Summary: OpenAI is challenging a court order requiring them to hand over 20 million anonymized ChatGPT user conversations to The New York Times as part of a copyright lawsuit. The company argues this violates user privacy and affects conversations completely unrelated to the case, while announcing new client-side encryption features to protect future conversations. If you used ChatGPT between December 2022 and November 2024, your data may be in the random sample but business users are excluded.
The New York Times just demanded access to 20 million of your private ChatGPT conversations, and OpenAI is pushing back hard. This isn’t just another tech lawsuit, it’s a privacy battle that could set precedent for how AI companies handle user data when legal pressure mounts. With 800 million people now using ChatGPT for everything from creative projects to sensitive personal matters, the stakes have never been higher.
Table of Contents
What’s Happening
The 20 Million Conversation Demand
On November 11, 2025, OpenAI publicly disclosed that The New York Times is demanding the company turn over 20 million randomly sampled ChatGPT user conversations collected between December 2022 and November 2024. The demand came as part of the ongoing copyright infringement lawsuit the newspaper filed against OpenAI in December 2023. According to OpenAI’s Chief Information Security Officer Dane Stuckey, the Times claims these conversations might contain evidence of users attempting to circumvent the newspaper’s paywall using ChatGPT.
OpenAI filed an objection asking US Magistrate Judge Ona T. Wang to reverse the order, arguing that “99.99%” of these transcripts have absolutely nothing to do with the copyright allegations at the heart of the case. The company warned that “anyone in the world who has used ChatGPT in the past three years must now face the possibility that their personal conversations will be handed over to The Times to sift through at will in a speculative fishing expedition”.
From 1.4 Billion to 20 Million
This isn’t The New York Times’ first data demand and it’s not even close to the largest. The Times initially requested access to a staggering 1.4 billion private ChatGPT conversations, a demand OpenAI successfully fought down through legal negotiations. Before that, the newspaper even tried to prevent OpenAI users from deleting their chat histories entirely, which the company also contested.
In June 2025, Judge Wang issued a broader preservation order requiring OpenAI to indefinitely retain all user-generated ChatGPT content including conversations users had already deleted as part of the discovery process. OpenAI has appealed this order multiple times, arguing it fundamentally conflicts with the privacy commitments the company made to users and violates long-standing industry data retention norms.
Why the New York Times Wants Your Chats
The Copyright Infringement Claims
The core lawsuit alleges that OpenAI and Microsoft used millions of New York Times articles without authorization to train ChatGPT and other AI models. According to the Times’ complaint, this includes copyrighted news articles, investigative pieces, opinion columns, reviews, and guides that represent substantial journalistic investment.
The lawsuit specifically points to examples where ChatGPT produced near word-for-word reproductions of Times articles, potentially allowing users to access content that should be behind a paywall without paying for a subscription. One documented case showed Bing Chat (which uses OpenAI’s technology) copying 394 out of 396 words from a 2023 article about Hamas.
Paywall Circumvention Evidence
The New York Times argues that user conversation logs are necessary to determine whether ChatGPT regularly reproduces their copyrighted content and to counter OpenAI’s assertion that the Times “hacked” the chatbot using improper prompt engineering to manufacture evidence. The newspaper’s legal team believes examining real-world user interactions will show patterns of paywall circumvention that support their copyright claims.
OpenAI offered several privacy-preserving alternatives, including targeted searches that would only surface conversations actually containing text from New York Times articles, as well as aggregate usage statistics that wouldn’t expose individual users. The Times rejected all of these proposals.
OpenAI’s Privacy Arguments
The Random Sample Problem
OpenAI’s central argument is that a random sample of 20 million conversations will inevitably include millions of deeply personal exchanges that have zero relevance to whether the company violated copyright law. These could include sensitive discussions about health issues, relationship problems, financial planning, mental health support, creative projects, business strategies, and other private matters users shared expecting confidentiality.
The company emphasizes that ChatGPT serves 800 million users worldwide who trust the platform with “some of the most personal parts of their lives”. Forcing OpenAI to hand this data over to third-party legal teams and consultants even under court-supervised protocols sets a dangerous precedent that could undermine user trust in AI services broadly.
What “De-Identification” Actually Means
To mitigate potential privacy harm, OpenAI is running all affected conversations through a de-identification process designed to scrub personally identifiable information (PII) and sensitive data like passwords. This procedure attempts to remove names, email addresses, phone numbers, locations, and other identifying details before any conversations would be turned over.
However, de-identification has known limitations. Research shows that supposedly anonymized datasets can often be re-identified using sophisticated analysis techniques, especially when combined with other available data sources. Even with PII removed, conversation content itself discussing specific life events, unique situations, or distinctive writing styles can potentially identify individuals.
