Executive summary: The 2026 privacy landscape
Litigation Impact: A federal court order in October 2025 restored standard deletion rights for most users, but in January 2026 a judge affirmed that 20 million preserved logs must still be handed over to news plaintiffs.
Agent Risks: The “ChatGPT agent” mode retains data, including screenshots of your browser, for 90 days, significantly longer than standard chats.
New Tooling: In April 2026 OpenAI released the Privacy Filter, an open-weight, on-device model that lets organizations strip PII from text before it ever reaches a cloud-based AI service.
Regulation: As of August 2025, the EU AI Act imposes strict transparency obligations on general purpose AI.
ChatGPT remains the dominant force in AI, with the release of GPT-5.3 and GPT-5.4 in early 2026 and the autonomous “ChatGPT agent” mode. However, as the technology shifts from a passive chatbot to an active agent that browses the web for you, the privacy stakes have escalated.
Statista surveys from early adoption phases showed that nearly half of respondents feared personal data collection. In 2026, those fears have evolved from simple data collection to complex legal retention and autonomous surveillance. This guide provides the definitive answers on how OpenAI handles your data today.
What is ChatGPT in 2026?
ChatGPT is a Large Language Model (LLM) and, increasingly, an autonomous agent. It generates text, writes code, and executes tasks based on your input. Developed by OpenAI, it currently runs on the GPT-5.3 and GPT-5.4 architectures, which feature “Instant,” “Thinking,” and “Pro” modes for adaptive reasoning. GPT-5.1, released in November 2025, was retired from ChatGPT in March 2026. GPT-5.2 and the specialized GPT-5.3 Codex are scheduled for retirement on June 5, 2026.
Unlike previous versions, the ChatGPT agent mode (which absorbed the former standalone “Operator” product in August 2025) allows the AI to navigate the web, click buttons, and perform actions on your behalf, introducing an entirely new layer of data privacy considerations.
Does ChatGPT save my data? (The “legal singularity”)
Yes, ChatGPT saves your data, but the rules changed dramatically in 2025 and early 2026 due to federal litigation.
1. The standard policy
For standard chat interactions, OpenAI stores your prompts, conversation history, and account details (email, IP, location) to train its models and provide the service. Typically, if you delete a chat, it is removed from OpenAI’s systems within 30 days.
2. The New York Times litigation effect
The New York Times v. OpenAI copyright lawsuit fundamentally disrupted the “Right to Erasure” throughout 2025 and into 2026.
The preservation order (May to September 2025): In May 2025, US Magistrate Judge Ona T. Wang ordered OpenAI to preserve all ChatGPT conversation logs indefinitely for legal discovery. During this period, even if you clicked “Delete,” your data was archived in a separate legal hold. Conversations originating from the European Economic Area, Switzerland, and the United Kingdom were excluded from this order.
The October modification: On October 9, 2025, Judge Wang terminated the sweeping preservation obligation. OpenAI’s obligation to preserve all output log data on a going-forward basis ended effective September 26, 2025, allowing the company to resume its standard 30-day deletion policy for new data.
The January 2026 production order: On January 5, 2026, US District Judge Sidney H. Stein affirmed a magistrate judge’s ruling compelling OpenAI to produce 20 million de-identified ChatGPT logs to the news plaintiffs. This means that while new logs get deleted on the normal schedule again, a massive sample of previously preserved conversations will actually be analyzed by outside parties in the consolidated copyright litigation.
The “Zombie Data” risk: Data captured between April and September 2025 remains preserved under the original order. Furthermore, accounts and domains specifically flagged by the New York Times as relevant to the case are still subject to ongoing retention.
Key takeaway: While standard deletion has returned for most, legal retention orders proved that your “Right to delete” can be suspended by the courts at any time, and the January 2026 ruling shows that preserved data can end up in the hands of third parties.
The new privacy frontier: “ChatGPT agent”
In August 2025, OpenAI integrated the former standalone “Operator” product into ChatGPT agent mode. This consolidated experience kept the stricter privacy regime of its predecessor. Because ChatGPT agent can take actions on the real web (like booking flights or filling forms), it requires aggressive abuse monitoring.
| Feature | Retention period | What is captured? |
|---|---|---|
| Standard chat | 30 Days (after deletion) | Text prompts, file uploads. |
| ChatGPT agent | 90 Days (after deletion) | Text, Screenshots, Browsing history. |
The screenshot risk: To function, ChatGPT agent takes continuous screenshots of the browser window it controls. If the agent navigates to a page displaying sensitive PII (Personal Identifiable Information) or proprietary dashboards, those screenshots are captured. Even if you delete the session immediately, these screenshots are retained for 90 days for safety review.
| Level | Feature | Privacy Benefit |
|---|---|---|
| Basic | Temporary Chat | No history, no training. |
| Advanced | Privacy Filter (New!) | Local PII redaction before transit. |
| Sovereign | AWS/Azure EKM | Revocable encryption keys. |
| Ultra | Zero Data Retention (ZDR) | No data written to disk (API only). |
OpenAI Privacy Filter: redaction before the prompt leaves your device
In April 2026, OpenAI released the Privacy Filter, an open-weight model designed to detect and redact personally identifiable information (PII) in text before it is sent to a cloud-based AI service. It is published under the Apache 2.0 license on Hugging Face and GitHub, which means organizations can use it commercially, fine-tune it, and embed it in their own products without royalty obligations.
