The Training Opt-Out Becomes the Consent Interface
AI training consent is becoming a product setting. The question is no longer only what data a model was trained on. It is who had to find the toggle, what the toggle covered, whether the default mattered, and whether refusal arrived before the data became model memory.
A real training-consent interface separates service processing, saved memory or personalization, model improvement, and retention or deletion. The toggle is only one layer of that record.
From Policy to Switch
The consent interface for AI training is not a courtroom doctrine, model card, or press release. For many people it is a setting buried inside a product.
A user posts on a social network, writes professional updates, chats with an assistant, sends messages inside a workplace platform, joins a video call, uploads files, edits a document, or asks a model for help with personal work. Somewhere downstream, that activity may become product improvement data, safety training data, personalization data, retrieval context, evaluation material, abuse-detection material, or general model-training material. The practical boundary between use and training is then translated into interface grammar: on, off, object, allow, improve, personalize, exclude, retain, delete.
For this essay, a training opt-out is a product or account control that tells a provider not to use specified account, content, interaction, or feedback data for specified model-training or model-improvement purposes after a defined point. It is not the same as consent. It is not deletion. It is not a guarantee that an already trained model can be untrained. It may not stop service operation, inference-time processing, abuse detection, safety review, legal compliance, product personalization, human review, connector access, or use of aggregated and de-identified data. Those distinctions are the core of training-data governance, AI memory and personalization, and contextual integrity.
A complete control should distinguish at least four layers: collection and use needed to provide the feature, inference-time use by a model or vendor, later training or evaluation reuse, and retention of source and derived records. A switch that turns off one layer should not imply that the others stopped too.
The governance unit is the consent-state record, not the toggle: actor, authority, data class, purpose, legal basis, product tier, region, timestamp, notice version, retention consequence, downstream propagation, and audit evidence. A setting is usable only if those fields exist behind it.
That translation matters. Consent is not only a legal status. It is a designed experience. The placement of the option, the default state, the wording, the number of clicks, the account type, the regional rule, the age rule, the effect on old data, and the treatment of safety review all shape whether refusal is real.
The old privacy notice was already weak because few people read it and fewer could negotiate it. The AI training toggle adds a new weakness. It can make extraction feel participatory while leaving the deepest questions unanswered: what exactly counts as training, which models are covered, which affiliates or subprocessors receive data, whether data already used can be removed, whether enterprise data is treated differently from consumer data, and whether the user can verify the result. The problem is continuous with the cookie-banner consent machine: the interface may record a signal without proving that the underlying bargain was understandable or fair.
Current Context
As reviewed on June 24, 2026, AI training choices are no longer one policy question. They vary by region, product tier, account type, feature, age signal, data category, and legal basis. A public social post, private chatbot conversation, resume field, group message, feedback report, workplace transcript, or uploaded file may sit under different rules even when the user sees only one brand.
The current pattern is a matrix of user-facing settings, legal bases, account tiers, product features, jurisdictions, retention states, and downstream artifacts. Vendor help pages are evidence of stated commitments at a point in time. They are not proof that every model pipeline, feedback queue, affiliate transfer, or subprocessor integration enforces the same boundary.
Meta's 2025 European announcement says it planned to train AI at Meta on public content shared by adults in the EU, such as public posts and comments, and on people's interactions with Meta AI, while providing notifications and an objection form. It also says private messages with friends and family are not used to train Meta's AIs unless someone chooses to share those messages with AI features, and that public data from EU accounts under 18 is not used for that training purpose. The practical point is not that every Meta data use is identical in every region. It is that public/private, adult/minor, AI-interaction/non-AI-interaction, and objected/not-objected become separate governance states.
LinkedIn's current help pages show the same fragmentation more explicitly. The "Data for Generative AI Improvement" setting is on by default unless a member turns it off. Turning it off stops LinkedIn and affiliates from using LinkedIn-provided data and content to train content-generating AI models going forward, but LinkedIn says it does not affect training that has already taken place, does not govern every safety or personalization model, and does not cover some feedback uses. LinkedIn's 2025 update also says members in the EU, EEA, Switzerland, the UK, Canada, and Hong Kong were brought into content-generating AI model training on November 3, 2025, with profile details and public LinkedIn content in scope, private messages excluded, and legitimate interest named for that purpose.
