Hacker News

Courts have always had the power to compel parties to a current case to preserve evidence. (For example, this was an issue in the Google monopoly case, since Google employees were using chats set to erase after 24 hours.) That becomes an issue in the discovery phase, well after the defendant has an opportunity to file a motion to dismiss. So a case with no specific allegation of wrongdoing would already be dismissed.

The power does not extend to any of your hypotheticals, which are not about active cases. Courts do not accept cases on the grounds that some bad thing might happen in the future; the plaintiff must show some concrete harm has already occurred. The only thing different here is how much potential evidence OpenAI has been asked to retain.

>Why could a court favor the interest of the New York Times in a vague accusation versus the interest and right of hundred millions people?

Probably because they bothered to pursue such a thing and hundreds of millions people did not.

How do you conclusively know if someone's content generating machine infringe with your rights? By saving all of its input/output for investigation.

It's ridiculous, sure but is it less ridiculous than AI companies claiming that the copyrights shouldn't apply to them because it will be bad for their business?

IMHO those are just growth pain. Back in the day people used to believe that the law don't apply on them because they did it on the internet and they were mostly right because the laws were made for another age. Eventually the laws both for criminal stuff and copyright caught up. Will be the same for AI, now we are in the wild west age of AI.

You raise good points but the target of your support feels misplaced. Want private ai? You must self-host and inspect if it’s phoning home. No way around it in my view.

Otherwise, you are picking your data privacy champions as the exact same companies, people and investors that sold us social media, and did something quite untoward with the data they got. Fool me twice, fool me three times… where is the line?

In other words - OAI has to save logs now? Candidly they probably were already, or it’s foolish not to assume that.

A pretty clear distinction is that all ISPs in the world are not currently involved in a lawsuit with New York Times and are not accused of deleting evidence. What OpenAI is accused of is significantly different from merely agnostically routing packets between A and B. OpenAI is not raising astronomical funds because they operate as an ISP.

> Privacy right is an integral part of the freedom of speech

I completely agree with you, but as a ChatGPT user I have to admit my fault in this too.

I have always been annoyed by what I saw as shameless breaches of copyright of thousands of authors (and other individuals) in the training of these LLMs, and I've been wary of the data security/confidentiality of these tools from the start too - and not for no reason. Yet I find ChatGPT et al so utterly compelling and useful, that I poured my personal data[0] into these tools anyway.

I've always felt conflicted about this, but the utility just about outweighed my privacy and copyright concerns. So as angry as I am about this situation, I also have to accept some of the blame too. I knew this (or other leaks or unsanctioned use of my data) was possible down the line.

But it's a wake up call. I've done nothing with these tools which is even slightly nefarious, but I am today deleting all my historical data (not just from ChatGPT[1] but other hosted AI tools) and will completely reassess my approach of using them - likely with an acceleration of my plans to move to using local models as much as I can.

[0] I do heavily redact my data that goes into hosted LLMs, but there's still more private data in there about me than I'd like.

[1] Which I know is very much a "after the horse has bolted" situation...

Lawyer here

First - in the US, privacy is not a constitutional right. It should be, but it's not. You are protected against government searches, but that's about it. You can claim it's a core human right or whatever, but that doesn't make it true, and it's a fairly reductionist argument anyway. It has, fwiw, also historically not been seen as a core right for thousands of years. So i think it's a harder argument to make than you think despite the EU coming around on this. Again, I firmly believe it should be a core right, but asserting that it is doesn't make that true.

Second, if you want the realistic answer - this judge is probably overworked and trying to clear a bunch of simple motions off their docket. I think you probably don't realize how many motions they probably deal with on a daily basis. Imagine trying to get through 145 code reviews a day or something like that. In this case, this isn't the trial, it's discovery. Not even discovery quite yet, if i read the docket right. Preservation orders of this kind are incredibly common in discovery, and it's not exactly high stakes most of the time. Most of the discovery motions are just parties being a pain in the ass to each other deliberately. This normally isn't even a thing that is heard in front of a judge directly, the judge is usually deciding on the filed papers.

So i'm sure the judge looked at it for a few minutes, thought it made sense at the time, and approved it. I doubt they spent hours thinking hard about the consequences.

OpenAI has asked to be heard in person on the motion, i'm sure the judge will grant it, listen to what they have to say, and determine they probably fucked it up, and fix it. That is what most judges do in this situation.

