A financial analyst pastes a client’s tax return into ChatGPT to summarize deductions. A nurse asks the chatbot to draft a referral letter using a patient’s real name and diagnosis. A startup founder uploads proprietary code to debug it. Each of these prompts hands sensitive data to a system that, as of spring 2025, has already drawn a multimillion-euro fine for mishandling personal information. If you use ChatGPT for anything beyond casual questions, the privacy settings you choose and the data you strip from your prompts before hitting “Enter” now carry real consequences.
Italy’s fine put the privacy gap on the record
In May 2024, Italy’s data protection authority, the Garante, fined OpenAI €15 million for collecting users’ personal data through ChatGPT without a proper legal basis or adequate transparency. The penalty followed a formal notification in which the Garante cited specific breaches of the European Union’s General Data Protection Regulation, giving OpenAI a defined window to respond to the alleged violations.
The fine was not enormous by Big Tech standards, but the legal reasoning behind it matters far beyond Italy. The Garante concluded that OpenAI lacked a valid legal basis for processing the personal data users typed into prompts and that the company failed to clearly inform users about what happened to their inputs. That reasoning applies to every ChatGPT user, not just those in the EU, because the underlying problem is structural: text entered into a prompt does not vanish. It is processed on OpenAI’s servers, and depending on your settings, it may be used to train future models.
The Italian case also established a precedent that traditional data protection law applies fully to generative AI. Companies can no longer argue that a chatbot is too novel or too experimental to fall under existing privacy rules. For organizations that let employees use ChatGPT without guidelines, that precedent turns casual use into potential regulatory exposure.
What ChatGPT’s built-in privacy controls actually do
OpenAI offers several settings that limit how your data is handled, but each one has boundaries worth understanding.
“Improve the model for everyone” toggle. Found under Settings > Data Controls in the ChatGPT interface, this switch determines whether your conversations can be used to train OpenAI’s models. Turning it off means your prompts are excluded from training datasets. OpenAI states that even with the toggle off, conversations may be retained for up to 30 days for abuse and safety monitoring before deletion.
Temporary Chat. Launching a conversation in Temporary Chat mode means it will not appear in your sidebar history and will not be used for model training. This is useful for one-off queries involving sensitive material, though it does not prevent server-side processing during the session itself.
Memory controls. ChatGPT’s memory feature lets the model remember details across conversations. You can review what it has stored, delete specific memories, or turn the feature off entirely. For anyone handling client data or proprietary information, disabling memory reduces the risk of sensitive details surfacing in unrelated future sessions.
Data export and deletion. OpenAI allows users to export their conversation history and to request account deletion, which the company says triggers removal of associated data. However, as with most cloud services, verifying complete deletion across all backup systems and server logs is not something an individual user can independently confirm.
API and Enterprise tiers. OpenAI’s API, ChatGPT Enterprise, and ChatGPT Team products operate under different data processing terms. Inputs submitted through these channels are not used for model training by default, and enterprise customers can negotiate specific data processing agreements. Organizations handling regulated data should evaluate whether these tiers, rather than the free or Plus consumer plans, are appropriate for their use case.
Redaction: the step that matters most before you type
No platform setting eliminates the risk created by typing real names, Social Security numbers, medical diagnoses, or proprietary source code into a prompt. The single most effective privacy measure is redacting sensitive information before it reaches OpenAI’s servers.
In practice, this means replacing real identifiers with placeholders. Instead of “Summarize the tax situation for John Martinez, SSN 123-45-6789, who earned $312,000 in 2025,” a redacted prompt would read: “Summarize the tax situation for [Client A], who earned [income amount] in [tax year].” The model does not need real data to produce useful structural output in most cases.
For users who want automated help, several third-party browser extensions and desktop tools claim to detect and mask personally identifiable information before a prompt is submitted. Tools in this category include extensions that scan for patterns like email addresses, phone numbers, and national ID formats, then replace them with tokens. However, no independent, peer-reviewed evaluation has measured how reliably these tools catch every type of sensitive data across varied prompt styles. Treating them as a helpful layer rather than a guarantee is the safer approach.
Manual redaction remains the most reliable method, especially for nuanced data like proprietary business logic, legal strategy, or medical context that automated pattern-matching may not flag. The habit takes seconds per prompt and eliminates the most direct path to data exposure.
What regulators and companies are still sorting out
Italy’s fine answered one question definitively: regulators will penalize AI companies for privacy failures. But several important issues remain unresolved as of May 2026.
Other European data protection authorities, including France’s CNIL and regulators in Spain and Poland, have opened inquiries into ChatGPT and similar tools, but none have announced penalties matching the Garante’s action. Whether a coordinated EU-wide enforcement approach will emerge through the European Data Protection Board’s cooperation mechanisms, or whether each country will move independently, is unclear.
In the United States, the Federal Trade Commission has investigated OpenAI’s data practices, but no comparable fine or formal enforcement order has been published. The regulatory landscape in the U.S. remains fragmented, with no federal AI privacy law in place and state-level rules varying widely.
A deeper unresolved question involves historical data. If OpenAI changes its practices going forward, what happens to prompts and training data collected before the Italian enforcement action? Regulators have not publicly clarified whether they will require deletion, anonymization, or other remediation of past datasets. Given the complexity of large language models, where specific training inputs cannot easily be isolated or removed, this question has no straightforward technical answer.
OpenAI has signaled ongoing investment in privacy infrastructure, but the company has not published a detailed public audit of its data handling practices in response to the Italian fine. Until independent verification catches up with corporate commitments, a gap remains between what users are told and what they can confirm.
A practical checklist for anyone using ChatGPT with sensitive data
The regulatory picture will keep evolving, but the steps users and organizations can take right now are concrete:
- Treat every prompt as permanent. Assume anything you type could be stored, reviewed, or flagged in a future audit.
- Redact before you submit. Replace real names, ID numbers, financial figures, health details, and proprietary information with generic placeholders.
- Turn off model training. In Settings > Data Controls, disable “Improve the model for everyone” if you handle any sensitive material.
- Use Temporary Chat for one-off sensitive queries. It keeps the conversation out of your history and out of training data.
- Disable memory if you work with client or patient data. Review stored memories regularly and delete anything that should not persist.
- Check your organization’s AI policy. If your employer or professional body has not issued guidance on generative AI use, raise the issue. Regulated industries like healthcare, finance, and legal services face the highest exposure.
- Evaluate enterprise tiers. If your team uses ChatGPT routinely, the API or Enterprise plans offer stronger contractual data protections than consumer accounts.
The Italian enforcement action made one thing tangible that many users had only vaguely worried about: the data you type into a chatbot can become a regulatory problem for the company behind it and a privacy problem for you. Redaction and privacy settings are not perfect shields, but they are the most direct tools available. Using them consistently is no longer just good digital hygiene. It is the minimum reasonable response to a risk that regulators have now confirmed is real.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
