Category: Privacy Rights

Posted on

Legal Implications of AI Conversations: Why Your Chats Are Not Private

Contrasting attorney-client privilege to AI chatbots.

Why Your AI Chatbot Could Be the Star Witness Against You

It starts innocently enough. You have had a difficult day at work, perhaps facing harassment from a supervisor or noticing financial irregularities you suspect are fraudulent. You sit down at your computer, open a chatbot, and type: “My boss is threatening to fire me because I reported a safety violation. What are my rights?”

The AI responds with a comforting, well-structured list of potential legal statutes. It feels private. It feels safe. It feels like you are venting to an impartial, digital confidant.

However, in the eyes of the law, you may have just handed the opposition a smoking gun.

As artificial intelligence becomes deeply integrated into our daily lives, many people treat tools like ChatGPT, Claude, and Gemini as surrogate therapists or legal advisors. But there is a critical distinction that every employee, whistleblower, and injury victim must understand: unlike a conversation with a lawyer, your conversation with an AI is not private. In fact, that digital transcript could be the very evidence that dismantles your case in court.

The Growing Use of AI and Emerging Legal Concerns

We are living through a massive shift in how information is processed. AI assistants now sit quietly inside our inboxes, browsers, and mobile apps, processing documents and answering questions with impressive speed. For individuals facing legal distress—whether it’s a wrongful termination, a personal injury, or workplace discrimination—the temptation to use these tools for research is overwhelming.

It is easy to see the appeal. AI is available 24/7, it doesn’t charge hourly rates, and it doesn’t judge. But this accessibility masks a severe legal vulnerability. When you type details of your situation into a generative AI model, you are creating a permanent, third-party record of your thoughts, inconsistent recollections, and admissions.

Legal professionals are raising the alarm: reliance on AI for sensitive legal research is creating a minefield for potential litigants. The technology has outpaced the law, leaving users exposed in ways they often do not anticipate until the discovery phase of a lawsuit begins.

Lack of Legal Protection: AI Conversations vs. Attorney-Client Privilege

The cornerstone of effective legal representation is attorney-client privilege. This legal concept ensures that frank, honest communications between you and your lawyer cannot be disclosed to the opposing party. It allows you to tell your attorney the “bad facts” along with the good, ensuring they can build a robust defense or case strategy without fear of those private admissions being used against you.

There is no such thing as “robot-client privilege.”

When you communicate with a chatbot, you are sharing information with a third-party corporation. Under the “third-party doctrine,” information you voluntarily share with a third party—be it a bank, a phone company, or an AI provider—generally loses its expectation of privacy.

If you are involved in litigation, the opposing counsel can subpoena your data. They can demand records of what you searched for, what you admitted to the AI, and how the AI responded. In this context, typing your case details into a chatbot is legally comparable to shouting your secrets in a crowded room.

Potential Risks: How AI Conversations Can Be Used Against You

The danger goes beyond a simple lack of privacy. The nature of how we interact with AI—often casually, emotionally, or hypothetically—can generate evidence that is damaging out of context.

Sam Altman, CEO of OpenAI, has explicitly warned users about this reality. In a candid admission, he noted that if users discuss their most sensitive issues with ChatGPT and a lawsuit arises, the company “could be required to produce that.”

Furthermore, simply hitting “delete” on a chat history may not protect you. Due to ongoing high-profile litigation, such as The New York Times suing OpenAI, companies are often under court orders to preserve evidence, including deleted conversations. Your digital footprint is far more durable than you think.

Examples of Self-Incrimination: Revealing Inconsistent Statements

Why is this specific data so dangerous? Defense attorneys are skilled at finding inconsistencies to undermine a plaintiff’s credibility. Your AI chat logs can provide them with ample ammunition.

Contradicting Your Claims

Imagine you were injured in a slip-and-fall accident. In your lawsuit, you claim severe, debilitating back pain. However, weeks prior, you asked an AI, “Best exercises for mild back strain so I can go hiking next week.” A defense attorney will present this chat log to the jury to argue that you are exaggerating your injuries.

Inconsistent Narratives

Memory is fallible. When you first speak to an AI about a workplace incident, you might get a date wrong or omit a key detail. Months later, during a deposition, you testify to the correct timeline. The opposition can use your initial, flawed AI query to paint you as dishonest or unreliable.

