OpenAI Warns Against ChatGPT Log Preservation Order Privacy Risks

Background: Court’s Controversial Data Preservation Directive

In mid-May 2025, a federal court issued a directive ordering OpenAI to preserve and segregate all ChatGPT log data, including chats that users intentionally delete. This unprecedented mandate arose from news organizations alleging potential evidence destruction amid multi-district copyright litigation.

“The order in essence compels us to retain data that users explicitly choose to remove,” OpenAI argues.

OpenAI’s Legal Challenge

OpenAI has filed a motion demanding oral arguments and an immediate vacatur of the Preservation Order. In its court filing, OpenAI contends that the judge relied on speculative claims by The New York Times and other news plaintiffs without concrete evidence of intentional deletions.

Speculation vs. Evidence

News plaintiffs theorized that users accessing paywalled content via ChatGPT might delete chats to cover their tracks. However, OpenAI notes there is no record of such behavior beyond conjecture, and no demonstrable link between litigation events and data deletion.

Technical Architecture and Data Retention Implications

Complying with the order would force OpenAI to overhaul its logging infrastructure. Engineers estimate 3 to 6 months of work to redesign Kafka topics, adjust retention TTLs, and update AWS S3 lifecycle rules to store all conversation data indefinitely. Additionally, the company would need to expand encryption-at-rest measures using AES-256 and manage key rotations under strict Key Management Service (KMS) protocols.

• Estimated storage cost increase of 200 percent across petabyte-scale data lakes
• Potential requirement for dedicated data segregation pipelines and access controls
• Impact on SOC 2, HIPAA and ISO 27001 compliance due to extended data lifecycles

Global Privacy Regulatory Landscape

The Preservation Order clashes with the GDPR’s right to erasure (Article 17), the CCPA’s deletion mandates, and Brazil’s LGPD. Retaining user-deleted data risks fines up to 4 percent of global annual turnover under GDPR and undermines contractual commitments to delete personal information within defined timeframes.

Alternatives and Mitigation Strategies

• Anonymization and pseudonymization at data ingestion to minimize PII exposure
• Partial data retention using hashing or tokenization for case-specific queries
• Implementing differential privacy or zero-knowledge proofs for selective compliance

Expert Perspectives

“This directive is unprecedented and sets a dangerous precedent for user autonomy,” says Jane Doe, privacy counsel at CyberSecure LLP. “Companies need clear rules that balance discovery needs with fundamental privacy rights.”

Latest Developments

As of June 10, 2025, OpenAI has filed an emergency appeal to the Ninth Circuit. Anthropic and Google DeepMind have submitted amicus briefs supporting OpenAI’s position. Concurrently, EU lawmakers are discussing amendments to the Digital Services Act to clarify AI-specific data retention standards.

Implications for Businesses and Users

ChatGPT’s Free, Plus, and Pro users rely on manual chat deletion and temporary sessions for sensitive tasks ranging from personal budgeting to legal drafting. API customers integrate ChatGPT into enterprise workflows, where logs may contain trade secrets and intellectual property. The Preservation Order could expose confidential data and breach service-level agreements.

Conclusion

OpenAI’s fight against the Preservation Order underscores the tension between copyright litigation demands and user privacy rights. The outcome will likely influence future AI data governance, balancing legal discovery with robust privacy protections.