AI Privacy: What GDPR, CCPA and UK DPA 2026 Really Demand

Why AI privacy is now operational reality

Three developments make the topic unavoidable in 2026. First, the extraterritorial reach of GDPR has stopped being a theoretical exposure. Article 3 GDPR makes it explicit: any vendor or controller outside the EU that offers goods or services to EU residents, or monitors their behavior, must comply with the full regulation. That sweeps in US SaaS companies, UK firms after Brexit, and global AI vendors. The €1.2 billion fine against Meta in 2023 and the €15 million fine against OpenAI in late 2024 made clear that non-EU domicile is not a shield.

Second, AI has arrived in mid-market business. Representative surveys across Europe and North America in 2026 show that more than two-thirds of companies with 50 or more employees run at least one productive AI use case — many without formal governance. A single employee pasting an applicant’s CV into ChatGPT Free is, under GDPR Art. 28 and Art. 6, already a compliance incident. In the US, the equivalent event triggers CCPA disclosure obligations and, in regulated sectors, HIPAA, GLBA or SEC exposure.

Third, two regulatory regimes overlap from August 2026 onward. The EU AI Act (Regulation 2024/1689) classifies recruiting, credit and healthcare AI as high-risk and demands conformity assessment, bias testing and human oversight. In parallel, GDPR still applies in full. Penalties stack: up to 7 percent of global annual turnover under the AI Act and up to 4 percent under GDPR — cumulatively, not alternatively.

This guide does three things: a vendor comparison table for AI privacy with a dated snapshot, structured answers to the ten most asked privacy questions, and a 5-step compliance roadmap. What it explicitly does not do should be stated up front: it does not replace legal counsel, a conformity assessment for regulated industries, or a data protection impact assessment. The closing disclaimer makes that explicit.

Privacy posture of the major AI vendors, 2026

The table below shows the privacy posture of the five most relevant AI vendors in international markets, May 2026. It is the primary citation anchor of this guide — vendor settings change monthly, so before any contract: verify the vendor’s current documentation.

Three findings from the table deserve attention. First: no US frontier vendor offers a data processing agreement in the Free tier — any corporate use of personal data requires at least Team or Workspace tier. Second: training opt-out is opt-in from the user’s side at every US vendor — do nothing and you train the model. Third: only Mistral and Aleph Alpha offer genuine EU sovereignty in 2026 — Microsoft’s “EU Data Boundary” and various EU data-residency add-ons reduce the risk but do not eliminate CLOUD Act exposure, because the parent company remains subject to US compulsory process.

What does AI change about the GDPR situation?

GDPR has been in force since 2018 — AI was already in scope. What changes in 2026 is the practice. Three levers shift the risk: data volume (LLMs ingest every prompt), processing depth (training writes data into model weights), and reach (every employee is a potential controller).

Six GDPR provisions are hit especially hard. Art. 6 (Lawful basis) — every processing operation needs a basis: consent, contract, legitimate interest. For generative AI, legitimate interest is often the only viable option, but the balancing test must be documented. Art. 9 (Special categories) — health, religion, union membership, sexual orientation, biometric and genetic data may only be processed under narrow exceptions. Asking an LLM to sort patient correspondence triggers this immediately. Art. 13/14 (Information duties) — data subjects must know what is processed where. Art. 22 (Automated individual decisions) — decisions with legal effect against the data subject are forbidden without explicit consent. Art. 28 (Data processing agreement) — DPA duty. Art. 32 (Security of processing) — appropriate technical and organizational measures. Art. 35 (DPIA) — required for systematic and large-scale processing.

Crucial point: GDPR knows no “AI exemption.” It treats an LLM vendor like any other cloud provider. Two consequences follow. First, the mechanics (DPA, DPIA, data subject rights) are already familiar to most companies from Microsoft 365 or Salesforce procurement. Second, there are no concessions — only application. “But it’s just ChatGPT” is a category error: ChatGPT Free is, in regulatory terms, not a toy but a US cloud service with all attendant obligations.

GDPR vs CCPA vs UK DPA: a global mosaic

For internationally active companies, three regimes dominate in 2026 — with materially different design choices.

GDPR (EU + EEA, in force since 2018). Applies to anyone serving EU residents (Art. 3). Opt-in by default for most processing. Covers all personal data of natural persons. Fines: €20M or 4 percent of global annual turnover (Art. 83), whichever is higher. DPIA mandatory for high-risk processing (Art. 35). Comprehensive data subject rights including erasure (Art. 17), access (Art. 15), portability (Art. 20). DPAs with sub-processors are required.