> Why could a court favor the interest of the New York Times in a vague accusation versus the interest and right of hundred millions people?

Because the law favors preservation of evidence for an active case above most other interests. It's not a matter of arbitrary preference by the particular court.

Regardless of the details of this specific case, the courts are not democratic and do not decide based on the interest of the parties or how many they are, they decide based on the law.

I completely agree with you. But perhaps we should be more worried that OpenAI or Google can retain all this data and do pretty much what they want with it in the first place, without a judge getting into the picture.

In your arguments for privacy, do you consider privacy from OpenAI?

ChatGPT isn’t like an ISP here. They are being credibly accused of basing their entire business on illegal activity. It’s more like if The Pirate Bay was being sued. The alleged infringement is all they do, and requiring them to preserve records of their users is pretty reasonable.

It's a honeypot from the beginning y'all

It doesn't, it favors longstanding caselaw and laws already on the books.

There is a longstanding precedent with regards to business document retention, and chat logs have been part of that for years if not decades. The article tries to make this sound like this is something new, but if you look at the e-retention guidelines in various cases over the years this is all pretty standard.

For a business to continue operating, they must preserve business documents and related ESI upon an appropriate legal hold to avoid spoliation. They likely weren't doing this claiming the data was deleted, which is why the judge ruled in favor against OAI.

This isn't uncommon knowledge either, its required. E-discovery and Information Governance are things any business must meet in this area; and those documents are subject to discovery in certain cases, where OAI likely thought they could avoid it maliciously.

The matter here is OAI and its influence rabble are churning this trying to do a runaround on longstanding requirements that any IT professional in the US would have reiterated from their legal department/Information Governance policies.

There's nothing to see here, there's no real story. They were supposed to be doing this and didn't, were caught, and the order just forces them to do what any other business is required to do.

I remember an executive years ago (decades really), asking about document retention, ESI, and e-discovery and how they could do something (which runs along similar lines to what OAI tried as a runaround). I remember the lawyer at the time saying, "You've gotta do this or when it goes to court you will have an indefensible position as a result of spoliation...".

You are mistaken, and appear to be trying to frame this improperly towards a point of no accountability.

I suggest you review the longstanding e-discovery retention requirements that courts require of businesses to operate.

This is not new material, nor any different from what's been required for a long time now. All your hyperbole about privacy is without real basis, they are a company; they must comply with law, and it certainly is not outrageous to hold people who break the law to account, and this can only occur when regulatory requirements are actually fulfilled.

There is no argument here.

References: Federal Rules of Civil Procedure (FRCP) 1, 4, 16, 26, 34, 37

There are many law firms who have written extensively on this and related subjects. I encourage you to look at those too.

(IANAL) Disclosure: Don't take this as legal advice. I've had the opportunity to work with quite a few competent ones, but I don't interpret the law; only they can. If you need someone to provide legal advice seek out competent qualified counsel.

> Why could a court favor the interest of the New York Times in a vague accusation versus the interest and right of hundred millions people?

Can't you use the same arguments against, say, Copyright holders? Billionaires? Corporations doing the Texas two-step bankruptcy legal maneuver to prevent liability from allegedly poisoning humanity?

I sure hope so.

Edit: ... (up to a point)

OpenAI is a business selling a product, it’s not a decentralized network of computers contributing spare processing power to run massive LLMs. Therefore, you can easily point a finger at them and tell them to stop some activity for which they are the sole gatekeeper.

> Why could a court favor the interest of the New York Times in a vague accusation versus the interest and right of hundred millions people?

It simply didn't. ChatGPT hasn't deleted any user data.

> "OpenAI did not 'destroy' any data, and certainly did not delete any data in response to litigation events," OpenAI argued. "The Order appears to have incorrectly assumed the contrary."

It's a bit of a stretch to think a big tech company like ChatGPT is deleting users' data.

>Privacy right is an integral part of the freedom of speech, a core human right.

Are these contradictory?

If you overhear a friend gossiping, can't you spread that gossip?

Also, where are human rights located? I'll give you a microscope.(sorry, I'm a moral anti-realist/expressivist and I can't help myself)

> Why could a court favor the interest of the New York Times in a vague accusation versus the interest and right of hundred millions people?

