AI and privacy — what happens to your data?

What data do AI tools collect?

Illustration created with Canva AI

When you use an AI chatbot like ChatGPT, Claude, or Gemini, your conversations are processed by servers of the company behind the model. Depending on the settings, these conversations are also used to further train the model.

In addition to the content of your messages, many AI services also collect: IP address, browser type, timestamp, linked account, and sometimes location data.

Are your conversations used for training?

This differs per service and per setting:

• OpenAI (ChatGPT) — Free users participate in training by default, unless you turn this off in the privacy settings. With paid API access, data is not used for training.
• Anthropic (Claude) — Says it does not use conversations for training unless you explicitly consent.
• Google (Gemini) — Conversations may be used for product improvement; this can be disabled in your Google account.

Risks when using AI at work

A major risk is entering sensitive business information into public AI tools. Contracts, customer data, financial figures, or strategic plans that you type into a chatbot can end up on external servers.

Well-known incidents: Samsung employees sent confidential source code to ChatGPT, after which Samsung banned its use internally.

How do you protect yourself?

• Use the privacy settings of the service to disable conversation storage and training
• Do not enter personal data or sensitive business information into public AI tools
• Use private or self-hosted AI solutions for sensitive work
• Read the data processing agreement when using AI for customer data — this is required under the GDPR

The GDPR and AI

In Europe, the General Data Protection Regulation (GDPR) protects personal data. AI services that process personal data from European users must comply with the GDPR — even if the company is based outside the EU.

The AI Act adds specific rules for AI systems, such as transparency requirements and bans on certain forms of biometric surveillance.

Conclusion

AI tools are powerful, but not neutral. Be aware of what you share, actively use privacy settings, and choose services that are transparent about their data use.