What Data Is Actually at Risk
Timeline and User Impact
The 20 million conversations represent a random sample from a specific two-year window: December 2022 through November 2024. If you used the consumer version of ChatGPT during this period, there’s a statistical chance your conversations are included in the sample.
OpenAI states the selected conversations are currently stored separately in a secure system protected under legal hold, meaning they can’t be accessed or used for any purpose other than meeting legal obligations. Only a small, audited team within OpenAI’s legal and security departments can access this data as necessary to comply with court orders.
Who’s Protected (Enterprise, Edu, Business)
Good news for business users: This data demand explicitly does not impact ChatGPT Enterprise, ChatGPT Edu, ChatGPT Business (formerly Team), or API customers. These premium tiers already operate under stricter data handling agreements with additional privacy protections.
Enterprise accounts feature SOC 2 Type 2 compliance, enterprise-grade authentication with SAML SSO, admin controls for user management, and audit logging capabilities. Importantly, Enterprise customers retain ownership of their data, and OpenAI doesn’t train models on Enterprise conversations.
New Security Features Coming
Client-Side Encryption Explained
In response to the lawsuit pressures, OpenAI announced it’s accelerating development of client-side encryption for ChatGPT messages. This cryptographic technique encrypts your conversations on your device before they’re transmitted to OpenAI’s servers.
Here’s the critical difference from current security: Right now, ChatGPT uses strong encryption during transit (TLS 1.2+) and at rest (AES-256), but OpenAI holds the encryption keys. This means the company can technically decrypt and access your conversations if required by law, as we’re seeing in the NYT case. With client-side encryption, the encryption key exists only on your device making your conversations completely inaccessible to anyone else, including OpenAI itself.
This architecture, similar to what apps like Signal and certain password managers use, would theoretically make it impossible for OpenAI to comply with data demands because they literally couldn’t decrypt your conversations even if ordered to do so. The company stated these features are “in active development” but hasn’t provided a specific timeline.
Automated Safety Detection
OpenAI is also building fully automated systems to detect safety issues without human review of conversation content. Under this framework, only serious misuse cases such as credible threats to someone’s life, plans to harm others, or critical cybersecurity threats would be escalated to a small, highly vetted team of human reviewers.
This represents a significant shift toward privacy-by-design, where technical systems handle content moderation without exposing user conversations to human employees except in the most extreme circumstances. However, the company hasn’t detailed exactly how these automated detection systems will work or what machine learning techniques they’ll employ.
How to Protect Your ChatGPT Privacy Now
Immediate Steps You Can Take
While you can’t remove conversations from the legal hold sample if they’re already selected, you can protect your privacy going forward with these actions:
Review your chat history. Log into ChatGPT and check your conversation history for any sensitive information you’d prefer to delete. Navigate to Settings → Data Controls → Chat History to manage saved conversations.
Enable temporary chat mode. ChatGPT offers a temporary chat feature that doesn’t save conversations to your history or use them for model training. Look for the temporary chat option when starting new conversations for sensitive topics.
Use ChatGPT Plus or Enterprise. If privacy is critical for your use case, consider upgrading to paid tiers that offer stronger data governance and aren’t included in this particular legal demand. Enterprise customers also get the benefit of not having their data used for training.
Avoid sharing PII unnecessarily. Don’t include real names, addresses, email addresses, phone numbers, or other identifying information in your prompts unless absolutely necessary for the task. Rephrase queries to be hypothetical rather than personal.
Monitor OpenAI’s privacy updates. OpenAI committed to keeping users informed with transparency updates about the lawsuit and any changes to data handling. Check their official blog and privacy policy regularly for announcements about client-side encryption availability.
What Deletion Really Means
Here’s the complicated reality: Even if you delete ChatGPT conversations now, they may already be part of the preserved dataset required by the court order. The June 2025 preservation order requires OpenAI to retain “all output data” indefinitely, including conversations users deleted that would normally be purged after 30 days.
OpenAI’s standard privacy policy states that deleted chats are permanently removed from their active systems. However, the legal hold creates an exception: deleted conversations from the December 2022 to November 2024 window may be retained in the separate secure system mentioned earlier. This highlights a fundamental tension: privacy promises versus legal obligations.
Legal Precedent and Implications
The Judge’s Order Explained
Judge Ona T. Wang’s order requires OpenAI to provide the 20 million chat logs by November 14, 2025. In her ruling, the judge sided with The New York Times‘ argument that user conversations are relevant to the copyright claims and necessary to evaluate whether OpenAI’s training practices resulted in systematic copyright violations.