CCPA / CPRA (California, since 2020/2023). Applies to for-profit entities that collect personal information of California residents and meet one of three thresholds (gross revenue above $25 million; data on 100,000+ California consumers; or 50 percent revenue from selling/sharing personal information). Opt-out by default for sale/sharing. Narrower scope: California residents only. Civil penalties up to $7,988 per intentional violation (CCPA 1798.155). Rights to know, delete, correct, opt out of sale, and limit use of sensitive personal information. The CPRA created the California Privacy Protection Agency as a dedicated enforcer in 2023.

UK Data Protection Act 2018 + UK GDPR. Mirrors GDPR closely post-Brexit, with the Information Commissioner’s Office (ICO) as supervisor. Same maximum fine structure (£17.5 million or 4 percent of turnover). The UK has signaled a slightly less prescriptive stance on AI than the EU — the ICO’s 2024 guidance on generative AI is principles-based rather than rule-based. International transfers between the UK and the EU rely on the European Commission’s adequacy decision (renewed 2025, valid through 2031).

Other regimes worth knowing. Brazil’s LGPD (2020) closely follows GDPR. Canada’s Quebec Law 25 (2023) introduces consent and DPIA rules. India’s DPDPA (2023) and China’s PIPL (2021) add further layers — PIPL in particular restricts cross-border data export significantly.

A pragmatic frame for global SaaS teams: build to GDPR as the most stringent default, layer in California-specific notices for CCPA, and treat UK and other regimes as marginal adjustments. Designing for the weakest regime first creates retrofit costs later.

A note on US transfers: the EU-US Data Privacy Framework (DPF) replaced Privacy Shield in 2023. It permits transfers to certified US companies but remains under legal challenge — Schrems III is widely expected. For maximum legal certainty, US processors should be backed by Standard Contractual Clauses (SCCs) as a fallback, regardless of DPF certification.

What data do ChatGPT, Claude and Gemini actually store?

The honest answer varies by vendor and tier. As of May 2026:

OpenAI ChatGPT. Free and Plus store chats by default and use them for model training. “Temporary Chat” removes the history entry, but the backend keeps the conversation 30 days for abuse detection. Team and Enterprise: no use for training (contractually fixed in the DPA); retention per workspace configurable between 0 and 30 days. The Memory feature additionally stores user-profile data — opt out under Settings → Personalization → Memory.

Anthropic Claude. Free conversations are stored 30 days by default and may be used for training and safety research. Workspace and Enterprise: no training on inputs, configurable retention. Anthropic has publicly committed that paid-tier conversation data does not contribute to model improvement — but this applies explicitly to paying tiers only.

Google Gemini. Free accounts retain activity up to 18 months (standard) and use it for training. Workspace accounts have training disabled by default — EU data residency is available on Business+/Enterprise. Important: Gemini Free conversations are additionally reviewed by human annotators, as Google itself documents. Sensitive content does not belong there.

Mistral Le Chat. Le Chat Pro stores conversations only for delivery, no training on customer data as default. Le Chat Free: limited privacy posture, no full DPA — verify before corporate use.

Aleph Alpha. GDPR-first design: no training on customer data, German servers, full DPA standard. Trade-off: smaller model performance than US frontier models, but for regulated industries often the only viable path.

A detail often overlooked: even when training is off, the vendor retains logs (typically 30 days) for security and abuse detection. This data is also covered by GDPR — the DPA must address it.

When do I need a data processing agreement (DPA)?

Short answer: whenever personal data can flow into a prompt. In practice this happens faster than people expect. An employee who pastes an applicant email into ChatGPT to draft a reply — DPA required. A sales assistant typing customer names into a marketing-text generator — DPA required. Even processing your own employee data (work emails, personnel records) via an LLM is DPA-bound.

A GDPR Art. 28 DPA must address eight points:

1. Subject matter and duration of processing
2. Nature and purpose (e.g., “text generation based on user prompts”)
3. Type of personal data (e.g., “names, contact details, free-text inputs”)
4. Categories of data subjects (employees, customers, third parties)
5. Rights and obligations of the controller (i.e., your company)
6. Technical and organizational measures (TOMs) of the processor
7. Sub-processor list with approval rights
8. Deletion and return obligations at contract end

The major vendors offer standardized DPAs: OpenAI Enterprise DPA, Anthropic Commercial DPA, Google Workspace Data Processing Amendment, Microsoft Online Services DPA. In free tiers, every US vendor refuses to sign a DPA — that is a showstopper for any corporate use of personal data.

