PDP: A 'robots.txt' Protocol for AI Prompt Privacy

PDP (Prompt Data Privacy) proposes a novel approach to AI data consent, addressing the current binary model where users either accept global Terms of Service or abstain from using the model. By introducing a header-based standard for per-prompt data consent, PDP aims to provide granular control over how AI providers handle user data. The X-PDP-Level header allows users to explicitly signal their data handling preferences, moving consent from static legal documents to a programmable signal.

The key innovation lies in the introduction of three privacy levels: Private, Personal, and Global. These levels define specific compliance requirements, such as NO_STORE and NO_TRAIN for Private prompts, and STORE_PERM for Global prompts. The libraries default to Level 0 (Private) if the signal is missing, ensuring a fail-safe mechanism for data privacy. PDP's transport efficiency and model agnosticism make it compatible with various AI providers and network architectures.

However, PDP's effectiveness depends on the willingness of AI providers to honor user intent. As a signal, not a DRM, PDP relies on compliant providers to respect the X-PDP-Level header and adhere to the defined compliance requirements. The lack of enforcement mechanisms could limit its impact if providers choose to ignore the signal. Despite this limitation, PDP represents a significant step towards greater AI data privacy and user control.