What it does technically: Privacy Filter is a 1.5 billion parameter model with roughly 50 million active parameters (built on a Mixture-of-Experts architecture derived from OpenAI’s gpt-oss family). It is small enough to run on a standard laptop or even directly in a browser. Instead of generating text token by token like a normal LLM, it works as a bidirectional token classifier: it reads the input in a single forward pass and labels each token as one of eight PII categories or as background.
The eight categories it can detect and mask are:
- private_person (names)
- private_address (home and other private addresses)
- private_email
- private_phone
- private_url
- private_date
- account_number (covers credit card numbers, bank accounts, and similar identifiers)
- secret (passwords, API keys, tokens)
Why it matters for privacy: Traditional PII detection relies on regex and pattern matching, which catches obvious formats like email addresses but misses contextual references like “use the same card as last time” or ambiguous names. Privacy Filter uses context-aware language understanding, so it can distinguish whether “Alice” is a private individual or a literary character based on surrounding text. On the PII-Masking-300k benchmark, OpenAI reports an F1 score of 96%, rising to 97.43% on a corrected version of the dataset.
The local-first benefit: Because the model runs on-device, raw text containing PII never has to leave your machine to be sanitized. For organizations dealing with confidential client data, medical records, or financial information, this is a meaningful shift compared to sending raw data to a cloud-based redaction service first.
Important limitations: OpenAI is explicit that Privacy Filter is “a redaction and data minimization aid, not an anonymization, compliance, or a safety guarantee.” It can miss uncommon identifiers, over-redact short text fragments, and performs unevenly across languages. For high-stakes use cases like legal, medical, or financial workflows, OpenAI recommends combining it with human review and domain-specific fine-tuning. It should be treated as one layer in a privacy-by-design strategy, not as a compliance checkbox.
For Dutch organizations, this is a useful preprocessing step in pipelines where employees or systems pass unstructured text (emails, transcripts, support tickets) into ChatGPT or other LLMs. It does not replace your AVG/GDPR obligations, but it raises the floor on what is technically achievable for on-premises PII redaction.
Why is ChatGPT Data Privacy a concern?
Beyond the “black box” of AI training, privacy is a regulatory minefield.
GDPR and the EU AI Act
Europe continues to lead in regulation. The EU AI Act became fully operational throughout 2025:
- February 2025: Prohibitions on “unacceptable risk” AI took effect.
- August 2025: General Purpose AI (GPAI) rules came into force, requiring OpenAI to maintain detailed technical documentation and comply with EU copyright law.
The Dutch stance: The Dutch data protection authority (Autoriteit Persoonsgegevens) remains vigilant. Following the €290 million fine imposed on Uber in 2024 for improper data transfers to the US, Dutch organizations must be hyper-aware of where their AI data resides. The AP has emphasized that AI literacy (Article 4 of the AI Act) is now a mandatory obligation for companies deploying these tools.
How to make ChatGPT more privacy-friendly?
1. Opt-out of model training (Consumer Accounts)
If you are on a Free, Plus, or Pro plan, your data is used to train OpenAI’s models by default. You can stop this:
- Go to Settings > Data Controls.
- Toggle off “Improve the model for everyone”.
Note: This does not bypass the 30-day (or 90-day for ChatGPT agent) retention for abuse monitoring, but it prevents your data from becoming part of the AI’s permanent knowledge base.
2. Use “temporary chat”
For sensitive one-off tasks, use Temporary Chat. These chats are not saved to your history and are not used for training, though the 30-day abuse retention window still applies.
3. Switch to enterprise or business plans
For businesses, the safer path is the ChatGPT Enterprise or Business subscription (the plan formerly known as ChatGPT Team was renamed to Business in August 2025).
- No training: OpenAI explicitly states they do not train on business data by default.
- Enterprise key management (EKM): Rolled out in 2025, this allows Enterprise and Edu workspaces to manage their own encryption keys via AWS, Google Cloud, or Azure. If you revoke the key, OpenAI can no longer read your data, providing a technical safeguard. Note that EKM is currently limited to Enterprise and Edu customers with a named OpenAI account representative.
- Zero data retention (ZDR): Eligible enterprise clients can use ZDR APIs where no data is written to disk/logs, though this may limit some advanced features.
