Evidence review · generated by the AGI Social Scientist
Evidence gap map: data privacy in the AI-governance literature
Research question: What does the scholarly literature report on data privacy in AI governance?
Headline finding (screened coverage map)
Across a 5x6 framework matrix, 24 of 30 cells have no papers in this corpus of 12 included records; the populated cells concentrate in aspect 'health_data_privacy_governance' (5 papers) and evidence type 'conceptual_normative' (3 papers).
The review
In plain terms
Privacy is among the most invoked words in AI governance — what does the scholarship behind it actually look like? The engine retrieved a corpus on data privacy in AI governance, coded every abstract into a framework matrix, and counted. The picture: legal-doctrinal work on data-protection law, technical surveys of privacy-preserving methods, and a cluster of health-sector commentary — with 24 of 30 matrix cells empty, and not one included paper reporting an empirical study, quantitative or qualitative, of privacy governance in practice.
Finding (screened coverage map): Across a 5x6 framework matrix, 24 of 30 cells have no papers in this corpus of 12 included records; the populated cells concentrate in aspect 'health_data_privacy_governance' (5 papers) and evidence type 'conceptual_normative' (3 papers).
Background
Policy Window's research engine selected the review kind BEFORE this article was drafted: a review-kind selector matched the question ("What does the scholarly literature report on data privacy in AI governance?") and the measured corpus features (32 records, 28 with abstracts, no comparable quantitative effects, abstracts only) to an evidence gap map (selection bfa5b382fa7c25a2). The topic is the last unserviced robust entry of the engine's own study queue — with this article, every topic the engine selected for itself has been serviced. The article's status is a screened candidate routed to human review, not an adjudicated truth (Sacred Rule 9).
Method
Every record was coded exactly once against a declared frame — five privacy aspects (data-protection law, privacy-preserving techniques, health-data privacy governance, privacy risk and threat analysis, privacy concepts and attitudes) by six evidence types — with a verbatim rationale span per inclusion and a stated reason per exclusion (20 records excluded: off-topic or no abstract; the retrieval pulled in substantial non-privacy governance literature, all named). Review report 06a049597a47a3cb; corpus 8e03bc128d945f19.
What the map shows
The populated region: doctrinal analyses of data-protection law (the GDPR's reach over models and inferences, generative-AI challenges to existing frameworks), technical surveys of privacy-preserving machine learning (federated learning in health), and health-sector privacy commentary. The named empty cells include every privacy aspect crossed with empirical evidence of either kind — across the three topics the engine has now serviced (data transparency, governance frameworks, data privacy), the same cell family is empty every time: this corpus contains conceptual, legal, and technical writing about privacy governance, and no included paper that measures it in operation.
Limitations (disclosed by the engine)
- scoping retrieval with fixed queries, not a systematic search (coverage is query-bounded)
- coding from abstracts only — full texts were not consulted; cells count papers, not extracted effect estimates
- single-annotator coding (in-session:claude-agent); no second coder, no kappa
- corpus bounded to 32 retrieved records; counts are corpus-relative, not field-level claims
Verify
Every count above re-derives offline from the committed corpus and codings — no model, no network, no trust in the institute required: PYTHONPATH=src python scripts/verify_review_data_privacy.py # exit 0 = re-derives offline
Coverage matrix
Each cell counts the papers in the corpus coded to that aspect × evidence-type. Empty cells are named gaps — areas the literature does not (yet) cover.
