OpenAI slams court order to save all ChatGPT logs, including deleted chats

Original Article ↗ Hacker News Discussion ↗

Deleted vs. “Hidden” Chats and User Trust

  • Many see the “real news” as confirmation that “deleted” and “temporary” ChatGPT chats were never truly gone—now made explicit by the court order.
  • Commenters argue calling this “deletion” is misleading; at best it’s soft-delete plus retention “unless legal obligations,” which now covers essentially everything.
  • Several people regret having shared highly personal or therapeutic content with ChatGPT, now realizing it may be stored indefinitely and potentially exposed.

Legal Holds, Discovery, and Court Reasoning

  • Others note that litigation holds and preservation orders are standard: once sued, a company must stop destroying potentially relevant evidence.
  • The judge appears to have lost patience after OpenAI resisted or dodged questions about privacy-preserving alternatives (e.g., anonymization).
  • Critics respond that ordering retention of all logs (including non‑US, non‑party users) is a grossly overbroad “fishing expedition” that offloads risk onto millions of uninvolved people.

GDPR, Jurisdiction, and Conflict of Laws

  • Multiple comments highlight potential conflict with EU GDPR “right to erasure,” though GDPR already has carve-outs for legally required retention and legal claims.
  • Debate centers on whether a US court order can justify processing EU users’ data contrary to EU law, especially via US‑based infrastructure.
  • Some argue this illustrates why non‑US regulators distrust US cloud providers and why EU entities insist on EU-incorporated subsidiaries and local hosting.

Technical and Semantic Complexity of Deletion

  • Long subthreads explain why hard, deterministic deletion across databases, logs, laptops, backups, and analytics pipelines is technically hard and expensive.
  • Proposals like per-user encryption keys or row‑level encryption are discussed; some say feasible in practice at smaller scale, others say performance costs are prohibitive.
  • Several advocate at least clearer language: distinguish “removed from your view” from “cryptographically unrecoverable.”

Enterprise, API, and Business Fallout

  • Many note this applies to ChatGPT Free/Plus/Pro and API traffic, undermining prior assurances that API data wasn’t retained beyond short windows.
  • Commenters predict enterprise customers in regulated sectors (healthcare, defense, finance) will reevaluate or terminate OpenAI use, or move to Azure‑hosted or fully on‑prem models.
  • Others reply that almost all SaaS and privacy policies include “unless required by law,” so legal recourse against OpenAI is limited.

Shift Toward Local and Open Models

  • News is widely cited as a strong argument for local or self-hosted LLMs (DeepSeek, Mistral, etc.), even with weaker quality and higher setup costs.
  • Underlying sentiment: any cloud LLM should now be assumed to keep prompts indefinitely and to be discoverable in future litigation or breaches.