[molf]

It would help tremendously if OpenAI would make it possible to apply for zero data retention (ZDR). For many business needs there is no reason to store or log any request at all.

In theory it is possible to apply (it's mentioned on multiple locations in the documentation), but in practice requests are just being ignored. I get that approval needs to be given, and that there are barriers to entry. But it seems to me they mention zero-data retention only for marketing purposes.

We have applied multiple times and have yet to receive ANY response. Reading through the forums this seems very common.

[miles]

> I get that approval needs to be given, and that there are barriers to entry.

Why is approval necessary, and what specific barriers (before the latest ruling) prevent privacy and no logging from being the default?

OpenAI’s assurances have long been met with skepticism by many, with the assumption that inputs are retained, analyzed, and potentially shared. For those concerned with genuine privacy, local LLMs remain essential.

[AlecSchueler]

> what specific barriers (before the latest ruling) prevent privacy and no logging from being the default?

Product development?

[ArnoVW]

My understanding is that they log 30 days by default, for handling of bugs. And that you can request 0 days. This is from their documentation

[lcnPylGDnU4H9OF]

> And that you can request 0 days.

Right but the problem they're having is that the request is ignored.

[pclmulqdq]

The missing ingredient is money.

[jewelry]

not just money. How are you going to support this client’s support ticket if there is no log at all?

[ethbr1]

Don't. "We're unable to provide support for your request, because you disabled retention." Easy.

[krisoft]

You can still provide support too if you want to. You just need to ask the user what their query was, what response they got, and what response they would be expecting. You can then as the expert either spot their problem immediately, or you can run the query and see for yourself what is going on.

Sure it is a possibility that the ticket will end up closed as “unable to reproduce”, but that is always a possibility. It is not like you have to shut off all support because that might happen.

Plus many support requests are not about the content of the api responses but meta info surrounding them. Support can tell you that you are over the api quota limit even if the content of your prompt was not logged. They can also tell you if your request is missing a required parameter or if they have had 500 errors because of a bad update on their part.

[hirsin]

They don't care, they still want support and most leadership teams are unwilling to stand behind a stance of telling customers no.

[abeppu]

... but why is not responding to a request for zero retention today better than not being able to respond to a future request? They're basically already saying no to customers who request this capability that they said they support, but their refusal is in the form of never responding.

[belter]

If this stands I dont think they can operate in the EU

[bunderbunder]

I highly doubt this court order affects people using OpenAI services from the EU, as long as they're connecting to EU-based servers.

[glookler]

>> Does this court order violate GDPR or my rights under European or other privacy laws?

>> We are taking steps to comply at this time because we must follow the law, but The New York Times’ demand does not align with our privacy standards. That is why we’re challenging it.

[danielfoster]

They didn’t say which law (the US judge’s order or EU law) they are complying with.

[1vuio0pswjnm7]

"You can also request zero data retention (ZDR) for eligible endpoints if you have a qualifying use-case. For details on data handling, visit our Platform Docs page."

https://openai.com/en-GB/policies/row-privacy-policy/

1. You can request it but there is no promise the request will be granted.

Defaults matter. Silicon Valley's defaults are not designed for privacy. They are designed for profit. OpenAI's default is retention. Outputs are saved by default.

It is difficult to take the arguments in their memo ISO objection to the preservation order seriously. OpenAI already preserves outputs by default.

[lmm]

> In theory it is possible to apply (it's mentioned on multiple locations in the documentation), but in practice requests are just being ignored. I get that approval needs to be given, and that there are barriers to entry. But it seems to me they mention zero-data retention only for marketing purposes.

What's the betting that they just write it on the website and never actually implemented it?

[sigmoid10]

Tbf the approach seems pretty standard. Azure also only offers zero retention to vetted customers and otherwise retains data for up to 30 days to monitor and detect abuse. Since the possibilities for abuse are so high with these models, it would make sense that they don't simply give that kind of privilege to everyone - if only to cover their own legal position.