Well maybe some people in power have pressured the court into this decision? The New York Times surely has some power as well via their channels

Interesting detail from the court order [0]: When asked by the judge if they could anonymize chat logs instead of deleting them, OpenAI's response effectively dodged the "how" and focused on "privacy laws mandate deletion." This implicitly admits they don't have a reliable method to sufficiently anonymize data to satisfy those privacy concerns.

This raises serious questions about the supposed "anonymization" of chat data used for training their new models, i.e. when users leave the "improve model for all users" toggle enabled in the settings (which is the default even for paying users). So, indeed, very bad for the current business model which appears to rely on present users (voluntarily) "feeding the machine" to improve it.

[0] https://cdn.arstechnica.net/wp-content/uploads/2025/06/NYT-v...

Some established businesses will need to review their contracts, regulations, and risk tolerance.

And wrapper-around-ChatGPT startups should double-check their privacy policies, that all the "you have no privacy" language is in place.

> This seems very bad for their business.

Well, it is gonna be all _AI Companies_ very soon so unless everyone switches to local models which don't really have the same degree of profitability as a SaaS, its probably not going to kill a company to have less user privacy because tbh people are used to not having privacy these days on the internet.

It certainly will kill off the few companies/people trusting them with closed source code or security related stuff but you really should not outsource that anywhere.

If you were working with code that was proprietary, you probably shouldn't of been using cloud hosted LLMs anyways, but this would seem to seal the deal.

All GPT integrations I’ve implemented have been via Azure’s service, due to Microsoft’s contractual obligation for them not to train on my data.

As far as I understand it, this ruling does not apply to Microsoft, does it?

How? This is retention for legal risk, not for training purposes.

They can still have legal contracts with other companies, that stipulate that they don't train on any of their data.

Thinking about the value of the dataset of Enron’s emails that was disclosed during their trials, imagine the value and cost to humanity of all OpenAI’s api logs even for a few months being entered into court record..

Going to drop a PG tweet:

https://x.com/paulg/status/1913338841068404903

"It's a very exciting time in tech right now. If you're a first-rate programmer, there are a huge number of other places you can go work rather than at the company building the infrastructure of the police state."

---

So, courts order the preservation of AI logs, and government orders the building of a massive database. You do the math. This is such an annoying time to be alive in America, to say the least. PG needs to start blogging again about what's going on now days. We might be entering the digital version of the 60s, if we're lucky. Get local, get private, get secure, fight back.

Will this apply to Azure OpenAI model APIs too?

Aren't most enterprise customers using AzureOpenAI?

Not when people have nowhere else to go, pretty much you cannot escape it, it’s too convenient to not use now. You think no other AI chat providers doesn’t need to do this?

Why is AI special in this regard? Why is my exchange with ChatGPT any more privileged than my DuckDuckGo search for _HIV test margin of error_?

How did the court overstep? Orders to preserve evidence are routine in civil cases. Customer expectations about privacy have zero legal relevance.

Consider the opposite prevailing, where I can legally protect my warez site simply by saying "sorry, the conversation where I sent them a copy of a Disney movie was private".

The preservation order feels like a blunt instrument in a situation that needs surgical precision

Would it be possible to comply with the order by anonymizing the data?

The court is after evidence that users use ChatGPT to bypass paywalls. Anonymizing the data in a way that makes it impossible to 1) pinpoint the users and 2) reconstruct the generic user conversation history would preserve privacy and allow OpenAI to comply in good faith with the order.

The fact that they are blaring sirens and hide behind the "we can't, think about users' privacy" feels akin to willingful negligence or that they know they have something to hide.

If it's possible evidence as part of a lawsuit, of course they can't delete it.

This is a moot issue. OpenAI and all AI service providers already use all user-provided data for improving their models, and it's only a matter of time until they start selling it to advertisers, if they don't already. Whether or not they actually delete chat conversations is irrelevant.

Anyone concerned about their privacy wouldn't use these services to begin with. The fact they are so popular is indicative that most people value the service over their privacy, or simply don't care.

It's almost rigged. Either they are keeping the data (and ofc making money out of it) or deleting it destroying the evidence of the crimes they're committing..

This has nothing to do with convictions of criminals but everything with CIA gathering profiles every single person they can.

