AI, cookies and ransomware attacks are all putting privacy last.
2024 will go down as the year of user exploitation and attacks on data privacy. This is according to Simon Bain, CEO at OmniIndex, who argues that the decline of the public’s digital privacy goes hand in hand with the boom in AI-powered products and solutions.
Bain explains: “All of tech’s biggest players have been in a race to become the face of large language models, showing off their ability to take our data and regurgitate it in a slightly different way for someone else to digest and repurpose.
“But AI isn’t all to blame. This year was heavy with attacks on user privacy including Google abandoning plans to remove cookies from Chrome and alongside it another long list of people had their health, financial, and other private and personal data breached and held to ransom by attackers.”
Below, Bain explains the changes to our data and technology landscape in 2024 that have put our privacy at risk and offers hope for what we can do in 2025 to stop the curve.
The AI data race
Bain: “2024 saw rapid investment in and adoption of large language model AI and this created a voracious demand for data to train and improve these models. While users of dedicated AI tools may understand and often consent to their data being used for model training, a growing concern is the data harvesting practices of services that aren't explicitly AI-focused. These services, where users might not expect their data to be collected, are now increasingly using user data to fuel AI development, often without explicit consent or transparency.
“For example, LinkedIn users in certain regions are ‘opted in’ to the company’s ‘Data for Generative AI Improvement’ setting by default and are constantly having their profile data or posts harvested by the service to train the generative AI model. While users are able to opt out by going into their settings, this is a feature that was added seemingly without users being clearly warned or informed with many of us therefore not knowing that we needed to opt out if we did not want this to happen.
“Elsewhere, X, formerly known as Twitter, faced significant backlash and regulatory scrutiny after announcing its intention to use the public posts of EU/EEA users to train its AI model, Grok. The move sparked concerns among privacy advocates and data protection authorities, leading to complaints from several European countries. In response to these concerns, X agreed to temporarily suspend the processing of this data while ongoing discussions with regulators continue.”
The cookie crumble
Bain: “2024 has also seen a rollback on the intended plan to remove cookies from Google Chrome. Instead, Google announced plans to allow users to opt-out, a choice they can make at any time.
“It remains to be seen how easy it will be for users to opt-out, or whether there will be any negative impact on opting out for users. But if opting-out is buried in the privacy settings and there is a reduction in functionality or workflow as a result of not having them, then it is not really a fair or legitimate choice.
“Many websites utilize and rely on cookies for features including logins, saved preferences and optimized loading through the use of cookies in Content Delivery Networks. This, and similar scenarios, could force people to stay opted into cookies in order to maintain an efficient workflow: not because they actually want it.
“Many in the security and technology industries were looking at this decision as a landmark moment to signify a wider end of heavy cookie use and a move towards enhanced user privacy online. Instead, the U-turn has allowed cookies to continue as a dominant internet practice. The offering of enabling informed consent with the ability to opt out doesn’t go far enough in reconciling the privacy that we are having to forfeit as users.”
The ransomware threat
“While AI data harvesting and cookies are largely legal endeavors, ransomware on the other hand is engineered by cybercriminals intent on profiting from our stolen data and disrupting our vital services. Attacks and data breaches remain prevalent across all industries but healthcare has seen a particular focus in 2024 with patient health data and personally identifiable information attacked in huge numbers.”
According to ‘The State of Ransomware in Healthcare 2024’ report by Sophos, 67% of healthcare organizations were hit by ransomware in 2024, up from 60% reported in 2023’s study. These attacks are reported to have an average recovery cost of $2.57 million a ransomware attack.
Bain continued: “These attacks are causing significant disruption to vital services with some of the most sensitive private information about individuals potentially exposed. 2024 saw the largest ever healthcare data breach recorded with 100 million people impacted.
“No blame should be given to a victim with all the blame going to the criminals. However, attacks on healthcare are a danger to us all and to our most sensitive health and personal data and critical services.”
Reclaiming our data: A 2025 call to action
Bain: “2024 has ultimately been a tumultuous year for digital privacy. While AI has made significant strides, it has also exacerbated concerns around data exploitation and breaches. As we enter 2025, users must demand a more transparent and privacy-centric digital landscape.
“Data transparency should be a fundamental principle. Companies must obtain explicit consent before utilizing user data for AI training or other purposes. Users should have clear visibility into how their data is being used, and the ability to opt out of data sharing should be explicit and at the forefront of a service rather than buried.”