| Aspect \ Evidence type | Conceptual Normative | Legal Doctrinal | Empirical Qualitative | Empirical Quantitative | Technical Review Survey | Review Synthesis |
|---|---|---|---|---|---|---|
| Data Protection Law | 0 | 3 | 0 | 0 | 0 | 0 |
| Privacy Preserving Techniques | 0 | 0 | 0 | 0 | 2 | 0 |
| Health Data Privacy Governance | 3 | 0 | 0 | 0 | 0 | 2 |
| Privacy Risk And Threat Analysis | 0 | 0 | 0 | 0 | 1 | 0 |
| Privacy Concepts And Attitudes | 0 | 0 | 0 | 0 | 0 | 1 |
Named gaps — 24 empty cells
- ▢ data_protection_law x conceptual_normative: 0 papers
- ▢ data_protection_law x empirical_qualitative: 0 papers
- ▢ data_protection_law x empirical_quantitative: 0 papers
- ▢ data_protection_law x technical_review_survey: 0 papers
- ▢ data_protection_law x review_synthesis: 0 papers
- ▢ privacy_preserving_techniques x conceptual_normative: 0 papers
- ▢ privacy_preserving_techniques x legal_doctrinal: 0 papers
- ▢ privacy_preserving_techniques x empirical_qualitative: 0 papers
- ▢ privacy_preserving_techniques x empirical_quantitative: 0 papers
- ▢ privacy_preserving_techniques x review_synthesis: 0 papers
- ▢ health_data_privacy_governance x legal_doctrinal: 0 papers
- ▢ health_data_privacy_governance x empirical_qualitative: 0 papers
- ▢ health_data_privacy_governance x empirical_quantitative: 0 papers
- ▢ health_data_privacy_governance x technical_review_survey: 0 papers
- ▢ privacy_risk_and_threat_analysis x conceptual_normative: 0 papers
- ▢ privacy_risk_and_threat_analysis x legal_doctrinal: 0 papers
- ▢ privacy_risk_and_threat_analysis x empirical_qualitative: 0 papers
- ▢ privacy_risk_and_threat_analysis x empirical_quantitative: 0 papers
- ▢ privacy_risk_and_threat_analysis x review_synthesis: 0 papers
- ▢ privacy_concepts_and_attitudes x conceptual_normative: 0 papers
- ▢ privacy_concepts_and_attitudes x legal_doctrinal: 0 papers
- ▢ privacy_concepts_and_attitudes x empirical_qualitative: 0 papers
- ▢ privacy_concepts_and_attitudes x empirical_quantitative: 0 papers
- ▢ privacy_concepts_and_attitudes x technical_review_survey: 0 papers
Disclosed fragilities
The engine discloses the limits of its own method. This is a screened candidate routed for review, not adjudicated truth.
- • scoping retrieval with fixed queries, not a systematic search (coverage is query-bounded)
- • coding from abstracts only — full texts were not consulted; cells count papers, not extracted effect estimates
- • single-annotator coding (in-session:claude-agent); no second coder, no kappa
- • corpus bounded to 32 retrieved records; counts are corpus-relative, not field-level claims
Codings — 12 included, with verbatim evidence
Every inclusion carries a verbatim rationale spanfrom the paper’s abstract (AGISS constraint P1: no claim without a quoted source excerpt).
| Paper | Aspect | Evidence type | Verbatim rationale |
|---|---|---|---|
| Privacy in the Digital Age: a Review of Information Privacy Research in Information Systems1MIS Quarterly · 2011 | Privacy Concepts And Attitudes | Review Synthesis | “Information privacy refers to the desire of individuals to control or have some influence over data about themselves” |
| Algorithms that remember: model inversion attacks and data protection lawPhilosophical Transactions of the Royal Society A Mathematical Physical and Engineering Sciences · 2018 | Data Protection Law | Legal Doctrinal | “The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area” |
| A Right to Reasonable Inferences: Re-Thinking Data Protection Law in the Age of Big Data and AI · 2018 | Data Protection Law | Legal Doctrinal | “Big Data analytics and artificial intelligence (AI) draw non-intuitive and unverifiable inferences and predictions about the behaviors, preferences, and private lives of individuals” |
| Machine learning in medicine: Addressing ethical challengesPLoS Medicine · 2018 | Health Data Privacy Governance | Conceptual Normative | “63% of the adult population is uncomfortable with allowing personal data to be used to improve healthcare” |
| A governance model for the application of AI in health careJournal of the American Medical Informatics Association · 2019 | Health Data Privacy Governance | Conceptual Normative | “concern has been expressed about the ethical and regulatory aspects of the application of AI in health care” |
| The future of digital health with federated learningnpj Digital Medicine · 2020 | Privacy Preserving Techniques | Technical Review Survey | “privacy concerns restrict access to this data” |
| Secure, privacy-preserving and federated machine learning in medical imagingNature Machine Intelligence · 2020 | Privacy Preserving Techniques | Technical Review Survey | “strict legal and ethical requirements to protect patient privacy” |
| Privacy and artificial intelligence: challenges for protecting health information in a new eraBMC Medical Ethics · 2021 | Health Data Privacy Governance | Review Synthesis | “Advances in healthcare artificial intelligence (AI) are occurring rapidly and there is a growing discussion about managing its development” |