My guess is they will store them on tape e.g. on something like Spectra TFinity ExaScale library. I assume AWS glacier et al use this sort of thing for their deep archives.

Storing them on something that has hours to days retrieval window satisfies the court order, is cheaper, and makes me as a customer that little bit more content with it (mass data breach would take months of plundering and easily detectable).

> She suggested that OpenAI could have taken steps to anonymize the chat logs but chose not to

That is probably the solution right there.

I’d just assume that any chat or api call you do to any cloud based ai in th US will be discoverable from here on out.

If that’s too big a risk it really is time to consider locally hosted LLMs.

I ask again, why not anonymizing the data? That way NYT/the court could see if users are bypassing the paywall through ChatGPT while preserving privacy.

Even if I wrote it, I don't care if someone read out loud in public court "user <insert_hash_here> said: <insert nastiest thing you can think of here>"

This is a ludicrous assertion and factually inaccurate beyond all practical intelligence.

A computer in service of an individual absolutely follows copyright because the creator is in control of the distribution and direction of the content.

Besides, copyright is a civil statute, not criminal. Everything about this comment is the most obtuse form of FUD possible. I’m pro copyright reform, but this is “Uncle off his meds ranting on Facebook” unhinged and shouldn’t be given credence whatsoever.

You can always self host an LLM which is completely controlled on your own server. This is trivial to do.

> NONE of them have even mentioned the privacy aspect

because the privacy aspect has nothing to do with LLMs and everything to do with relying on cloud providers. HN users have been vocal about that since long before LLMs existed.

https://originality.ai/blog/openai-chatgpt-lawsuit-list

Why?

Then a court will order that you don't encrypt. And probably go after you for trying to undermine the intent of previous court order. Or what, you thought you found an obvious loophole in the entire legal system?

Do you have any reading on this?

Encryption does not negate copyright laws. The solution here is for LLM builders to pay for training data.

Looks like https://en.wikipedia.org/wiki/Lauren_Weinstein_(technologist..., he has been commentating on the Internet for about as long as it has existed.

Roughly how many posts on HN are by people you know?

Existing contracts have zero bearing on what a court may and may not order.

The order also dates back to May 13. What the fuck?! That’s weeks ago! The only reason I can think of for why OpenAI did not warn its users about this via an email notification is because it’s bad for their business. But wow is it ever a breach of trust not to.

I don't think the order creates any new violations of privacy law. OpenAI's ability to retain the data and give it to third parties would have been the violation in the first place.

My (not a lawyer) understanding is "no", because Microsoft is not administering the model (making available the chatbot and history logging), not retaining chats (typically, unless you configure it specifically to do this), and any logs or history are only retained on the customer's servers or tenant.

Accessing information on a customer's server or tenant (I have been assured) would require a court order for the customer directly.

But... as an 365 E5 user with an Azure account using the 4o through Foundry... I am much more nervous than I ever have been.

The former head of the NSA is on the board. I'd be more surprised if the feds WEREN'T siphoning off every byte by now.

It won't be coming for local inference.

It would probably surprise no one if we find out, some time from now, tacit agreements to do so were already made (are being made) behind closed doors. "We'll give you what you want, just please don't call us out publicly."

“use a Google product to avoid privacy concerns” is risible.

Are they all not collecting logs?

>If I have users that use OpenAI through my API keys am I responsible?

Yes. You are OpenAI's customer, and they expect you to follow their ToS. They do provide a moderation API to reject inappropriate prompts, though.

Framing this as a moralized issue of “addiction” on the part of consumers naturalizes the structural cause of the problem. Concentrated wealth benefits from the cloud capital consumers generate. It’s this group that has most of the control over how our data is collected. These companies reduce the number and quality of choices available to us. Blaming consumers for choosing the many conveniences of cloud data when the incentive structure has been carefully tailored to funnel our data into their possession and control is truly a superficial take.

Yeah, I see a ton of people all up in arms about privacy but ignoring that OpenAI doesn't give a rats ass about others privacy (see: scraping).

Like why one good other bad?

We have shifted over to SaaS so much for convenience that we have lost sight of “our control”.

I imagine a 90s era software industry for today’s tech world: person buys a server computer, person buys an internet connection with stable ip, person buys server software boxes to host content on the internet, person buys security suite to firewall access.

