My Chatbot, My Confidant?” Protecting User Privacy in Generative AI Conversations

  • Panel
  • Class Room
  • Thursday 21.05 — 10:30 - 11:45

Organising Institution

AI.REGULATION.COM Chair, MIAI, University Grenoble Alpes

France

The Responsible AI Chair at Université Grenoble Alpes is a multidisciplinary initiative dedicated to the study of AI regulation, governance and conformity. Anchored in the Multidisciplinary Institute in Artificial Intelligence (MIAI) Cluster and associated with AI-Regulation.com, it explores the legal and policy frameworks shaping trustworthy AI, with particular expertise on the EU AI Act, the GDPR, platform regulation and the protection of fundamental rights. Recent research has also focused on virtual assistants and AI chatbots, including the confidentiality of user conversations, the treatment of highly sensitive disclosures, and the governance challenges raised by health-related uses of AI. The Chair also serves as a platform for dialogue between academia, regulators, industry and civil society on emerging AI challenges in Europe and beyond.
  • Business 3
  • Policy 3
Generative AI chatbots are rapidly becoming digital confidants for health worries, relationship crises, workplace dilemmas and even legal questions. Yet, unlike doctors or lawyers, these “AI listeners” offer no recognised privilege, and the intimate prompts they receive can be logged, mined for training, optimization and tomorrow advertising, accessed by employees, requested by law enforcement or pulled into discovery. This panel asks whether current data protection and procedural rules are enough when our inner lives are mediated by large language models. Bringing together a regulator, an industry leader, an academic and a practising lawyer, we will explore the reality behind privacy policies, the limits of GDPR, the government access risks, and the emerging calls for an “AI privilege” or privacy-by-design alternatives. How to build trust in Generative AI systems? How do we ensure talking to your chatbot never becomes a liability?

Questions to be answered

  1. Do existing EU data protection rules adequately protect intimate conversations with generative AI, or do we need a new legal regime?
  2. How can industry players realistically act as "guardians" of user privacy when their business models and technical improvements sometimes rely on accessing and training upon those very conversations?
  3. If a user’s chatbot history is requested in civil or criminal discovery, should courts treat these logs as standard electronic evidence or apply heightened protections?
  4. Is strong privacy-by-design a potential answer to such concerns?

Moderator

Theodore CHRISTAKIS

AI.REGULATION.COM Chair, MIAI, University Grenoble Alpes - France

Theodore Christakis is Professor of International, European and Digital Law at University Grenoble Alpes (France), Director of Research for Europe with the Cross-Border Data Forum, Member of the Board of Directors of the Future of Privacy Forum and a former Distinguished Visiting Fellow at the New York University Cybersecurity Centre. He is co- Chair with Héber Arcolezi on “Responsible AI: Design, Regulation and Conformity” at the Multidisciplinary Institute in Artificial Intelligence.

Speaker

Yann Padova

Wilson Sonsini Goodrich & Rosati - Belgium

Partner in the Brussels office of Wilson Sonsini Goodrich & Rosati