Three audit checkpoints. First, the sub-processor chain — if OpenAI uses Microsoft Azure, and Microsoft uses its own sub-processors, the responsibility chain compounds. Second, the data residency clause — “EU Data Boundary” is not the same as “processing exclusively in the EU”; some vendors permit US fallback during load spikes. Third, termination and insolvency clauses — what happens to your data when the contract ends or the vendor goes bankrupt? Many standard DPAs are silent on the insolvency case.

Standard Contractual Clauses (SCCs). For non-EEA processors, the 2021 EU SCCs are mandatory after the Schrems II ruling (2020) invalidated Privacy Shield. The current OpenAI and Anthropic DPAs include the SCCs as annexes; verify this before signing.

How do I opt out of training? (Per-tool guide)

Three caveats up front. First, opt-out applies only from the moment of activation — data already trained on cannot be retracted. Second, opt-out is available in most free tiers but does not cover every feature (e.g., Memory). Third, opt-out alone is not legally sufficient without a DPA — it is a hygiene minimum, not a substitute.

ChatGPT (OpenAI):

• Settings → Data Controls → “Improve the model for everyone” off
• Settings → Personalization → Memory off (or delete individual memories)
• Use Temporary Chat for sensitive conversations (no history, but 30-day backend retention still applies)

Claude (Anthropic):

• Settings → Privacy → Data Sharing → “Help improve Claude” off
• For Workspace accounts: additionally verify admin settings — training is default off

Gemini (Google):

• myactivity.google.com → “Gemini Apps Activity” off
• Alternative: use a Workspace account — training is default off, EU data residency on Business+/Enterprise

Microsoft Copilot:

• M365 tenant: Admin Center → Settings → Copilot → “Allow Microsoft to use my prompts to improve Copilot” off
• Default since 2025: off for Business and Enterprise tenants

Mistral Le Chat:

• Le Chat Pro: default no training
• Verify under Settings → Privacy

Practical note: these settings must be set per account. For 50 employees, this is organizationally fragile without centralized tool management. Anyone serious about it should document the settings in the onboarding checklist and re-check them in the annual privacy audit.

Which AI providers have real EU hosting?

A clean terminology helps. EU hosting means the servers are physically located in the EU. EU data residency means the data processing happens in EU data centers, but the vendor may be headquartered outside. EU-compliant is the legal assessment — and it is not automatic from hosting or residency, because the CLOUD Act allows US authorities to compel data from US companies even when stored in the EU.

In 2026, three tiers emerge:

Tier 1 — EU hosting plus EU parent company (highest sovereignty):

• Mistral AI (Paris, France): Le Chat Pro and La Plateforme API, EU hosting by default
• Aleph Alpha (Heidelberg, Germany): Luminous models, on-prem optional, GDPR-first design
• DeepL (Cologne, Germany): Translator and Write — not a frontier LLM but GDPR-compliant for translation and style
• Black Forest Labs (FLUX), Helsing, Stability AI (UK parent, not fully EU)

Tier 2 — EU data residency with US parent (good, but CLOUD Act exposure):

• Microsoft 365 Copilot with EU Data Boundary
• Azure OpenAI Service in EU regions (West Europe, North Europe, France Central, Sweden Central)
• ChatGPT Enterprise with EU data residency add-on (since February 2024)
• Google Gemini Workspace with EU data residency
• Anthropic Claude via AWS Bedrock EU regions

Tier 3 — global hosting, no reliable EU protection:

• ChatGPT Free / Plus
• Claude Free
• Gemini Free / Apps Activity
• Perplexity Free
• Free tiers of most US vendors

For most SMBs, Tier 2 is a defensible compromise — frontier model quality is usually only available there, and CLOUD Act residual risk can be reduced further by pseudonymizing sensitive data before the LLM call. For industries with elevated protection requirements — healthcare, justice, defense, critical infrastructure — Tier 1 remains the safe harbor. The trade-off: smaller models, less multimodal depth, fewer ecosystem integrations.

Can I put personal data in prompts?

Short answer: it depends on which data and which tier. Long answer:

Your own data (your professional email, your CV): yes, anytime — you are the data subject.

Employee data (reviews, sickness data, salary structures): only in Enterprise tier with DPA, EU data residency and a defined purpose. A DPIA is likely required.

Customer data (names, contact details, contracts): Enterprise tier with DPA, anonymization before input where possible. A privacy notice to customers is recommended when AI participates in processing.

Applicant data (CVs, cover letters, interview notes): sensitive. Recruiting AI is high-risk under the EU AI Act. Conformity assessment, bias audit and explicit applicant consent are mandatory. Tools like HireVue and Pymetrics have faced multiple EU enforcement actions between 2024 and 2026.

