AI and Your Privacy: Key Concerns
Data Used Without Permission
ChatGPT was trained on massive amounts of online content-often without asking for permission. This raises privacy and copyright concerns, and some creators have filed complaints. Indian billionaire industrialists Mukesh Ambani and Gautam Adani-through their respective media entities NDTV and Network18-alongside prominent news outlets like The Indian Express, Hindustan Times, and the Digital News Publishers Association, have lodged a copyright infringement lawsuit against OpenAI in a Delhi court. The plaintiffs allege that ChatGPT was trained using content scraped without permission from their websites, amounting to “willful scraping” and “content adaptation” that poses a “clear and present danger” to their copyrighted material . This legal action expands on a prior case filed by Indian news agency ANI, intensifying a growing wave of global copyright challenges to generative AI platforms. OpenAI has countered the claims by asserting that it did not use any of the Indian media groups’ content to train its models, emphasizing its reliance on “publicly available data” and compliance with fair use principles; the company has also argued that Indian courts lack jurisdiction since its operations and data storage are based outside India. Legal experts, however, argue that Indian courts are likely to assert jurisdiction, drawing parallels with precedents such as Telegram’s case, where availability of services to Indian users was enough for jurisdiction to apply. The outcome could set a pivotal precedent in India, potentially reshaping how generative AI systems source and use copyrighted content, particularly if it leads to mandatory data deletion or stricter licensing obligations.
What You Share Becomes Part of the System
AI platforms like ChatGPT continuously ingest user-provided content-prompts, document uploads, images, and more-to improve their models, unless users specifically opt out. While OpenAI offers controls like “Temporary Chat” and settings to disable data use for model training, sharing information still feeds into the system. This is true even when conversations are deleted: the data may already have influenced the model’s internal behavior or been stored for security monitoring. Moreover, this means personalized details or linguistic patterns that users share can subtly shape the system’s responses going forward. As a result, anything shared becomes, in effect, part of the broader system memory and may influence future interactions-whether directly or indirectly. Even opting out doesn’t always undo the data’s impact, raising privacy concerns for users treating ChatGPT as a personal or confidential assistant. Users should therefore exercise caution: avoid sensitive uploads, enable privacy controls, and treat ChatGPT input as potentially integrated into a global model rather than isolated or private.
It Collects User Data
OpenAI confirmed in late January that a bug-likely involving an exploited vulnerability or compromised accounts-led to ChatGPT displaying sensitive user data from other users. Among the leaked information were private conversations, login credentials, and billing details from active subscribers. The company promptly took the service offline to patch the Redis‑py-related flaw, affirmed that no full credit card numbers were exposed, and directly informed potentially affected users.In response to the breach, OpenAI strengthened its defenses by fixing the root cause, collaborating with the Redis maintainers for a system-level patch, and launching a bug‑bounty program to encourage proactive vulnerability discovery. They also advised users to reset passwords, enable two‑factor authentication, and monitor account activity. While OpenAI attributed some data exposure to individual account hacks, the incident raised broader concerns about privacy and security in AI platforms as users increasingly entrust them with sensitive data.
Risk of Data Breaches
A cybersecurity report by Group-IB revealed that over 1 lakh (100,000+) ChatGPT user accounts were compromised globally due to info-stealing malware, with India emerging as the most affected country-accounting for 12,632 stolen credentials. The malware, such as Raccoon Stealer, infiltrated users’ devices and harvested saved credentials, cookies, and browsing history. These stolen login details, including ChatGPT credentials, were later discovered being traded on dark web marketplaces. The Asia-Pacific region was the hardest hit, contributing to 40.5% of the total stolen accounts, with other affected regions including the Middle East, Europe, and Latin America.The peak of these breaches occurred in May 2023, when around 26,800 ChatGPT login records were found for sale. Experts warned that this type of data theft could potentially expose sensitive or confidential user information, especially for those using ChatGPT in professional or enterprise contexts. Group-IB urged users to adopt stronger security practices, such as enabling two-factor authentication, regularly updating passwords, and being cautious about storing sensitive data in chatbot histories. The incident highlights growing cybersecurity risks associated with AI tools and emphasizes the need for heightened digital hygiene.
Privacy Measures Exist, But May Not Be Enough
While OpenAI uses encryption, access controls, and bug bounty programs, users still need to take extra steps to protect their own data.OpenAI does not currently offer end-to-end encryption, meaning user data-while encrypted on servers-can still be accessed internally for abuse monitoring or model training, and retained for up to 30 days even after deletion from the user’s perspective. Due to these limitations, users must adopt additional strategies to safeguard their own data. Key recommendations include disabling chat history or opting out of model training via privacy controls; avoiding uploading sensitive personal or corporate information; using temporary chat (incognito) mode; regularly deleting sensitive conversations; setting strong, unique passwords and enabling multi-factor authentication; and using tools like password managers or prompt sanitizers (e.g. Wald.ai) when sharing structured data . Treat ChatGPT as a helpful assistant-not a secure vault-and consider alternative secure tools when handling confidential information.
Conclusion
The rapid rise of AI platforms like ChatGPT has brought powerful capabilities-but also profound AI privacy, security, and ethical challenges. As lawsuits from Indian media giants spotlight concerns over unauthorized data use, and cybersecurity incidents reveal the vulnerability of user information, it’s clear that current safeguards may not fully protect creators or users. While OpenAI maintains its adherence to legal frameworks and offers privacy controls, these measures often fall short of the public’s expectations for transparency and data protection. The responsibility now falls not just on AI developers, but also on regulators, courts, and users to define clearer boundaries. Until stricter legal standards and technical protections are in place, users must approach AI tools with caution-limiting what they share and staying informed about how their data might be used, stored, or exposed therby safeguarding themselves against potential privacy breaches.