Thomas R. Cook (Federal Reserve Bank Kansas City) and Sophia Kazinnik (Stanford U) have posted “Social Group Bias in AI Finance” on SSRN. Here is the abstract:

Financial institutions increasingly rely on large language models (LLMs) for highstakes decision-making. However, these models risk perpetuating harmful biases if deployed without careful oversight. This paper investigates racial bias in LLMs specifically through the lens of credit decision-making tasks, operating on the premise that biases identified here are indicative of broader concerns across financial applications. We introduce a reproducible, counterfactual testing framework that evaluates how models respond to simulated mortgage applicants identical in all attributes except race. Our results reveal significant race-based discrepancies, exceeding historically observed bias levels. Leveraging layer-wise analysis, we track the propagation of sensitive attributes through internal model representations. Building on this, we deploy a control-vector intervention that effectively reduces racial disparities by up to 70% (33% on average) without impairing overall model performance. Our approach provides a transparent and practical toolkit for the identification and mitigation of bias in financial LLM deployments.

Alicia Solow-Niederman (George Washington U Law) has posted “AI and Doctrinal Collapse” (78 Stanford Law Review __ (forthcoming 2026)) on SSRN. Here is the abstract:

Artificial intelligence runs on data. But the two legal regimes that govern data—information privacy law and copyright law—are under pressure. Formally, each regime demands different things. Functionally, the boundaries between them are blurring, and their distinct rules and logics are becoming illegible.

This Article identifies this phenomenon, which I call “inter-regime doctrinal collapse,” and exposes the individual and institutional consequences. Through analysis of pending litigation, discovery disputes, and licensing agreements, this Article highlights two dominant exploitation tactics enabled by collapse: Companies “buy” data through business-to-business deals that sidestep individual privacy interests, or “ask” users for broad consent through privacy policies and terms of service that leverage notice-and-choice frameworks. Left unchecked, the data acquisition status quo favors established corporate players and impedes law’s ability to constrain the arbitrary exercise of private power.

Doctrinal collapse poses a fundamental challenge to the rule of law. When a leading AI developer can simultaneously argue that data is public enough to scrape—diffusing privacy and copyright controversies—and private enough to keep secret—avoiding disclosure or oversight of its training data—something has gone seriously awry with how law constrains power. To manage these costs and preserve space for salutary innovation, we need a law of collapse. This Article offers institutional responses, drawn from conflict of laws and legal pluralism, to create one.

Emma Perot (U the West Indies (Saint Augustine)) has posted “Anticipating AI: A Partial Solution to Image Rights Protection for Performers” (European Intellectual Property Review, Volume 46(7), pgs 407 – 418) on SSRN. Here is the abstract:

This article assesses Equity’s ‘Stop AI from Stealing the Show’ survey and suggests that a statutory image right could address some of the harms posed by AI, namely, unauthorised digital replicas. Unauthorised commercial use of persona can already be pursued under passing off and Advertising Codes in certain circumstances, but the inclusion of persona in films, television programs, and audio works is not addressed by the existing law. Even the US right of publicity is potentially inadequate in this regard because this type of harm is novel and has not been fully contemplated outside of the realm of video game avatars. Introducing a statutory image right in the UK that reflects the US ‘No Fakes’ Bill will only be a partial solution because of the existing contractual practices that result from inequality of bargaining power in the entertainment industry. Additionally, nefarious uses of deepfakes are more suited to technological intervention and criminal penalties.

Golnoosh Babaei (U Pavia) et al. have posted “Explainable Fairness, with Application to Credit Lending” on SSRN. Here is the abstract:

Fairness is a key requirement for artificial intelligence applications. The assessment of fairness is typically based on group based measures, such as statistical parity, which compares the machine learning output for the different population groups of a protected variable. Although intuitive and simple, statistical parity may be affected by the presence of control variables, correlated with the protected variable. To remove this effect, we propose to employ Shapley values, which measures the additional difference in output specifically due to the protected variable. To remove the possible impact of correlations on Shapley values, we compare them across different subgroups of the most correlated control variables, checking for the presence of Simpson’s paradox, for which a fair model may become unfair when conditioning on a control variable. We also show how to mitigate unfairness, by means of a propensity score matching that can improve statistical parity, building a training sample which matches similar individuals in different protected groups. We apply our proposal to a real-world database containing 157,269 personal lending decisions and show that both logistic regression and random forest models are fair, when all loan applications are considered; but become unfair, for high loan amount requested. We also show how propensity score matching can mitigate this bias.

Paul Jurcys (U California) et al. have posted “The Future of Privacy Law? A Comment on Solove/Hartzog’s ‘Kafka in the Age of AI and the Futility of Privacy as Control in an Age of AI’” on SSRN. Here is the abstract:

This Comment engages with Daniel Solove and Woodrow Hartzog’s thought-provoking claim that “privacy as control” is increasingly “futile” in an era of ubiquitous AI. We share their concern about the profound power imbalances and structural opacity that characterize today’s data-driven systems, and we recognize the urgency of rethinking traditional privacy frameworks in light of these challenges. At the same time, we respectfully suggest that their critique may understate the potential of a reimagined, more robust vision of individual control within privacy law. 

We raise three considerations in support of this view. First, the prevailing model of individual control they critique does not fully reflect the richer, human-centric approach to personal data that law can—and should—aspire to. Second, casting individual and structural approaches as oppositional creates a false dichotomy. In practice, these dimensions are interdependent and mutually reinforcing. Effective privacy governance requires both empowered individuals and robust structural safeguards to establish a data ecosystem that genuinely serves individuals and the public interest. And third, rather than endorsing resignation or fatalism, Kafka’s work can also be read as a call to reclaim dignity and agency in the face of bureaucratic and technological opacity. 

