OpenAI is challenging a court order that mandates the preservation of all ChatGPT user logs, including deleted chats and API data, following an accusation by news organizations alleging the company destroyed evidence related to copyright claims. The court order, issued after news outlets raised concerns that OpenAI might have erased data linked to potential copyright violations, requires the company to retain all such information indefinitely until further judicial instruction. OpenAI has argued that the order was issued prematurely, based solely on speculative allegations from The New York Times and other plaintiffs, and that the court failed to consider the company’s commitments to user privacy and data control.
OpenAI’s legal team has stated that the order is an overreach and that the court rushed its decision without examining the merits of the case. The company claims that there is no evidence to support the claim that it intentionally deleted data or that users of ChatGPT might have deleted their search logs to avoid being tracked. In a filing, OpenAI emphasized that it has not destroyed any data in response to litigation and that the order incorrectly assumes otherwise. The order has significant implications for user privacy, as it forces OpenAI to retain data on a scale that could impact hundreds of millions of users across its ChatGPT Free, Plus, and Pro platforms, as well as users of its API services.
Privacy advocates and industry professionals have raised concerns about the potential consequences of the order. Some have warned that the preservation of all user data could lead to a breach of trust with users who have relied on OpenAI’s privacy commitments. A LinkedIn post from a tech worker suggested that the order could create a serious breach of contract for companies using OpenAI’s services, while privacy advocates on X expressed alarm, stating that every AI service ‘powered by’ OpenAI should be concerned. The order has also prompted calls for greater caution in sharing sensitive data with ChatGPT or through its API, as users may now face the risk of their data being accessed without their consent.