This study investigates divergent perceptions of AI privacy risks among European AI developers and their adoption of mitigation strategies. Employing semi-structured interviews and qualitative thematic analysis grounded in privacy-preserving theory, we conducted an empirical study with 25 AI developers across Europe. Results reveal a lack of consensus on core privacy threats—including data misuse and model inversion—and significant challenges in implementing technical mitigations. Crucially, perceptual disparities are predominantly driven by non-technical factors: organizational culture, regulatory compliance pressure, and ethical awareness. Our key contribution is identifying and explicating the “cognition–practice gap” in privacy engineering—where awareness fails to translate into effective action—and proposing a developer-centric privacy governance framework. This framework advocates embedding privacy-by-design not only through technical tooling but also via institutional enablers, including training, accountability structures, and cross-functional collaboration. The findings offer empirically grounded, actionable insights for policymakers and industry stakeholders seeking to strengthen AI privacy practices.

The proliferation of AI has sparked privacy concerns related to training data, model interfaces, downstream applications, and more. We interviewed 25 AI developers based in Europe to understand which privacy threats they believe pose the greatest risk to users, developers, and businesses and what protective strategies, if any, would help to mitigate them. We find that there is little consensus among AI developers on the relative ranking of privacy risks. These differences stem from salient reasoning patterns that often relate to human rather than purely technical factors. Furthermore, while AI developers are aware of proposed mitigation strategies for addressing these risks, they reported minimal real-world adoption. Our findings highlight both gaps and opportunities for empowering AI developers to better address privacy risks in AI.