Exaggerations and “Hallucinations”

Users often prompt AI with exaggerated scenarios to get a more comprehensive response. You might say, “My boss screams at me every single day,” just to see what the AI says about harassment, even if the screaming only happened once. In court, that hyperbole looks like a lie. Furthermore, if the AI provides false information (a “hallucination”) and you inadvertently incorporate that falsehood into your testimony, your credibility is shattered.

Data Privacy Concerns: What AI Providers Do With Your Data

Beyond the courtroom, there is the issue of corporate surveillance. Behind the helpful interface of an AI assistant lies a simple reality: every interaction feeds the system data.

What happens to that data—how it is stored, used, or shared—depends entirely on the provider. While companies often claim they prioritize privacy, a closer look at their policies reveals a complex web of data collection.

The “Black Box” of Retention

Most major AI providers collect prompts, uploaded files, and interaction logs. This data is not just floating in a void; it is stored on servers, often indefinitely unless specific settings are toggled. For individuals dealing with sensitive legal matters, such as whistleblowers reporting corporate fraud, this retention creates a significant security risk.

OpenAI, Google, and Anthropic: Comparing Data Policies

To understand the scope of the risk, we must look at how the major players handle your information.

OpenAI (ChatGPT)

OpenAI’s default posture favors collection. Unless you are an enterprise client or proactively opt out, your conversations can be used to train their models. While they offer a “temporary chat” mode where data is deleted after 30 days, standard chats are retained indefinitely until you delete them. Even then, as noted regarding recent lawsuits, “deleted” does not always mean gone forever.

Google (Gemini)

Google’s approach is bifurcated. For enterprise workspace users, privacy protections are robust. However, for consumers using the free or standalone versions, the policy is more invasive. Google may retain chats for up to 36 months. More concerningly, some conversations are reviewed by human contractors to “improve” the AI. While Google claims this data is anonymized, identifying details within the text of a legal query could easily unmask a user.

Anthropic (Claude)

Anthropic, often touted for safety, has shifted its stance. As of late 2025, they introduced a default opt-in model for training. If users did not explicitly opt out by a specific deadline, their silence was interpreted as consent. This means your queries could be used to train future models, stored for years.

Microsoft (Copilot)

Microsoft’s Copilot, particularly the version integrated into GitHub, stands as an outlier. It is designed to suggest code and then “forget” it, generally not retaining snippets for training. However, for general text-based queries outside of coding environments, users must still be vigilant about the specific privacy settings of their Microsoft account.

Expert Opinions and Warnings: Legal Professionals and AI Experts Weigh In

The consensus among legal professionals is clear: Do not use AI for research about your legal situation.

The risks of discovery, inconsistent statements, and lack of privilege far outweigh the convenience of a quick answer. Employment law attorneys emphasize that AI cannot understand the nuance of your specific jurisdiction, contract, or the psychological state of your employer.

Even AI executives agree. Sam Altman’s comparison of ChatGPT to a therapist highlighted the dangerous gap in privacy expectations. “We haven’t figured that out yet for when you talk to ChatGPT,” Altman admitted regarding legal privilege. He suggested that users deserve the same privacy clarity they get with a doctor or lawyer, but acknowledged that such protections simply do not exist yet.

The Need for AI Legal Framework: Calls for Privacy and Legal Privilege

The legal system moves slowly, while technology moves at lightning speed. Currently, there is a gaping hole in the legal framework regarding AI communications.

Advocates are calling for new laws that would extend evidentiary privileges to cover interactions with AI, similar to how doctor-patient or attorney-client confidentiality works. The argument is that if people are using these tools to navigate crises—mental health struggles, legal disputes, medical issues—society has an interest in allowing them to do so without fear of surveillance.

However, until legislators act, the “third-party doctrine” remains the law of the land. Courts will likely continue to view AI chat logs as fair game in discovery battles.

User Responsibility: Tips for Safe AI Usage

If you must use AI, you need to do so with a defensive mindset. Here is how to protect yourself:

  • Avoid Specifics: Never input real names, dates, company names, or specific fact patterns into a chatbot.
  • Check Your Settings: Go into the settings of any AI tool you use and disable “Model Training” or “Chat History” where possible.
  • Assume It’s Public: Write every prompt as if it will be read aloud in a courtroom by an attorney who is trying to discredit you.
  • Verify Everything: Never rely on AI for legal advice. It is often outdated or completely wrong regarding state-specific laws.

Conclusion: Navigating the Legal Landscape of AI Conversations

The allure of artificial intelligence is its ability to provide immediate answers. But in the realm of law, immediate answers are rarely the safest ones. The lack of attorney-client privilege in AI conversations creates a vulnerability that can be exploited by employers, insurance companies, and opposing counsel.

