Privacy And Confidentiality In The Age Of AI: A Comprehensive Legal Guide

Insights

Our insights are intended to discuss in a general nature the legal developments relating to our core areas of practice. Insights should not be construed as legal advice or legal opinion. Furthermore, these matters are continually subject to change, and therefore the information below may not reflect the most current legal developments. Readers should not act or rely upon the information without seeking specific advice relating to their facts and circumstances from legal counsel.

Artificial intelligence Privacy Law Technology Law Harry Richt August 10, 2025

Contents show

Artificial intelligence tools like ChatGPT, Google Gemini, Anthropic Claude, and Perplexity AI are widely used in legal and business settings. These platforms help improve efficiency but also raise significant privacy and confidentiality concerns.

Understanding how each platform handles data retention, privacy settings, and access controls is essential to managing legal risks and protecting sensitive information.

Legal Risks of Using AI Tools

Communications with AI platforms generally do not enjoy attorney-client privilege. This risk is discussed in detail by Artificial Lawyer, which explains how sensitive client or corporate data shared on AI tools could be exposed or used for training unless proper safeguards are in place.

In addition, a court-ordered data retention of OpenAI chats has raised eyebrows and questions with limited answers about how such an order operates in the context of user deletion choices.

Organizations should carefully control what data is entered into AI systems and implement strong governance policies. Our article on the AI risk horizon highlights these emerging legal and compliance challenges.

Privacy Settings of Major AI Platforms

ChatGPT (OpenAI)

OpenAI allows users to opt out of having conversations used for model training by adjusting settings in their Data Controls. The temporary chat feature deletes conversations within 30 days and excludes them from training data. Some information may be retained briefly for safety monitoring. For highly sensitive use cases, avoid sharing confidential information without these settings enabled.

Google Gemini

Google Gemini saves chat data by default, but users can manage retention through Apps Activity settings. Auto-delete can be set to as short as 72 hours, although Google Workspace accounts may have administrative policies requiring more extended retention periods.

Anthropic Claude

Anthropic’s Claude deletes most conversation data within 30 days and does not use inputs for training unless explicitly authorized. Data flagged for safety or policy violations may be retained longer. Claude encrypts data in transit and at rest with strict internal access controls. This approach aligns with privacy best practices discussed in our top AI legal considerations.

Perplexity AI

Perplexity offers an incognito mode that prevents saving search histories and limits data retention, as well as the ability to limit training. Its enterprise service complies with SOC 2 standards and implements short retention periods and strong access controls. However, some concerns exist about publicly accessible URLs of uploaded files, highlighting the need to evaluate privacy risks carefully. Our AI governance resource explores how to manage such risks.

Privacy Comparison of AI Platforms

Platform	Training Data Opt-Out	Retention Period	Notable Privacy Considerations
ChatGPT	Yes, via settings	~30 days (temporary chats)	Requires manual opt-out; some data retained for safety review
Google Gemini	Yes, via Apps Activity	From 72 hours to 18 months	Workspace accounts may have longer retention enforced
Anthropic Claude	Default opt-out	~30 days (longer if flagged)	Privacy-focused default; strong encryption and limited access
Perplexity AI	Yes, incl. incognito mode	~24 hours (enterprise less)	Enterprise SOC 2 compliance; concerns about public file URLs

Practical Recommendations to Protect Privacy and Confidentiality

Avoid submitting personally identifiable information, client details, or trade secrets. The privacy guide to AI chatbots provides helpful tips.
Use privacy features such as opting out of training data sharing and enabling temporary or incognito modes.
Evaluate any third-party app integrations for data access and security controls.
Establish clear internal AI usage policies as described in our AI governance lawyer resource.
Stay current on updates to AI platform policies and privacy features, as well as state-specific legal landscapes such as New York AI compliance, and on the federal and international levels.

Significant Benefits Paired With Ongoing Vigilance

AI tools provide substantial advantages but require careful attention to privacy and confidentiality. Since platform settings and policies frequently evolve, organizations and consumers should continuously monitor and update their governance frameworks and personal practices to ensure they use AI safely while protecting sensitive information.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Insights