_qualitative":0,"empirical_quantitative":0,"technical_review_survey":0,"review_synthesis":2},"privacy_risk_and_threat_analysis":{"conceptual_normative":0,"legal_doctrinal":0,"empirical_qualitative":0,"empirical_quantitative":0,"technical_review_survey":1,"review_synthesis":0},"privacy_concepts_and_attitudes":{"conceptual_normative":0,"legal_doctrinal":0,"empirical_qualitative":0,"empirical_quantitative":0,"technical_review_survey":0,"review_synthesis":1}},"totalCodings":12,"uniqueIncluded":12,"emptyCells":24,"excluded":20,"minSpanLength":45},"reportHash":"06a049597a47a3cb","corpusHash":"8e03bc128d945f19"},"id":"data-privacy","reviewId":"CR-REV-003","agissStem":"data-privacy","question":"What does the scholarly literature report on data privacy in AI governance?","title":"Evidence gap map: data privacy in the AI-governance literature","reviewKind":"evidence_gap_map","method":"scoping_review_v1","headline":"Across a 5x6 framework matrix, 24 of 30 cells have no papers in this corpus of 12 included records; the populated cells concentrate in aspect 'health_data_privacy_governance' (5 papers) and evidence type 'conceptual_normative' (3 papers).","verdict":"evidence_gap_map conducted over 32 records (12 included, 20 excluded with reasons): a coverage map with 24 named empty cells. Counts only — no importance adjudication (Sacred Rule 9); the report re-derives offline from corpus + codings.","coderModelId":"in-session:claude-agent","codingFrame":{"aspects":["data_protection_law","privacy_preserving_techniques","health_data_privacy_governance","privacy_risk_and_threat_analysis","privacy_concepts_and_attitudes"],"evidenceTypes":["conceptual_normative","legal_doctrinal","empirical_qualitative","empirical_quantitative","technical_review_survey","review_synthesis"]},"coverage":{"data_protection_law":{"conceptual_normative":0,"empirical_qualitative":0,"empirical_quantitative":0,"legal_doctrinal":3,"review_synthesis":0,"technical_review_survey":0},"health_data_privacy_governance":{"conceptual_normative":3,"empirical_qualitative":0,"empirical_quantitative":0,"legal_doctrinal":0,"review_synthesis":2,"technical_review_survey":0},"privacy_concepts_and_attitudes":{"conceptual_normative":0,"empirical_qualitative":0,"empirical_quantitative":0,"legal_doctrinal":0,"review_synthesis":1,"technical_review_survey":0},"privacy_preserving_techniques":{"conceptual_normative":0,"empirical_qualitative":0,"empirical_quantitative":0,"legal_doctrinal":0,"review_synthesis":0,"technical_review_survey":2},"privacy_risk_and_threat_analysis":{"conceptual_normative":0,"empirical_qualitative":0,"empirical_quantitative":0,"legal_doctrinal":0,"review_synthesis":0,"technical_review_survey":1}},"gaps":["data_protection_law x conceptual_normative: 0 papers","data_protection_law x empirical_qualitative: 0 papers","data_protection_law x empirical_quantitative: 0 papers","data_protection_law x technical_review_survey: 0 papers","data_protection_law x review_synthesis: 0 papers","privacy_preserving_techniques x conceptual_normative: 0 papers","privacy_preserving_techniques x legal_doctrinal: 0 papers","privacy_preserving_techniques x empirical_qualitative: 0 papers","privacy_preserving_techniques x empirical_quantitative: 0 papers","privacy_preserving_techniques x review_synthesis: 0 papers","health_data_privacy_governance x legal_doctrinal: 0 papers","health_data_privacy_governance x empirical_qualitative: 0 papers","health_data_privacy_governance x empirical_quantitative: 0 papers","health_data_privacy_governance x technical_review_survey: 0 papers","privacy_risk_and_threat_analysis x conceptual_normative: 0 papers","privacy_risk_and_threat_analysis x legal_doctrinal: 0 papers","privacy_risk_and_threat_analysis x empirical_qualitative: 0 papers","privacy_risk_and_threat_analysis x empirical_quantitative: 0 papers","privacy_risk_and_threat_analysis x review_synthesis: 0 papers","privacy_concepts_and_attitudes x conceptual_normative: 0 papers","privacy_concepts_and_attitudes x legal_doctrinal: 0 papers","privacy_concepts_and_attitudes x empirical_qualitative: 0 papers","privacy_concepts_and_attitudes x empirical_quantitative: 0 papers","privacy_concepts_and_attitudes x technical_review_survey: 0 papers"],"disclosedFragilities":["scoping retrieval with fixed queries, not a systematic search (coverage is query-bounded)","coding from abstracts only — full texts were not consulted; cells count papers, not extracted effect estimates","single-annotator coding (in-session:claude-agent); no second coder, no kappa","corpus bounded to 32 retrieved records; counts are corpus-relative, not field-level claims"],"nCorpus":32,"nIncluded":12,"nExcluded":20,"reportHash":"06a049597a47a3cb","corpusHash":"8e03bc128d945f19","selection":{"method":"review_selector_v1","selectedKind":"evidence_gap_map","features":{"corpus_kind":"mixed","full_texts_available":false,"has_quantitative_effects":false,"n_studies":32,"n_with_abstracts":28,"outcomes_comparable":false},"selectionHash":"bfa5b382fa7c25a2","verdict":"Review-kind selection for 'What does the scholarly literature report on data privacy in AI governance?': SELECTED evidence_gap_map; 0 kind(s) rejected with their failed requirements recorded. A methodological screen (Sacred Rule 9): the selection is disclosed on the article and the selected kind's own discipline still applies at conduct time."