Where is the problem in this model? Aging computers? Duplicating computing hardware for little use? Unsustainable? Not green/efficient?

> who has control of your data

As frustrating as it is, the answer seems to be everyone and no one. Data in some respects is just an observation. If I walk through a park, and I see someone with red hair, I just collected some data about them. If I see them again, perhaps strike up a conversation, I learn more. In some sense, I own that data because I observed it.

On the other other hand, I think most decent people would agree that respecting each other's right to privacy is important. Should the owner of the red hair ask me to not share personal details about them, I would gladly accept, because I personally recognize them as the owner of the source data. I may possess an artifact or snapshot of that data, but it's their hair.

In a digital world where access controls exist, we have an opportunity to control the flow of our data through the public space. Unfortunately, a lot of work is still needed to make this a reality...if it's even possible. I like the Solid Project for it's attempt to rewrite the internet to put more control in the hands of the true data owners. But, I wonder if my observation metaphor is still possible even in a system like Solid.

It's not developer's common interest to develop local services first. People build cloud services for a profit so they can be paid. However, sometimes developers need to build their portfolios (or out of pure interest) so they make software that runs locally anyway. A lot of websites can easily be ran on people's computers from a data perspective but it's a lot of work to get that data in the first place and make it useable. I don't think people are truly "cloud-addicted". I think they simply do not have other choices.

the post does not reflect the reality that it is not 'your data'*. When you use a service provider, it's their data. They may give you certain rights to influence your usage or payment of their service, but if it's not on machines you control then it's not your data.

*my legal argument is "possession is 9/10ths of the law"

How do consumers utilize expensive compute resources in this model? Eg, H100 GPUs.

> If you truly want to maintain confidence it'll remain private, don't send it to the cloud in the first place.

I mean yes. but if you host it, then you'll be taken to court to hand that data over. Which means that you'll have less legal talent at your disposal to defend against it.

You don't have control over your data in the eyes of these guys... this was clear as soon as they started training their LLM on it without asking you

Is there a service available to request API keys for LLMs? Not directly from OpenAI or Anthropic, where your real identity / organization is tied to the key, but some third-party service that acts as a "VPN" / proxy?

This, and I ensure to anonymize any information I feed it, just in case. (Mostly just swapping out names / locations for placeholders)

Doesn't chat gpt require a phone number?

The docs contain a sentence on them retaining any chats that they legally have to retain. This is always the risk when doing business with law abiding companies which store any data on you.

OpenAI is breaching relevant laws that regulate data protection. Being compelled by a foreign power, for instance, are not grounds for data processing under GDPR.

OpenAI has not started to "be incompliant" with GDPR with this order, yes. More like OpenAI was always incompliant because it does not have relevant controls installed that mitigates extraterritorial tendencies of US law.

Regardless of legality of retention this order brings, them not notifying their users (the court did not compel them to hide this from their users (no gag order is in place) about this material change of data processing, could be constituted as breach of various consumer protection laws, misrepresentation, unfair dealing, false advertising and related.

A court order can be a lawful excuse for non-performance of a contract, but it's not always the case. The specifics of the contract, the court order, and the jurisdiction matter.

Yep. Laws supersede contracts. Contracts can’t legally bind any entity to break the law.

Court orders are like temporary, extremely finely scoped laws, as I understand them. A court order can’t compel an entity to break the law, but it can compel an entity to behave as if the court just set a law (for the specified entity, for the specified period of time, or the end of the case, whichever is sooner).

Doesn't the EU pose very strict privacy requirements now? I mean NSA knows more about you than your mom and the Stasi ever dreamt of but that's not part of the court order.

I don't know, but the claim pertains to damages from helping users bypass paywalls. Assuming a European can pay for many US sites this isn't a situation where the location of the user relates to the basis.

Worldwide, I think.

Why? I honestly don't understand what's so bad about my chat logs vs google having all my emails.

The Courts have broad leeway over document retention in a legal proceeding. The fact the documents are bring retained doesn't immediately imply plaintiffs get to see all of them.

There are myriad ways courts balance privacy and legal-interest concerns.

(The Times et al are alleging that OpenAI is aiding copyright violation by letting people get the text of news stories from the AI).

No you aren't reading this correctly

Easiest way for both the rights holders and AI megacorpos to both be happy is to push all the responsiblity onto the average joe who can't afford as expensive lawyers/lobbyists.

