LLM Privacy Policies Under Scrutiny: User Data at Risk?

This paper analyzes the privacy policies of six leading U.S. AI developers, revealing a concerning trend of using user chat data to train large language models. The study, drawing on the California Consumer Privacy Act, highlights a lack of transparency and accountability in how these companies handle user data. All six developers appear to utilize user chat data for model training by default, and some retain this data indefinitely. This practice raises significant privacy concerns, particularly regarding the collection and use of personal information, including sensitive data like biometric and health information. Furthermore, the finding that four of the six companies may be training on children's chat data is especially alarming. The authors emphasize the need for greater transparency and accountability in the development and deployment of LLMs, calling for policy recommendations to address the data privacy challenges posed by these technologies. The lack of user consent for the use of their chat data, combined with indefinite retention policies, creates a potential for data breaches and misuse. The study underscores the importance of establishing clear guidelines and regulations to protect user privacy in the rapidly evolving landscape of AI.