On Thursday, OpenAI sent an email to users informing them of a major change in the AI company’s privacy policy in the US. “We will now use cookies to promote OpenAI products and services on other websites,” the email sent on April 30 reads. Cookies store information in users’ browsers when they search the web.
Chats with bots are not shared with third parties. Still, the details that OpenAI collects when users interact with its services may soon be used to market those same services outside the platform, like ChatGPT. Its goal appears to be to convert free users (WIRED found that the marketing settings were “on” by default) and see how effective its ads are at driving conversions.
The move comes as OpenAI looks to expand its own advertising network inside ChatGPT. The company began advertising at the bottom of ChatGPT outputs for US users in February. Competitors including Google are exploring how ads can be woven into the user experience of generative AI tools and features.
“Nothing has changed about our policy of not sharing people’s conversations or other private user content with advertisers,” says OpenAI spokesperson Taya Christianson. “Like many companies, OpenAI works with select marketing partners to help people learn about our products on third-party websites and apps, and we’ve updated our privacy policy to make it clearer how this works. We don’t share your conversations with these marketing partners. To make OpenAI marketing efforts more relevant and measure their effectiveness, we may share limited identifiers, such as cookie IDs or device IDs, and any information in user settings. You can opt out at any time.”
To help you better understand what’s changed recently, WIRED compared the new privacy policy to a previous version saved from OpenAI’s website earlier this month. The biggest changes focus on how your data is shared for marketing purposes.
Courtesy of Reece Rogers
Data usage now includes third-party promotions
In the Disclosure of Personal Data section, OpenAI expanded the paragraph explaining how it discloses personal data. OpenAI now says it may share “limited information” with partners to promote services like ChatGPT and Codex outside of OpenAI’s platform.
The company has detailed this change in a new support page. It says it may send identifiers such as users’ email addresses or cookie IDs to advertising platforms. This way, OpenAI can check if users took specific actions – like signing up for its Codex tool after being shown an ad for it on Instagram.
Users can opt out of this type of tracking Settings > Data Control > Marketing Privacy On the ChatGPT site. WIRED tested two free accounts and found that those settings were on by default. The two paid accounts WIRED checked, one Plus and the other Enterprise, did not have it turned on by default.
old privacy policy
We disclose your personal data in the following circumstances:
Vendors and Service Providers: To meet business operating needs and to assist us in performing certain services and functions, we disclose personal data to vendors and service providers, including hosting service providers, customer service vendors, cloud services, content delivery services, support and security services, email communication software, web analytics services, payment and transaction processors, search and shopping providers, marketing service providers, and information technology providers. We also work with service providers who help us with age and identity verification, and you can learn more here. Based on our instructions, these parties will only access, process or store personal data in the course of performing their duties towards us.
new privacy policy
We disclose your personal data in the following circumstances:
Vendors, Service Providers and Marketing Partners: To assist us in meeting business operating needs and performing certain services and functions, we disclose personal data to vendors, service providers and marketing partners, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and security services, email communications software, web analytics services, payment and transaction processors, search and shopping providers, and information technology providers. We also work with service providers who help us with age and identity verification, and you can learn more here. When we work with service providers, these parties will access, process or store personal data based on our instructions and only in the course of performing their duties towards us. We also share limited information with select marketing partners who are not service providers to promote our products and services on third party properties and help us measure the effectiveness of those efforts. Some of these partners may receive information through cookies and similar technologies. Learn more about these practices and the options available to you here.
Assurance regarding ‘Sensitive Personal Data’ removed in error
OpenAI classifies many different types of information as a user’s “personal data”, including date of birth, payment information, and any information the user writes. In its privacy policies, it does not clarify what type of data it considers “sensitive”, but OpenAI promises that it does not use this information to infer characteristics about consumers.
A sentence related to “sensitive personal data” was briefly absent from the privacy policy on Friday as WIRED accessed the updated document. When WIRED contacted OpenAI for comment, the company claimed the removal was an error and added a similar sentence back in a separate paragraph.
<a href