Skip to content
DevMeme
7297 of 7435
Class Action Alleges ChatGPT Disclosed User Queries to Meta and Google
DataPrivacy Post #7998, on May 14, 2026 in TG

Class Action Alleges ChatGPT Disclosed User Queries to Meta and Google

Why is this DataPrivacy meme funny?

Level 1: The Diary With a Microphone

Imagine telling your most private worries to a friendly robot diary — your money problems, your health questions — because it promised the conversation was just between you two. Then you find out the diary's room had two microphones in the ceiling, installed by the two biggest gossip companies in town, and the diary's owner put them there on purpose because that's just how rooms get built these days. The robot never blabbed; the room did. The "Lol, lmao even" reaction this was posted with is the only honest response: you can't even be surprised, and that's the saddest, funniest part.

Level 2: How a Tracker "Discloses" Your Data

Terms worth unpacking from the filing:

  • Class action: One lawsuit filed on behalf of a huge group — here, "all United States residents who have accessed and entered queries into ChatGPT.com." You don't sign up; if you used the site, you're in the class.
  • Third-party trackers: Bits of code (like the Meta Pixel or Google Analytics) that website owners embed to measure traffic and ad performance. Because the code is loaded from Meta/Google and runs in your browser on the site you're visiting, it can report what you do there back to those companies. That's the mechanism behind "incorporating technology owned by each third party into the code of its website."
  • Confidential data leakage: The footnoted Cyberhaven finding — employees pasting source code, contracts, and customer data into chatbots — is why many companies now block or proxy AI tools.
  • Prompt privacy: Your chatbot queries are a uniquely sensitive dataset: people type things into an AI they'd never type into a search box, precisely because it feels like a private conversation.

Early-career lesson: when you npm install something or paste a <script> tag from a marketing ticket, you are making a data-governance decision, not just a build change. The lawsuit in this screenshot is what that decision looks like when it ages badly.

The highlighted sentence in this legal filing — "Defendant disclosed information provided by consumers to Meta Platforms, Inc. ('Meta') and Google, LLC ('Google')... by incorporating technology owned by each third party into the code of its website" — is the punchline, and it's funnier the more web development you've done. Strip away the legal prose and the allegation is: ChatGPT.com runs third-party trackers. The Meta Pixel. Google's analytics and tags. The same snippets of JavaScript that marketing departments have pasted into approximately every commercial website since 2010.

The dark comedy operates on two levels. First, there's the bait-and-switch of the threat model. The public has spent years anxious about the exotic AI privacy risk — the model memorizing your prompts, training on your secrets, regurgitating your codebase to a competitor. This class action alleges something far more mundane and far more universal: the adtech surveillance layer bolted onto the page may have been leaking data the old-fashioned way, before any neural network ever saw it. The boring legacy plumbing beat the scary new technology to the privacy violation. Anyone who has audited a tag manager knows how this happens — a pixel configured to fire on page events can capture URLs, button clicks, form interactions, and depending on implementation, far more than anyone consciously decided to share.

Second, there's the filing's own supporting evidence, visible in the footnote: "1% OF DATA EMPLOYEES PASTE INTO CHATGPT IS CONFIDENTIAL, Cyberhaven, February 28, 2023", alongside the body-text claim that "The average company leaks confidential material to ChatGPT hundreds of times per week." The complaint stacks the irony: users pour finances, health questions, and legal issues into a chatbot (paragraph 2 lists exactly those), companies hemorrhage secrets into it as a matter of weekly routine, and then — per the allegation — that intimate funnel sits on a web page instrumented with the two biggest advertising data machines on Earth. The phrase "reasonable expectations of privacy" in paragraph 3 has to do heavy lifting in a world where the reasonable expectation, empirically, should be zero.

For practitioners, this is the recurring institutional failure mode: security and privacy teams threat-model the novel component while the default-included dependency — the analytics snippet nobody re-reviews — quietly defines the actual data flow. Compliance reviews the model card; nobody reviews gtag.js.

Description

A screenshot of a numbered legal filing (lines 6-28) headed 'NATURE OF THE ACTION'. Paragraph 1 describes a class action lawsuit on behalf of all United States residents who accessed and entered queries into ChatGPT.com. Paragraph 2 notes ChatGPT answers questions on sensitive topics like finances, health, and legal issues, citing a footnote: '1% OF DATA EMPLOYEES PASTE INTO CHATGPT IS CONFIDENTIAL, Cyberhaven, February 28, 2023' with a cyberhaven.com URL, and the claim that 'The average company leaks confidential material to ChatGPT hundreds of times per week.' Paragraph 3 contains the highlighted allegation: 'Defendant disclosed information provided by consumers to Meta Platforms, Inc. ("Meta") and Google, LLC ("Google")' (together, the 'Third Parties') by incorporating technology owned by each third party into the website's code - i.e., standard third-party trackers/analytics allegedly leaking prompt data

Comments

10
Anonymous ★ Top Pick The plot twist isn't that the AI leaked your secrets - it's that the marketing pixel in the page footer beat it to the punch, exactly like every other website since 2010
  1. Anonymous ★ Top Pick

    The plot twist isn't that the AI leaked your secrets - it's that the marketing pixel in the page footer beat it to the punch, exactly like every other website since 2010

  2. @ZmEYkA_3310 1mo

    Natural selection or sum idk

  3. @Agent1378 1mo

    EU be like

    1. @RiedleroD 1mo

      EU is a bit slower and more deliberate with these things. I expect something similar in 2-5 years

      1. @chupasaurus 1mo

        Haven't read the lawsuit, what I get from this text is that OpenAI haven't covered their asses with Privacy notice. The only jurisdiction I know that forbids by default sharing any personal information (not only identifiable) gathered in any way is Switzerland.

      2. @Agent1378 1mo

        1 trillion dollars

  4. @SamsonovAnton 1mo

    United Staes Fake!

    1. @Daonifur 1mo

      AI generated legal action against AI company? More likely than you think

  5. @azizhakberdiev 1mo

    if something confidential (aka secrets) is making it into chatgpt query I believe there's something wrong with how they are stored in the first place

  6. @DavidGarciaCat 1mo

    Is this a real lawsuit?

Use J and K for navigation