},"includedCodings":[{"openalexId":"W1870146437","title":"Privacy in the Digital Age: a Review of Information Privacy Research in Information Systems1","venue":"MIS Quarterly","year":2011,"doi":"10.2307/41409971","aspect":"privacy_concepts_and_attitudes","evidenceType":"review_synthesis","rationaleSpan":"Information privacy refers to the desire of individuals to control or have some influence over data about themselves"},{"openalexId":"W2811973125","title":"Algorithms that remember: model inversion attacks and data protection law","venue":"Philosophical Transactions of the Royal Society A Mathematical Physical and Engineering Sciences","year":2018,"doi":"10.1098/rsta.2018.0083","aspect":"data_protection_law","evidenceType":"legal_doctrinal","rationaleSpan":"The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area"},{"openalexId":"W2899579542","title":"A Right to Reasonable Inferences: Re-Thinking Data Protection Law in the Age of Big Data and AI","venue":"","year":2018,"doi":"10.31228/osf.io/mu2kf","aspect":"data_protection_law","evidenceType":"legal_doctrinal","rationaleSpan":"Big Data analytics and artificial intelligence (AI) draw non-intuitive and unverifiable inferences and predictions about the behaviors, preferences, and private lives of individuals"},{"openalexId":"W2899768131","title":"Machine learning in medicine: Addressing ethical challenges","venue":"PLoS Medicine","year":2018,"doi":"10.1371/journal.pmed.1002689","aspect":"health_data_privacy_governance","evidenceType":"conceptual_normative","rationaleSpan":"63% of the adult population is uncomfortable with allowing personal data to be used to improve healthcare"},{"openalexId":"W2989512989","title":"A governance model for the application of AI in health care","venue":"Journal of the American Medical Informatics Association","year":2019,"doi":"10.1093/jamia/ocz192","aspect":"health_data_privacy_governance","evidenceType":"conceptual_normative","rationaleSpan":"concern has been expressed about the ethical and regulatory aspects of the application of AI in health care"},{"openalexId":"W3012501605","title":"The future of digital health with federated learning","venue":"npj Digital Medicine","year":2020,"doi":"10.1038/s41746-020-00323-1","aspect":"privacy_preserving_techniques","evidenceType":"technical_review_survey","rationaleSpan":"privacy concerns restrict access to this data"},{"openalexId":"W3033511014","title":"Secure, privacy-preserving and federated machine learning in medical imaging","venue":"Nature Machine Intelligence","year":2020,"doi":"10.1038/s42256-020-0186-1","aspect":"privacy_preserving_techniques","evidenceType":"technical_review_survey","rationaleSpan":"strict legal and ethical requirements to protect patient privacy"},{"openalexId":"W3200759624","title":"Privacy and artificial intelligence: challenges for protecting health information in a new era","venue":"BMC Medical Ethics","year":2021,"doi":"10.1186/s12910-021-00687-3","aspect":"health_data_privacy_governance","evidenceType":"review_synthesis","rationaleSpan":"Advances in healthcare artificial intelligence (AI) are occurring rapidly and there is a growing discussion about managing its development"},{"openalexId":"W4221106857","title":"Legal and Ethical Consideration in Artificial Intelligence in Healthcare: Who Takes Responsibility?","venue":"Frontiers in Surgery","year":2022,"doi":"10.3389/fsurg.2022.862322","aspect":"health_data_privacy_governance","evidenceType":"conceptual_normative","rationaleSpan":"The legal and ethical issues that confront society due to Artificial Intelligence (AI) include privacy and surveillance, bias or discrimination"},{"openalexId":"W4385452929","title":"From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy","venue":"IEEE Access","year":2023,"doi":"10.1109/access.2023.3300381","aspect":"privacy_risk_and_threat_analysis","evidenceType":"technical_review_survey","rationaleSpan":"critical to understand its consequences from a cybersecurity perspective"},{"openalexId":"W4390829176","title":"Balancing Privacy and Progress: A Review of Privacy Challenges, Systemic Oversight, and Patient Perceptions in AI-Driven Healthcare","venue":"Applied Sciences","year":2024,"doi":"10.3390/app14020675","aspect":"health_data_privacy_governance","evidenceType":"review_synthesis","rationaleSpan":"confronting significant ethical, legal, and technological challenges, particularly