She’s a magistrate judge, she’s handling discovery matters, not the substantive issues at trial; the plaintiffs are specifically alleging spoliation by OpenAI/Microsoft (the parties were previously ordered to work out discovery issues, which obviously didn’t happen) and the judge is basically ensuring that potentially-discoverable information is retained, though it may not actually be discoverable in practice (or require a special master). It’s a wide-ranging order, but in this case that’s probably indicative of the judge believing that the defendants have been acting in bad faith, particularly since she specifically asked them for an amelioration plan which they appear to have refused to provide.

It's not dumb, litigation holds are a standard practice.

https://en.wikipedia.org/wiki/Legal_hold

Yes is like mandating back door to encryption to solve crimes. Wouldn’t that solve that problem?! Dumb as a door stop

Click on it. To be honest I'm totally over the over hyped sensational headlines I see on most post or pages.

"slam" usually means that the article was written using AI.

> No point using OpenAI when so many safer alternatives exist.

And ironically, this now includes the Chinese AI companies too.

Old bureaucratic fogeys will be the death of this nation.

AFAIK companies can pay Mistral to install their AI on their premises too, so they can have someone to ~~blame~~ provide support too :-P

That seems a little apocalyptic. She's are a magistrate judge and is making sure evidence isn't destroyed. After the conclusion of the case they will be able to delete the data. The legal system handles this stuff by allowing you to bring in experts which seems a lot more reasonable than every judge being an expert in technical details AND the law.

probably not? MS deploys those models themselves, they don't go to OAI at all

you're worried about ad targeting?

Seems shortsighted to offer something like this with zero information about how it works. If your target market is privacy-conscious, slapping a "Privacy by Design" badge and some vague promises is probably not very convincing. (Also, the homepage claims "Your conversations remain on your device and are never sent to external servers," yet the ProductHunt page says "All requests are handled locally on my own farm and all data is burned" -- which is it?)

Im sure they pretended they did not.

Now they can’t pretend anymore.

Although keeping deleted chats is evil.

Objectively it's better - Chinese authorities cannot prosecute you and only way you will get into trouble if the Chinese are sharing the data with USA.

Even "your" computer is not your own. It's effectively controlled by Intel, Microsoft, Apple etc. They just choose not to use that power (as far as we know). Ownership and control are not the same thing.

Bad news, they've been sniffing Internet backbones for decades. That cat is way the fuck out of the bag.

Should a word processor keep records of all the text it ever edited in case it was used to create propaganda? What about Photoshop?

I would not assume that it applies only to users located in the U.S., if that's what you mean, since this is designed to preserve evidence of alleged copyright infringement.

Insane that NYT is driving this privacy nightmare.

You thought they weren't logging these before? I have a bridge to sell you.

you use internet and expect privacy? I have Enron stock option to sell you…

You don't have the right not to be logged

Why would e2e help here? The other end is the one that's ordered to preserve the logs.

Feels like all the words of privacy and open source advocates for the last 20 years have never been more true. The worst nightmare scenarios for privacy abuse have all been realized.

> It has already been de-identified and disassociated from your account

That's one giant cop-out.

All you had to do was delete the user_id column and you can keep the chat indefinitely.

>That final clause now voids the entire section. All chats are preserved for "legal obligations".

That's why you read the whole thing? It's not exactly a long read. Do you expect them to update their docs every time they get a subpoena request?

A reasonable cloud storage provider stores your data encrypted on disk. Certain standards like HIPPA mandates this.

Deletion of data is achieved by permanently discarding the encryption key which is stored and managed elsewhere where secure erasure can be guaranteed.

If implemented honestly, this procedure WORKS and cloud storage is secure. Yes the emphasis is on the "implemented honestly" part but do not generalize cloud storage as inherently insecure.

In the first case, there is nothing preventing the development of software to overwrite data before unlink(2) is called.

In the second case, you can choose to trust or distrust the cloud storage provider. Trust being backed by contractual obligations and the right to sue if those obligations are not met. Of course, most EULAs for consumer products are toothless is this respect. On the other hand, that doesn't prevent companies from offering contracts which have some teeth (which they may do for business clients).

Not a lawyer, but my understanding it's not since legal obligations is a reason for processing personal data.

