A court decision makes each of your submissions potential evidence.
Imagine every brainstorming session with your team, every strategy note, and every customer analysis being recorded—and you can't delete the recording. Worse still, it could end up in a foreign court case at any time. Sounds worrying? That's exactly what's happening right now with the data that countless European companies entrust to the most well-known AI services every day.
A US court has ordered AI giant OpenAI to permanently store all chat logs [1]. Yes, even those chats you deleted long ago and thought were confidential [3]. For medium-sized companies in Europe, this is more than just a casual message—it's a wake-up call. Suddenly, the heart of our companies—innovative product ideas, sensitive customer data, and internal know-how—is no longer under our control. It's potentially accessible and part of a legal system that isn't subject to ours.
The beginning of a legal dispute that questions the data protection promises of US providers.
When US law meets European reality
This approach is in stark contradiction to everything we understand in Europe as data protection. The right to erasure, a core pillar of the GDPR? De facto undermined [5]. Control over one's own company data? A dangerous illusion. OpenAI itself finds itself in a "data protection balancing act": If the company complies with the US order, it violates European law. A dilemma that reveals the fundamental problem [2, 5].
But behind this bad news lies a huge opportunity if we as European entrepreneurs rethink our AI strategy. Forgoing the enormous benefits of AI is not an option for any competitive company. But we must shape the path to achieving this ourselves.
The crucial passage: The court orders the indefinite storage of all data – even deleted data. A direct contradiction to the GDPR.
The European way: using AI sovereignly and on one's own data
With the AI Act, the EU is moving in precisely this direction: It is creating a clear framework for trustworthy and secure AI that respects our European values and rights [4]. The key is to harness the impressive power of modern AI models, but in a protected, controlled environment that belongs to you – on your own data.
The path to successful and secure AI deployment is not a solo effort. It requires a partner who bridges the gap between global AI power and the specific needs of European SMEs. A partner who helps you transform your valuable corporate knowledge into a secure, proprietary AI solution that gives you a true competitive advantage without relinquishing control. If you're ready to embark on this journey, notivo can accompany you in making AI your ally—securely, confidently, and intelligently.
Sources
[1] Mashable (2025). All ChatGPT conversations to be saved as part of ongoing lawsuits… https://mashable.com/article/court-orders-openai-to-save-all-chatgpt-chats
[2] OpenAI (2024). How we’re responding to The New York Times‘ data demands in order to protect user privacy. https://openai.com/index/response-to-nyt-data-demands/
[3] The Neuron (2025). Your ChatGPT Logs Are No Longer Private (And Everyone’s Freaking Out). https://www.theneuron.ai/explainer-articles/your-chatgpt-logs-are-no-longer-private-and-everyones-freaking-out
[4] European Parliament (2024). EU AI Act: first regulation on artificial intelligence. https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence
[5] Kennedy’s Law (2025). OpenAI and the cross-border data dilemma: US litigation holds vs GDPR erasure obligations. https://kennedyslaw.com/en/thought-leadership/article/2025/openai-and-the-cross-border-data-dilemma-us-litigation-holds-vs-gdpr-erasure-obligations-ukeu/