in patient privacy, decision-making autonomy, and data integrity"},{"openalexId":"W4402333071","title":"Privacy and personal data risk governance for generative artificial intelligence: A Chinese perspective","venue":"Telecommunications Policy","year":2024,"doi":"10.1016/j.telpol.2024.102851","aspect":"data_protection_law","evidenceType":"legal_doctrinal","rationaleSpan":"The rapid development of generative artificial intelligence (AI) has attracted global attention and posed challenges to existing data governance frameworks"}],"excludedPapers":[{"openalexId":"W2123431441","title":"New Public Management Is Dead--Long Live Digital-Era Governance","venue":"Journal of Public Administration Research and Theory","year":2005,"doi":"10.1093/jopart/mui057","exclusionReason":"off-topic: new-public-management governance; not AI privacy"},{"openalexId":"W2143775898","title":"Decentralization of Governance and Development","venue":"The Journal of Economic Perspectives","year":2002,"doi":"10.1257/089533002320951037","exclusionReason":"off-topic: decentralization and development; not AI privacy"},{"openalexId":"W2161575102","title":"Learning from Difference: The New Architecture of Experimentalist Governance in the EU","venue":"European Law Journal","year":2008,"doi":"10.1111/j.1468-0386.2008.00415.x","exclusionReason":"off-topic: EU experimentalist governance; not AI privacy"},{"openalexId":"W2587466508","title":"Big Data in Smart Farming – A review","venue":"Agricultural Systems","year":2017,"doi":"10.1016/j.agsy.2017.01.023","exclusionReason":"no abstract available for coding (abstracts-only protocol)"},{"openalexId":"W2607757716","title":"Machine learning, social learning and the governance of self-driving cars","venue":"Social Studies of Science","year":2017,"doi":"10.1177/0306312717741687","exclusionReason":"off-topic: governance of self-driving cars; privacy not the subject"},{"openalexId":"W2770717476","title":"Exploring the impact of artificial intelligence on teaching and learning in higher education","venue":"Research and Practice in Technology Enhanced Learning","year":2017,"doi":"10.1186/s41039-017-0062-8","exclusionReason":"off-topic: AI in higher education"},{"openalexId":"W2778796877","title":"What do we need to build explainable AI systems for the medical domain?","venue":"arXiv (Cornell University)","year":2017,"doi":"10.48550/arxiv.1712.09923","exclusionReason":"off-topic: explainable AI for medicine; privacy not the subject"},{"openalexId":"W2897620540","title":"Artificial intelligence, machine learning and health systems","venue":"Journal of Global Health","year":2018,"doi":"10.7189/jogh.08.020303","exclusionReason":"off-topic: AI/ML in health systems overview; privacy not the subject"},{"openalexId":"W2902634493","title":"AI4People—An Ethical Framework for a Good AI Society: Opportunities, Risks, Principles, and Recommendations","venue":"Minds and Machines","year":2018,"doi":"10.1007/s11023-018-9482-5","exclusionReason":"off-topic: general AI ethics framework; privacy not the focal subject"},{"openalexId":"W2903777941","title":"Privacy in the age of medical big data","venue":"Nature Medicine","year":2018,"doi":"10.1038/s41591-018-0272-7","exclusionReason":"no abstract available for coding (abstracts-only protocol)"},{"openalexId":"W2969625533","title":"Artificial Intelligence (AI): Multidisciplinary perspectives on emerging challenges, opportunities, and agenda for research, practice and policy","venue":"International Journal of Information Management","year":2019,"doi":"10.1016/j.ijinfomgt.2019.08.002","exclusionReason":"off-topic: broad AI overview"},{"openalexId":"W2981731882","title":"Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI","venue":"Information Fusion","year":2019,"doi":"10.1016/j.inffus.2019.12.012","exclusionReason":"no abstract available for coding (abstracts-only protocol)"},{"openalexId":"W2981863007","title":"Systematic review of research on artificial intelligence applications in higher education – where are the educators?","venue":"International Journal of Educational Technology in Higher Education","year":2019,"doi":"10.1186/s41239-019-0171-0","exclusionReason":"off-topic: review of AI in higher education"},{"openalexId":"W3000603264","title":"The role of artificial intelligence in achieving the Sustainable Development Goals","venue":"Nature Communications","year":2020,"doi":"10.1038/s41467-019-14108-y","exclusionReason":"off-topic: AI effects on SDGs"},{"openalexId":"W3036911563","title":"Data governance: Organizing data for trustworthy Artificial Intelligence","venue":"Government Information Quarterly","year":2020,"doi":"10.1016/j.giq.2020.101493","exclusionReason":"no abstract available for coding (abstracts-only protocol)"},{"openalexId":"W3092541244","title":"Fairness in Machine Learning: A Survey","venue":"ACM Computing Surveys","year":2023,"doi":"10.1145/3616865","exclusionReason":"off-topic: ML fairness survey; privacy not the subject"},{"openalexId":"W3094793347","title":"A strategic framework for artificial intelligence in marketing","venue":"Journal of the Academy of Marketing Science","year":2020,"doi":"10.1007/s11747-020-00749-9","exclusionReason":"off-topic: AI marketing framework"},{"openalexId":"W4283392904","title":"Artificial intelligence and smart vision for building and construction 4.0: Machine and deep learning methods and applications","venue":"Automation in Construction","year":2022,"doi":"10.1016/j.autcon.2022.104440","exclusionReason":"off-topic: AI in building and construction"},{"openalexId":"W4295951577","title":"Multimodal biomedical AI","venue":"Nature Medicine","year":2022,"doi":"10.1038/s41591-022-01981-2","exclusionReason":"off-topic: multimodal biomedical AI review; privacy peripheral"},{"openalexId":"W4379470483","title":"A Review of the Role of Artificial Intelligence in Healthcare","venue":"Journal of Personalized Medicine","year":2023,"doi":"10.3390/jpm13060951","exclusionReason":"off-topic: role-of-AI-in-healthcare review"}],"narrativeMarkdown":"# Evidence gap map: data privacy in the AI-governance literature\n\n## In plain terms\n\nPrivacy is among the most invoked words in AI governance — what does the scholarship behind it actually look like? The engine retrieved a corpus on data privacy in AI governance, coded every abstract into a framework matrix, and counted. The picture: legal-doctrinal work on data-protection law, technical surveys of privacy-preserving methods, and a cluster of health-sector commentary — with 24 of 30 matrix cells empty, and not one included paper reporting an empirical study, quantitative or qualitative, of privacy governance in practice.\n\n**Finding (screened coverage map):** Across a 5x6 framework matrix, 24 of 30 cells have no papers in this corpus of 12 included records; the populated cells concentrate in aspect 'health_data_privacy_governance' (5 papers) and evidence type 'conceptual_normative' (3 papers).\n\n## Background\n\nPolicy Window's research engine selected the review kind BEFORE this article was drafted: a review-kind selector matched the question (\"What does the scholarly literature report on data privacy in AI governance?\") and the measured corpus features (32 records, 28 with abstracts, no comparable quantitative effects, abstracts only) to an evidence gap map (selection `bfa5b382fa7c25a2`). The topic is the last unserviced robust entry of the engine's own study queue — with this article, every topic the engine selected for itself has been serviced. The article's status is a screened candidate routed to human review, not an adjudicated truth (Sacred Rule 9).\n\n## Method\n\nEvery record was coded exactly once against a declared frame — five privacy aspects (data-protection law, privacy-preserving techniques, health-data privacy governance, privacy risk and threat analysis, privacy concepts and attitudes) by six evidence types — with a verbatim rationale span per inclusion and a stated reason per exclusion (20 records excluded: off-topic or no abstract; the retrieval pulled in substantial non-privacy governance literature, all named). Review report `06a049597a47a3cb`; corpus `8e03bc128d945f19`.\n\n## What the map shows\n\nThe populated region: doctrinal analyses of data-protection law (the GDPR's reach over models and inferences, generative-AI challenges to existing frameworks), technical surveys of privacy-preserving machine learning (federated learning in health), and health-sector privacy commentary. The named empty cells include every privacy aspect crossed with empirical evidence of either kind — across the three topics the engine has now serviced (data transparency, governance frameworks, data privacy), the same cell family is empty every time: this corpus contains conceptual, legal, and technical writing about privacy governance, and no included paper that measures it in operation.\n\n## Limitations (disclosed by the engine)\n\n- scoping retrieval with fixed queries, not a systematic search (coverage is query-bounded)\n- coding from abstracts only — full texts were not consulted; cells count papers, not extracted effect estimates\n- single-annotator coding (in-session:claude-agent); no second coder, no kappa\n- corpus bounded to 32 retrieved records; counts are corpus-relative, not field-level claims\n\n## Verify\n\nEvery count above re-derives offline from the committed corpus and codings — no model, no network, no trust in the institute required: `PYTHONPATH=src python scripts/verify_review_data_privacy.py  # exit 0 = re-derives offline`\n","verifyCommand":"PYTHONPATH=src python scripts/verify_review_data_privacy.py  # exit 0 = re-derives offline","aiAgiCategories":["law_regulation","surveillance_security_policing"],"publicationDate":"2026-06-14","published":true}