These AIs have digested all the data in the past. There is no fingerprints anymore.

The question is whether AI itself is aware what the source is. It certainly knows the source.

EU–US Data Privacy Framework is an US scam to get European user data.

And just like that, OpenAI got banned in my company today.

Good job.

> Spicy. European courts and governments will love to see their laws and legal opinions being shrugged away in ironic quotes.

The GDPR allows to retain data when require by law as long as needed. People that make regulations may make mistakes sometimes, but they are no that stupid as to not understand the law and what things it may require.

The data was correctly deleted on user demand. But it cannot be deleted where there is a Court order in place. The conclusion of "GDPR is in conflict with the law" looks like rage baiting.

Time to hit them with that 4% fine on revenue while they still have some money...

Will the EU respond by blocking them from doing business in the EU, given they're not abiding by GDPR?

Europe doesn't have jurisdiction over the US, and US courts have broad leeway in a situation like this.

At least the DeepSeek lets you run it locally.

Slavery or privacy!

Probably. Though it bears mention that Lauren Weinstein is one of the OG Internet privacy people, so not the worst tweet (toot) to link to.

(Even has an OG motorcycle avatar, ha.)

That's the true source. Should the link be updated to this article?

[flagged]

Thanks, we updated the URL to this from https://mastodon.laurenweinstein.org/@lauren/114627064774788...

Sounds like deleted chats are now hidden chats. Off the record chats are now on the record.

Does that fly in the EU?

Just some context ...

The original submission was a link to a post on Mastodon. The post itself was too long to fit in the title, so I trimmed it, and put the full post here in a comment.

But with the URL in the submission being changed, this doesn't really make sense any more! In the future I'll make sure I include in the comment the original link with the original text so it makes sense even if (when?) the submission URL gets changed.

Shill in general has a strong connotation. It comes with the idea of someone who would use the word so freely that it'll naturally be aggressive.

I don't know anyone's agenda in terms of commenters, so they'd have to be very blatant for me to use such a word.

You can't comment like this on Hacker News. Please read the guidelines and make an effort to observe them, particularly these ones:

Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.

Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.

When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."

Please don't fulminate. Please don't sneer, including at the rest of the community.

Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.

Eschew flamebait. Avoid generic tangents. Omit internet tropes.

Please don't use Hacker News for political or ideological battle. It tramples curiosity.

https://news.ycombinator.com/newsguidelines.html

It's not like Sam Altman has been particularly hostile to the present administration. He's probably already handing them over behind closed doors and doesn't want to take the PR hit.

First, there's no court order for Safari. This isn't the court saying "everyone always has to preserve data" it's a court saying "in the interest of this litigation this specific party has to preserve data for now".

But moreover, Safari isn't a third party, it's a tool you are using whose data is in your possession. That means that in the US things like fourth amendment rights are much stronger. A blanket order requiring that Safari preserve everyone's browsing history would be an illegal general warrant (in the US).

It's evidence in an ongoing lawsuit.

Because it's running on your computer?

> and if they're not, we can be upset then, not now

Like we could be upset when that credit checking company dumped all those social security numbers on the net and had to pay the first 200k claimants a grand total of $21 for their trouble?

By that point it’s far too late.

Are we talking about the same company that needs data desperately and has used copyrighted material illegally without permission?

In what world do you live in where corporations have any right to a benefit of the doubt? When did that legitimately pan out?

> I'm confident the records will be handlded appropriately once the case concludes (and if they're not, we can be upset then, not now)

This makes no sense to me. Shouldn't we address the damage before it's done vs handwringing after the fact?

You're pretty naive. OpenAI is still trying to figure out how to be profitable. Having a court order to retain a treasure trove of data they were already wanting to keep while offering not to, or claiming not to? Hahaha.

No, apps can be prevented access. People can be disclosing private information.

This is a court order. They saw them in court, and this was the result: https://cdn.arstechnica.net/wp-content/uploads/2025/06/NYT-v...

They are in court.

‘We want you to collect user data for ‘national security’ purposes. If you try and litigate, we will add so much red tape you’ll be mummified alive’

Better still, local LLM. It's too bad they're not "subscription grade".

I use their api a lot cuz its so cheap but latency is so bad.

That's not how the discovery process works. This data is only accessible by OpenAI and requests for discovery will pass through OpenAI.