The Times’ legal team pointed to precedent from another AI company that previously agreed to hand over 5 million private user chats in an unrelated court case. OpenAI strongly contests that this precedent applies to their situation and is appealing the decision.
The court order does come with protections: The Times is legally obligated not to make any data public outside the court process, and OpenAI is pushing for any data review to occur only in a tightly controlled legal environment with strict access protocols. Still, this means potentially dozens of lawyers, paralegals, and paid consultants could access conversations meant to be private.
What This Means for AI Privacy
This case represents a critical test of how privacy protections hold up when AI companies face legal pressure. Several broader implications are emerging:
The “AI exception” to privacy norms. Courts may be establishing that AI training and outputs create special circumstances justifying extraordinary data demands that wouldn’t be permitted in other contexts. This could make AI users more vulnerable to having their data exposed in future litigation.
Conflicts between jurisdictions. OpenAI noted that The New York Times’ demand “does not align with our privacy standards” and may conflict with privacy laws like GDPR in Europe. The company is “taking steps to comply” with US court orders while evaluating obligations under international privacy frameworks.
Precedent for other AI services. If The Times succeeds, expect similar data demands in the numerous other pending lawsuits against AI companies for alleged copyright violations. Authors, artists, programmers, and news organizations are all pursuing similar cases that could trigger comparable discovery requests.
The encryption arms race. OpenAI’s acceleration of client-side encryption development signals that AI companies are preparing for a future where legal and regulatory pressures on user data will only increase. End-to-end encryption may become a competitive necessity for AI services handling sensitive information.
Frequently Asked Questions (FAQs)
Is my ChatGPT data included in the 20 million conversations?
If you used consumer ChatGPT (the free version or Plus) between December 2022 and November 2024, your conversations might be included in the random sample. OpenAI hasn’t provided a way to check if your specific data was selected, but the company is de-identifying all conversations to remove personally identifiable information before any potential disclosure. ChatGPT Enterprise, Edu, Business, and API customers are explicitly excluded from this demand.
Can The New York Times publish my private conversations?
No the court order legally prohibits The Times from making any user data public outside the litigation process. However, the newspaper’s legal team, outside counsel, and paid consultants would have access to the conversations to analyze for evidence of copyright infringement. OpenAI is fighting to ensure any data review happens only in a secure, court-supervised environment with strict protocols.
What is client-side encryption and when will it be available?
Client-side encryption is a security technique that encrypts your messages on your device before sending them to ChatGPT’s servers, using an encryption key that only you possess. This would make your conversations completely inaccessible to OpenAI, The New York Times, or anyone else even under court order because the company literally couldn’t decrypt them. OpenAI announced this feature is “in active development” but hasn’t provided a release timeline.
Should I delete my ChatGPT history now?
Deleting your current chat history can protect future privacy but won’t remove conversations already in the legal hold sample. The court’s preservation order requires OpenAI to retain all data from December 2022 to November 2024, including conversations users have already deleted. For new conversations going forward, you can use ChatGPT’s temporary chat mode, which doesn’t save history or use your data for training.
How does OpenAI normally protect my ChatGPT data?
OpenAI currently encrypts ChatGPT conversations during transmission using TLS 1.2 or higher and at rest using AES-256 encryption. The company follows SOC 2 Type 2 security standards for Enterprise services and conducts regular third-party security testing. However, OpenAI holds the encryption keys, which means they can access your data when legally required exactly what’s happening in this lawsuit. That’s why the company is developing client-side encryption where users control the keys.
What’s the copyright lawsuit actually about?
The New York Times sued OpenAI and Microsoft in December 2023, claiming they used millions of Times articles without permission to train ChatGPT and other AI models. The lawsuit includes evidence showing ChatGPT can reproduce Times articles nearly word-for-word, potentially helping users circumvent the newspaper’s paywall. OpenAI argues its use qualifies as “fair use” under copyright law and that the Times used improper methods to elicit copyrighted outputs. The case is one of many lawsuits media companies and creators have filed against AI companies over training data.
Will this affect other AI chatbot services?
Legal experts suggest this case could set precedent that affects how all AI services handle user data when facing litigation. If courts establish that user conversations are fair game for discovery in copyright cases, other AI companies like Anthropic (Claude), Google (Gemini), and Meta (Llama) could face similar demands in their own lawsuits. This may accelerate industry-wide adoption of stronger privacy protections like end-to-end encryption.
Can I opt out of having my data shared with The New York Times?
Unfortunately, no if your conversations are in the random sample covered by the court order, you cannot opt out. OpenAI is fighting the order on behalf of all affected users, but individual users don’t have standing to intervene in the lawsuit. Your only options are to monitor OpenAI’s legal efforts and prepare for possible exposure by reviewing what sensitive information you may have shared during the affected time period.