4. Run Privacy Filter on-device before sending text to ChatGPT
For developers and enterprises, the OpenAI Privacy Filter can be inserted as a preprocessing layer in front of any ChatGPT API call or workflow. Because it runs locally, you can sanitize logs, support tickets, or user inputs before the data ever reaches OpenAI’s servers. This is particularly valuable for Dutch organizations subject to strict AVG/GDPR data minimization principles, although it should be combined with policy review and human oversight rather than treated as a standalone compliance solution.
5. Deep research & cloud connectors
The Deep Research tool connects to Google Drive and Microsoft OneDrive. While the contents of your files are not used for training in Enterprise plans, the interaction logs (metadata of what you accessed and when) are generated. Always practice “Least Privilege” principles when granting the AI access to your cloud storage.
Recommendations for ChatGPT data privacy 2026
- Avoid PII in ChatGPT agent: Do not let the agent view screens containing banking info or credentials, as screenshots are retained for 3 months.
- Monitor litigation: Understand that “deleted” data may still be discoverable in legal cases like NYT v. OpenAI. As of January 2026, 20 million preserved logs are being handed over to plaintiffs.
- Consider data residency: Use OpenAI’s EU data residency options to mitigate GDPR transfer risks. EEA, Swiss, and UK conversations were excluded from the NYT preservation order.
- Add a local PII redaction layer: Where possible, run Privacy Filter (or an equivalent on-device tool) over unstructured inputs before they reach any cloud AI service, especially for support, HR, and finance workflows.
- Keep up to date with recent developments: Make sure you and your team are trained to use ChatGPT safely and securely. If you want support with this you can check out our ChatGPT Workshop.
| Level | Feature | Privacy Benefit |
|---|---|---|
| Basic | Temporary Chat | No history, no training. |
| Advanced | Privacy Filter (New!) | Local PII redaction before transit. |
| Sovereign | AWS/Azure EKM | Revocable encryption keys. |
| Ultra | Zero Data Retention (ZDR) | No data written to disk (API only). |
Need help navigating the 2026 AI privacy landscape?
DataNorth offers specialized ChatGPT Assessments to ensure your organization complies with the EU AI Act obligations while leveraging the power of the latest GPT-5 family models.
Frequently asked questions
I deleted my ChatGPT history in July 2025. Is it really gone forever?
Likely not. While OpenAI restored standard deletion rights in October 2025, data generated or deleted between April 2025 and September 2025 was subject to a federal preservation order in the New York Times v. OpenAI lawsuit. This “Zombie Data” is archived in a separate legal hold. In January 2026, a federal judge affirmed that 20 million de-identified logs from this preserved set must be produced to news plaintiffs for analysis, meaning that data isn’t just sitting in storage, it’s actively being reviewed by outside parties.
Does the ChatGPT agent mode see my screen when I’m not using it?
The agent only “sees” the specific browser tab it is controlling, but it captures continuous screenshots of that tab to function. Crucially, these screenshots are retained for 90 days for abuse monitoring. This is three times longer than standard text chats. If you have a sensitive bank statement open in the same tab the agent is using, that visual data is recorded and stored for three months.
Can OpenAI read my Enterprise data if the government demands it?
Not easily, if you use Enterprise Key Management (EKM). Rolled out in 2025, EKM allows your organization to hold the encryption keys for your data via AWS, Google Cloud, or Azure. If you revoke these keys, the data stored on OpenAI’s servers becomes unreadable cryptographic noise, even to OpenAI’s own engineers. Note that EKM is available only for Enterprise and Edu workspaces, and OpenAI itself does not recommend regular key revocation as an operational practice.
What is the OpenAI Privacy Filter and do I need it?
Privacy Filter is an open-weight, 1.5 billion parameter model released by OpenAI in April 2026 that detects and redacts PII (names, addresses, emails, phone numbers, URLs, dates, account numbers, and secrets like API keys) directly on your own device before text is sent to any cloud AI service. It is licensed under Apache 2.0, so commercial use and fine-tuning are permitted. You “need” it if your organization regularly sends unstructured text to ChatGPT or other cloud LLMs and wants to minimize the personal data that leaves your network. It is not a compliance certification on its own and should be combined with policy and human review for high-stakes domains.
If I use the ‘Deep Research’ tool on my Google Drive, does it train on my files?
For Enterprise and Business users, the content of your files is not used for training. However, the interaction logs (metadata) are generated. OpenAI creates a record of which files were accessed and when to monitor for abuse. While your trade secrets remain private, the “paper trail” of your research is still logged.
Can I ask ChatGPT to ‘unlearn’ a specific fact about me?
Technically, no. As highlighted by the Dutch Data Protection Authority (AP), LLMs cannot easily “forget” a specific fact without a complete retraining of the model. This creates a conflict with the GDPR’s “Right to Rectification.” If ChatGPT outputs incorrect info about you, your only reliable option is to delete the entire conversation history or opt-out of training for future data. You cannot surgically edit the model’s memory.