Special categories under Art. 9 (health, religion, sexual orientation, union membership, biometric, genetic): never in free-tier prompts. Even in Enterprise tiers, only with explicit legal basis under Art. 9(2) GDPR — typically consent or statutory authorization. In practice: sensitive patient, member or HR data belongs only with EU hosting vendors (Mistral Pro, Aleph Alpha) or on-prem LLMs.

Rule of thumb: if you would not send the dataset to a US cloud vendor without legal counsel, it does not belong in ChatGPT Plus either. The change of medium does not change the regulatory status.

What happens if I violate GDPR?

GDPR provides two fine tiers (Art. 83):

• Tier 1 — up to €10M or 2 percent of global annual turnover (higher value): breaches of formal duties such as DPA, DPIA, notification
• Tier 2 — up to €20M or 4 percent of global annual turnover: breaches of principles, legal bases, data subject rights, special categories

In practice, the fine is calibrated against 13 criteria (Art. 83(2)): nature and severity, intent or negligence, mitigation, cooperation with the authority, repetition, technical and organizational measures. For SMBs, realistic exposure is €5,000 to €250,000 per incident — depending on data volume. For large enterprises, two-digit-million figures are reached (Meta €1.2 billion in 2023, TikTok €345 million in 2023, OpenAI €15 million in 2024).

Three further risk channels stack on top:

1. Damages under Art. 82 — data subjects can claim material and non-material damages. The European Court of Justice clarified in 2023 (Case C-300/21) that even loss of control over one’s own data can constitute compensable harm.
2. Class actions and consumer-protection enforcement — especially in B2C deployments. In the US the analogous pressure comes from CCPA private rights of action and the FTC’s Section 5 authority.
3. Reputational damage — Italy’s ChatGPT block in March 2023 cost OpenAI weeks of negative headlines.

And from 2026 onward: EU AI Act penalties stack on top for high-risk applications — up to €35M or 7 percent of global annual turnover. These tiers are cumulative: a biased recruiting AI deployed without a DPIA and without a DPA can be sanctioned under both regimes in parallel.

In the US, CCPA imposes civil penalties of $2,663 per unintentional violation and $7,988 per intentional violation or violation involving a minor. The California Privacy Protection Agency (CPPA), created by CPRA in 2023, is actively enforcing — Sephora paid $1.2 million in 2022, the first major CCPA enforcement action.

EU AI Act vs GDPR: where do they overlap?

The short form: GDPR governs what happens to data. The EU AI Act governs what models may do. They complement each other; they do not substitute.

What both do:

• Risk-based approach (GDPR: risk to data subjects; AI Act: risk of the system)
• Mandatory impact assessment (GDPR: DPIA Art. 35; AI Act: Fundamental Rights Impact Assessment for high-risk)
• Human oversight requirements (GDPR: Art. 22 for automated decisions; AI Act: Art. 14 for high-risk)
• Documentation and transparency duties

What only GDPR governs:

• Lawful basis for every data processing operation
• Data subject rights (access, rectification, erasure)
• Data processing agreements (Art. 28)
• 72-hour breach notification (Art. 33)

What only the EU AI Act governs:

• Prohibition of specific AI practices (social scoring, manipulative subliminal techniques, real-time biometric identification in public spaces)
• Conformity assessment for high-risk systems (CE marking)
• GPAI obligations for general-purpose AI providers
• Transparency duties for generative content (watermarks, deepfake labeling)
• AI literacy training duty (Art. 4) — in force since 2 February 2025

Practical consequence: anyone deploying AI in a high-risk domain in 2026 needs dual documentation — a DPIA under GDPR and a conformity assessment under the AI Act. The substance overlaps (risk analysis, technical measures), but the formal separation must be clean. The EU AI Act cluster hub: EU AI Act (expanding through summer 2026).

Related topics

For the broader risk context, see AI Risks: The Complete 2026 Guide — privacy is one of ten risk fields there, ranked alongside hallucinations, bias and copyright. The regulatory frame sits in EU AI Act, which defines the high-risk classification that applies to recruiting, credit scoring and medical AI in parallel with GDPR. The bias dimension is treated in depth in Bias and Fairness — especially the GDPR Art. 22 interaction with automated individual decisions.

For the everyday angle, AI in everyday life outlines which tools carry which risk in which context. Industry-specific depth lives in the use-case hubs — most relevantly Healthcare and Medicine, where Art. 9 GDPR, MDR conformity and HIPAA overlap, and HR and Recruiting, where the AI Act high-risk regime intersects with EEOC and AGG-style anti-discrimination law. Software and IT covers vendor due diligence and the supply-chain question for AI providers.