AgentSkillsCN

Privacy & Responsible AI Skill

秉持“设计即隐私”理念,落实数据保护与负责任 AI 的各项原则。

SKILL.md
--- frontmatter
name: "Privacy & Responsible AI Skill"
description: "Privacy by design, data protection, and responsible AI principles."
applyTo: "**/*privacy*,**/*consent*,**/*data*,**/*PII*,**/*GDPR*,**/*responsible*,**/*ethical*,**/*bias*,**/*fairness*"

Privacy & Responsible AI Skill

Privacy by design, data protection, and responsible AI principles.

⚠️ Staleness Warning

Privacy regulations and AI ethics guidelines evolve continuously.

Refresh triggers:

  • New privacy laws (state, country, region)
  • AI regulation updates (EU AI Act, etc.)
  • Industry standard changes
  • Major incident learnings
  • Annual transparency reports (Microsoft, Google)

Last validated: February 2026

Check current state: Microsoft RAI, Google AI Principles, GDPR, CCPA


Privacy by Design Principles

PrincipleImplementation
MinimizeCollect only what's needed
PurposeUse data only for stated purpose
ConsentGet explicit permission
AccessLet users see their data
DeletionLet users delete their data
SecurityProtect data at rest and in transit
TransparencyExplain what you collect and why

Data Classification

LevelExamplesHandling
PublicMarketing contentNo restrictions
InternalEmployee directoryInternal only
ConfidentialCustomer data, PIIEncrypted, access-controlled
RestrictedCredentials, health dataMaximum protection

PII Checklist

Personal Identifiable Information includes:

  • Names
  • Email addresses
  • Phone numbers
  • Physical addresses
  • IP addresses
  • Device IDs
  • Location data
  • Financial data
  • Health data
  • Biometric data

Responsible AI Principles

Microsoft's 6 Principles (2025 RAI Transparency Report)

PrincipleQuestion to AskImplementation
FairnessDoes it treat all groups equitably?Bias testing, diverse datasets, fairness metrics
Reliability & SafetyDoes it work consistently and safely?Testing, monitoring, failure modes, guardrails
Privacy & SecurityDoes it protect user data?Data minimization, encryption, access controls
InclusivenessDoes it work for everyone?Accessibility, diverse user testing, edge cases
TransparencyCan users understand how it works?Explainability, documentation, model cards
AccountabilityWho is responsible for outcomes?Human oversight, audit trails, governance

Google's 3 Pillars (2024 AI Responsibility Report)

PillarDescription
Bold InnovationDeploy AI where benefits substantially outweigh risks
Responsible DevelopmentHuman oversight, safety research, bias mitigation, privacy
Collaborative ProgressEnable ecosystem, share learnings, engage stakeholders

Key RAI Tools & Frameworks

ToolPurposeSource
HAX WorkbookHuman-AI interaction best practicesMicrosoft
Responsible AI DashboardEnd-to-end RAI experienceMicrosoft/Azure
Model CardsStructured model documentationGoogle
People + AI GuidebookDesign guidance for AI productsGoogle PAIR
Frontier Safety FrameworkAdvanced model risk managementGoogle

Bias Detection

text
Ask:
1. What data was the model trained on?
2. Are there underrepresented groups?
3. What are the failure modes?
4. Who might be harmed by errors?
5. Have we tested with diverse inputs?
6. What demographic slices show performance gaps?
7. Are there proxy variables that encode bias?

Bias Categories

TypeDescriptionExample
Selection BiasTraining data not representativeHiring model trained only on past hires
Measurement BiasFlawed data collectionSelf-reported data with social desirability
Algorithmic BiasModel amplifies patternsRecommendation loops
Presentation BiasUI choices influence perceptionImage ordering in search results

AI Transparency & Documentation

Model Card Template

markdown
## Model Card: [Model Name]

### Model Details
- **Developer**: [Organization]
- **Version**: [Version number]
- **Type**: [Classification/Generation/etc.]
- **License**: [License terms]

### Intended Use
- **Primary use cases**: [Description]
- **Out-of-scope uses**: [What NOT to use it for]
- **Users**: [Target users]

### Training Data
- **Sources**: [Data sources]
- **Size**: [Dataset size]
- **Known limitations**: [Data gaps]

### Performance
- **Metrics**: [Evaluation metrics]
- **Sliced analysis**: [Performance by demographic groups]
- **Failure modes**: [Known failure patterns]

### Ethical Considerations
- **Risks**: [Potential harms]
- **Mitigations**: [Steps taken]
- **Human oversight**: [Review processes]

AI Feature Transparency (User-Facing)

markdown
## How This AI Works

**What it does**: [Clear description]
**What it doesn't do**: [Limitations]
**Data used**: [What inputs, how stored]
**Human oversight**: [When humans review]
**How to appeal**: [Process for disputes]
**Confidence indicators**: [How certainty is communicated]

Human-AI Collaboration

Appropriate Reliance Framework

StateDescriptionSignal
Over-relianceBlind acceptanceUser never questions AI
Appropriate relianceCalibrated trustUser verifies when uncertain
Under-relianceExcessive skepticismUser ignores useful AI output

Design for Appropriate Reliance

  1. Show confidence levels — Don't present all outputs as equally certain
  2. Explain reasoning — Help users evaluate AI logic
  3. Enable challenge — Make it easy to question or override
  4. Provide alternatives — Show multiple options when available
  5. Track calibration — Monitor if users trust appropriately

Code Patterns

Don't Log PII

typescript
// Bad
console.log(`User ${email} logged in`);

// Good
console.log(`User ${hashUserId(userId)} logged in`);

Consent Before Collection

typescript
// Get explicit consent
const consent = await showConsentDialog({
    purpose: 'Improve recommendations',
    data: ['usage patterns', 'preferences'],
    retention: '90 days',
    optOut: 'Settings > Privacy'
});

if (!consent.granted) {
    return fallbackBehavior();
}

Data Minimization

typescript
// Bad: Store everything
saveUser({ ...fullUserObject });

// Good: Store only what's needed
saveUser({
    id: user.id,
    preferences: user.preferences
    // Don't store: email, name, location
});

Right to Deletion

typescript
async function deleteUserData(userId: string) {
    await db.users.delete(userId);
    await db.userPreferences.delete(userId);
    await db.userHistory.delete(userId);
    await analytics.purge(userId);
    await logs.redact(userId);

    return { deleted: true, timestamp: new Date() };
}

Regulatory Quick Reference

RegulationRegionKey Requirements
GDPREUConsent, access, deletion, breach notification
CCPA/CPRACaliforniaDisclosure, opt-out, deletion
LGPDBrazilSimilar to GDPR
PIPLChinaData localization, consent
HIPAAUS HealthcareHealth data protection

AI Incident Response

When AI causes harm:

  1. Stop — Disable the feature immediately
  2. Assess — Who was affected, how severely
  3. Notify — Inform affected users
  4. Fix — Root cause + prevention
  5. Document — Post-mortem for learning

Synapses

See synapses.json for connections.