Your case deserves more than a predictive text algorithm. It deserves the protection of true confidentiality and the strategic thinking of an experienced human advocate. Don’t let a casual chat with a robot compromise your fight for justice.

When legal questions arise, the impulse to seek quick answers from AI is understandable. But as technology evolves, so do the methods of legal discovery. What you type into a chatbot today could become evidence in a courtroom tomorrow.

The digital age demands not only awareness but also caution. Protecting your legal rights means understanding the limitations of the tools you use. Before you turn to AI for legal guidance, consider the irreversible consequences of a conversation that is never truly private. Your case is too important to be compromised by a machine.

 

Posted on

How Your Data is Being Used Against You: The Privacy Risks of MAIDs

When websites sell your data it puts your life, your livelihood and your future at risk contact the lawyers at Helmer Friedman LLP.

In our digital age, privacy has become a paramount concern for everyone. Data anonymity is often the key to safeguarding this privacy. However, what if we told you that companies can de-anonymize your data?

Despite tech firms’ constant reassurances that mobile user tracking IDs are anonymous, an entire industry exists that links these IDs to real individuals and their addresses, effectively dismantling this veil of anonymity. This industry accomplishes this by correlating mobile advertising IDs (MAIDs) collected by applications with a person’s full name, physical address, and other personally identifiable information (PII).

Simply put, your data could be used to identify you, leading to significant privacy breaches. This is particularly concerning for those who trust that their information is secure when signing up for websites or apps. Consider, for instance, the implications for users of a dating app like Grindr. People have been ‘outed,’ resulting in serious harm and discrimination, and, in the case of one Catholic priest, his life and reputation were destroyed.

So how does this work? A MAID is a unique identifier assigned to each device by a phone’s operating system. Apps frequently capture a user’s MAID and share it with third parties. Companies like BIGDBM and FullContact then link this data to full names, physical addresses, and other PII—a process known as ‘identity resolution’ or ‘identity graphing.’

These revelations underscore the urgent need for greater transparency and enhanced privacy regulations regarding data collection and handling. As users, we must advocate for our rights and urge tech companies to prioritize the security of our data. Before signing up for any platform, it’s crucial to read their privacy policy carefully, although even that may not be sufficient.

In a world where data is the new gold, let’s ensure our ‘digital selves’ remain uncompromised.

Posted on

Absent Employer Policy Employees May Have Privacy Interest in Emails Over Employer’s Email System

Employees may have a right to privacy at work.

Absent Employer Policy Of Either Monitoring Individual Email Accounts Or Prohibiting Use Of The Company’s Email Account For Personal Communications, Employees May Have Privacy Interest In Emails Over Employer’s Email System

Militello v. VFARM 1509, 89 Cal. App. 5th 602 (2023)

Shauneen Militello, Ann Lawrence Athey (Lawrence), and Rajesh Manek were the co-owners of Cannaco Research Corporation (CRC), a licensed manufacturer and distributor of cannabis products. All three individuals served as officers of CRC until Lawrence and Manek voted to remove Militello from her position. Militello sued Lawrence, Manek, and others, including Joel Athey, Lawrence’s husband, in a multicount complaint alleging causes of action for breach of contract, breach of fiduciary duty, fraud, and other torts.

Lawrence moved to disqualify Militello’s counsel, Spencer Hosie and Hosie Rice LLP, on the ground Militello had impermissibly downloaded from Lawrence’s CRC email account private communications between Lawrence and Athey, protected by the spousal communication privilege (Evid. Code, § 980), and provided them to her attorneys, who then used them in an attempt to obtain a receivership for CRC in a parallel proceeding. Militello opposed the motion, arguing in part Lawrence had no reasonable expectation her electronic communications with her husband were confidential because she knew Militello, as a director of CRC, had the right to review all communications on CRC’s corporate network. Militello also argued disqualification is not appropriate when a lawyer has received the adverse party’s privileged communications from his or her own client. The trial court granted the motion, finding that Militello had not carried her burden of establishing Lawrence had no reasonable expectation her communications with her husband would be private, and ordered the disqualification of Hosie and Hosie Rice.

The Court of Appeal affirmed the finding that Lawrence reasonably expected her communications were, and would remain, confidential. And while the Court of Appeal acknowledged that disqualification may not be an appropriate remedy when a client simply discusses with his or her lawyer improperly acquired privileged information, counsel’s knowing use of the opposing side’s privileged documents, however, obtained, is a ground for disqualification.