We therefore propose a revitalized framework for privacy law that affirms both meaningfully supported and feasible personal agency and strong institutional safeguards. By integrating these complementary dimensions, our aim is to contribute to a constructive and forward-looking dialogue on how privacy can endure as a viable and principled right in an increasingly complex and algorithmically mediated world.

Andrea Stazi (U San Raffaele Roma) has posted “Creativity, Authorship and AI” on SSRN. Here is the abstract:

With AI, the relationship between technology and IP is more complex than ever.

The David Guetta example, where AI was used to create lyrics and a voice in the style of Eminem, illustrates a new model of creativity.

This model involves an iterative, dynamic process of 1. conception, 2. prompting, 3. generation, 4. refining, and 5. deployment, where a human plays a crucial role.

However, regulatory approaches around the world are diverging – think of the USPTO guidelines which limit protection to human works v UK protection of computer generated works – and questions arise about how to protect creativity on the one hand and investments on the other.

To craft a balanced IP policy framework, we must carefully reconsider the key features of authorship, the interplay of idea and expression, the essence of creativity and the proper way to protect investments.

Rethinking copyright from this perspective can incentivize both the development and creative application of AI while upholding the fundamental principles of copyright for human authors and promoting broad access to AI-assisted works.

Enrico Bonadio (City U London) and Honor Felisberto (U Lausanne Law) have posted “Copyrightability of AI Outputs: The US Copyright Office’s Perspective European Intellectual Property Review” on SSRN. Here is the abstract:

In August 2023, the United States Copyright Office (USCO) published a Notice of Inquiry (NOI) and request for comments on the intersection between Artificial Intelligence (AI) and copyright. The USCO had earlier announced it would issue a Report in several Parts analysing the comments received. On July 31 st , 2024, the first Part of the Report, on the topic of digital replicas, had been published. The second part of this Report, available since January 29 th , 2025, addresses the copyrightability of outputs generated by AI systems. This short note offers a summary of the latter, more precisely of the USCO’s recommendations.

Youn Baek (New York U (NYU) Leonard N. Stern Business) has posted “The Scale Effects of Data on Firm Growth: Evidence from the GDPR” on SSRN. Here is the abstract:

This paper investigates how the scale of data influences firm growth by leveraging the European Union’s General Data Protection Regulation (GDPR) as a natural experiment. Using bibliometric and patent data, I find that U.S.-based researchers and firms with greater reliance on European collaborators experienced declines in research output and firm performance after the GDPR took effect. While data is critical for improving decision-making and gaining competitive advantage, the analysis reveals that its effect on firm output remains the same regardless of initial AI‑inventor size, implying constant returns to scale. This result challenges the “data feedback loop” theory that more data begets disproportionate productivity gains by documenting that data accumulation alone may not confer a disproportionate advantage to larger firms.

Bakht Munir (U Kansas Law) et al. have posted “Artificial Intelligence, Data Protecting and Transparency: A Comparative Study of GDPR and CCPA” on SSRN. Here is the abstract:

This study explores the relationship between artificial intelligence (AI), data protection, and transparency, focusing on the legal frameworks designed to manage these complexities, particularly the European Union’s General Data Protection Regulation (GDPR). As modern technologies become deeply embedded in daily life, privacy, transparency, fairness, and accountability concerns have intensified. This research critically examines the GDPR’s development in the context of AI, assessing its effectiveness in safeguarding privacy, security, and data protection. Furthermore, it compares the GDPR with the California Consumer Privacy Act (CCPA) to highlight the need for a globally harmonized and comprehensive data protection framework. The study ultimately takes an optimistic stance, arguing that the evolving challenges of data privacy can be effectively addressed through continuous legal adaptations, stronger international cooperation, and the integration of ethical principles into AI governance.

Mihailis Diamantis (U Iowa Law), Maaz Bin Musa (U Iowa), Lucas Ausberger (same), Rishab Nithyanand (same) has posted “Forms of Disclosure: The Path to Automated Data Privacy Audits” (62 Harv. J. L. & Tech.; Forthcoming) on SSRN. Here is the abstract:

The weakest link in privacy enforcement today is detection. For years, agencies and activists sounded the alarm about unregulated, opaque mechanisms that organizations employ to harvest, process, and sell online user data. Some state legislatures have responded in recent years by passing legislation to protect privacy rights. Federal legislation may not be far off. But privacy rights are meaningless without effective enforcement, and enforcement is blind without detection.

New techniques for uncovering privacy violations hold promise. Historically, this would have required access to data brokers’ books. Unsurprisingly, such access was not forthcoming.

Researchers now have tools that can carry out what this Article calls “closed book privacy audits,” detecting privacy violations without targets’ cooperation. For example, by selectively feeding fictitious personal data to online platforms and measuring its impact web experience, closed book privacy audits can track corporate use (and misuse) of personal information across the data ecosystem. Automated closed book privacy audits could uncork the detection bottleneck, empowering private and public enforcers.

There is one hitch… Privacy audits require both data to test and benchmarks to test it against. Crisp evaluative benchmarks have remained elusive. Emerging privacy laws require corporations to disclosures how they collect and use personal information. The laws do not mandate any particular form of disclosure. Through an original empirical study of privacy disclosures by California data brokers, this Article documents the result: a widely variable mishmash of opaque representations that are impossible to audit using a consistent procedure. We argue that the law should mandate uniform privacy disclosures in a machine-readable format. Regulators could borrow from standardized disclosure frameworks used by other regulatory bodies (e.g., the United States Securities and Exchange Commission) to simultaneously improve disclosure clarity and facilitate low-cost detection of violations through closed book audits.