| Legal and Ethical Consideration in Artificial Intelligence in Healthcare: Who Takes Responsibility?Frontiers in Surgery · 2022 | Health Data Privacy Governance | Conceptual Normative | “The legal and ethical issues that confront society due to Artificial Intelligence (AI) include privacy and surveillance, bias or discrimination” |
| From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and PrivacyIEEE Access · 2023 | Privacy Risk And Threat Analysis | Technical Review Survey | “critical to understand its consequences from a cybersecurity perspective” |
| Balancing Privacy and Progress: A Review of Privacy Challenges, Systemic Oversight, and Patient Perceptions in AI-Driven HealthcareApplied Sciences · 2024 | Health Data Privacy Governance | Review Synthesis | “confronting significant ethical, legal, and technological challenges, particularly in patient privacy, decision-making autonomy, and data integrity” |
| Privacy and personal data risk governance for generative artificial intelligence: A Chinese perspectiveTelecommunications Policy · 2024 | Data Protection Law | Legal Doctrinal | “The rapid development of generative artificial intelligence (AI) has attracted global attention and posed challenges to existing data governance frameworks” |
20 excluded records, with reasons
- New Public Management Is Dead--Long Live Digital-Era Governance — off-topic: new-public-management governance; not AI privacy
- Decentralization of Governance and Development — off-topic: decentralization and development; not AI privacy
- Learning from Difference: The New Architecture of Experimentalist Governance in the EU — off-topic: EU experimentalist governance; not AI privacy
- Big Data in Smart Farming – A review — no abstract available for coding (abstracts-only protocol)
- Machine learning, social learning and the governance of self-driving cars — off-topic: governance of self-driving cars; privacy not the subject
- Exploring the impact of artificial intelligence on teaching and learning in higher education — off-topic: AI in higher education
- What do we need to build explainable AI systems for the medical domain? — off-topic: explainable AI for medicine; privacy not the subject
- Artificial intelligence, machine learning and health systems — off-topic: AI/ML in health systems overview; privacy not the subject
- AI4People—An Ethical Framework for a Good AI Society: Opportunities, Risks, Principles, and Recommendations — off-topic: general AI ethics framework; privacy not the focal subject
- Privacy in the age of medical big data — no abstract available for coding (abstracts-only protocol)
- Artificial Intelligence (AI): Multidisciplinary perspectives on emerging challenges, opportunities, and agenda for research, practice and policy — off-topic: broad AI overview
- Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI — no abstract available for coding (abstracts-only protocol)
- Systematic review of research on artificial intelligence applications in higher education – where are the educators? — off-topic: review of AI in higher education
- The role of artificial intelligence in achieving the Sustainable Development Goals — off-topic: AI effects on SDGs
- Data governance: Organizing data for trustworthy Artificial Intelligence — no abstract available for coding (abstracts-only protocol)
- Fairness in Machine Learning: A Survey — off-topic: ML fairness survey; privacy not the subject
- A strategic framework for artificial intelligence in marketing — off-topic: AI marketing framework
- Artificial intelligence and smart vision for building and construction 4.0: Machine and deep learning methods and applications — off-topic: AI in building and construction
- Multimodal biomedical AI — off-topic: multimodal biomedical AI review; privacy peripheral
- A Review of the Role of Artificial Intelligence in Healthcare — off-topic: role-of-AI-in-healthcare review
Why this review kind
Review-kind selection for 'What does the scholarly literature report on data privacy in AI governance?': SELECTED evidence_gap_map; 0 kind(s) rejected with their failed requirements recorded. A methodological screen (Sacred Rule 9): the selection is disclosed on the article and the selected kind's own discipline still applies at conduct time.
Selector: review_selector_v1 · selected kind: Evidence Gap Map · selection hash bfa5b382fa7c25a2.
Verdict
evidence_gap_map conducted over 32 records (12 included, 20 excluded with reasons): a coverage map with 24 named empty cells. Counts only — no importance adjudication (Sacred Rule 9); the report re-derives offline from corpus + codings.
Verify it yourself
Every count above re-derives offline from the committed corpus and codings — no model, no network, no trust in the institute required:
PYTHONPATH=src python scripts/verify_review_data_privacy.py # exit 0 = re-derives offline