Privacy impact assessments for generative AI