Updates to GitHub Copilot interaction data usage policy

Original Article ↗ Hacker News Discussion ↗

Scope of the policy change

  • Copilot interaction data (prompts, code snippets, context, outputs) from Free/Pro/Pro+ users will be used for model training unless users explicitly disable it.
  • Several comments note:
    • Business and Enterprise orgs are excluded by contract.
    • Historical “product improvement” opt-outs are supposedly honored for this new setting.
    • GitHub states it does not train on private repo contents “at rest,” only on interaction data while Copilot is in use.

Opt‑out vs. default behavior

  • Many users are unhappy this is enabled by default for individuals, especially paying users.
  • Some find the toggle already disabled; others find it enabled, creating confusion about prior defaults and whether regions or plans differ.
  • People criticize the wording that suggests “access to a feature” is lost if disabled, viewing it as manipulative framing.

Legal and regulatory concerns

  • Multiple commenters question legality under EU GDPR, especially for:
    • Consent that is not freely given (opt-out rather than opt-in).
    • Possible PII or secrets inadvertently included in prompts.
  • There is debate over whether GitHub might rely on “legitimate interest,” with some asserting that user interests clearly override it.
  • Others argue that if this is illegal, much of current AI practice would be too.

IP, licensing, and security worries

  • Strong concern about:
    • Proprietary code, trade secrets, and vulnerabilities leaking into models and indirectly to others.
    • License incompatibility (GPL, source-available, attribution-required licenses) being effectively ignored by training.
  • Lack of robust ways to exclude sensitive files from Copilot (except on higher tiers) is highlighted as risky.

Trust, communication, and “enshittification”

  • Widespread distrust of GitHub/Microsoft motives; many see this as part of a broader pattern of pushing AI and extracting value from users.
  • Complaints include:
    • No direct link to settings in the email.
    • Inconsistent UX (e.g., mobile app issues) and placement of the toggle.
  • Some users plan to:
    • Disable all Copilot features.
    • Move to self-hosted Git or alternative forges (Codeberg, SourceHut, Forgejo), or stop publishing new open source.
  • A minority see the change as unsurprising and not a big deal, arguing that better models ultimately benefit everyone.