OpenAI's data-control materials show another common split. For individual services such as ChatGPT and Codex, OpenAI says it may use content to train models unless the user opts out through data controls or the privacy portal; once opted out, new conversations are not used for model training. Temporary Chats are not saved to history, do not create memories, and are not used for training, though they may be reviewed for abuse monitoring. OpenAI's current help pages also warn that data retention for certain services may be affected by recent legal developments, which matters because "not used for training" and "deleted after 30 days" are separate operational claims. For business products such as ChatGPT Business, ChatGPT Enterprise, and the API Platform, OpenAI says inputs and outputs are not used for training by default unless an organization explicitly opts in. Feedback and some Codex full-environment settings can still create separate training paths, which is why a model-training switch should not be read as the whole data-governance interface.
Anthropic's consumer privacy materials draw a different line. For Claude Free, Pro, and Max accounts, including use of Claude Code from those accounts, Anthropic says chats and coding sessions may be used for model improvement if the user chooses to allow it, if conversations are flagged for safety review, or if the user otherwise explicitly opts in. Its 2025 consumer-terms update also ties the training choice to retention: data allowed for model training can be retained for five years for new or resumed chats and coding sessions, while users who do not choose that option keep the existing 30-day retention period. Its privacy center also treats feedback as a separate path that can store the related conversation for up to five years and may be used to train models as permitted by law. That is an important design lesson: a training switch can quietly be a retention switch too.
Workplace tools add another layer. Slack says it will not use customer data to train generative AI models unless the customer affirmatively opts in, while still describing non-generative service-learning and search-personalization uses. Zoom says AI Companion data may be processed to provide and maintain the service, and that customer communications-like content is not used to train Zoom or third-party AI models; the same support page explains that relevant content can still be sent to model providers to provide the feature. "No training" is therefore not "no processing." It is one promise inside a broader vendor, inference, retention, and admin-control arrangement.
The public-documentation layer is also hardening. Under the EU AI Act framework for general-purpose AI models, providers must document model information, put in place a copyright-compliance policy, and publish a sufficiently detailed summary of the content used for training. The European Commission describes the General-Purpose AI Code of Practice as an adequate voluntary tool for showing compliance with the AI Act's transparency, copyright, and safety obligations. That does not give an individual a universal training veto. It raises the evidentiary baseline: providers should be able to say what training content classes exist, what exclusions or rights reservations they honor, and where those choices are documented.
Copyright rights reservation is a separate layer from personal data consent. The EU Copyright in the Digital Single Market Directive's Article 4 text-and-data-mining exception applies only where rightholders have not expressly reserved their rights in an appropriate manner; for publicly available online content, the directive points to machine-readable means. The AI Act then requires general-purpose AI model providers to identify and comply with those reservations through copyright-compliance policies. That is not the same as a user account setting. It is a rights-holder and provenance problem that still has to connect to crawlers, datasets, licensing records, and training summaries.
The Scope Map
A training opt-out is meaningful only if the interface supplies a scope map. Before a user or administrator is asked to choose, the product should answer seven questions: who is choosing, what authority the choice comes from, what data is covered, what model or processing purpose is excluded, when the choice takes effect, where the signal travels, and what proof exists.
Actor. A personal account, parent or guardian, enterprise administrator, contractor, classroom, creator, or public-page owner may not have the same power to refuse. In workplace and school systems, the person whose data is used may not be the person who controls the contract.
Authority. A privacy opt-out, GDPR objection, copyright rights reservation, contract clause, enterprise admin setting, child-protection rule, account deletion, and product preference are different instruments. They may point in the same direction, but they are not interchangeable.
Data. Public posts, private messages, AI chats, uploaded files, feedback, resumes, group messages, connector content, metadata, transcripts, documents, and support tickets should not be collapsed into one "your data" label. Each category needs its own inclusion, exclusion, retention, and deletion rule.
Purpose. Pretraining, fine-tuning, evaluation, safety classifier training, abuse detection, personalization, retrieval, search ranking, human review, and inference-time processing are different uses. A setting that excludes content-generating model training may still leave other AI or machine-learning systems active.
Time. Future exclusion is not the same as retroactive deletion or machine unlearning. A clear interface should say whether the choice applies to data already collected, retained training sets, feedback stores, evaluation datasets, resumed conversations, and models already trained or already in training.
Propagation. A refusal should travel to affiliates, subprocessors, vendors, model providers, enterprise workspaces, regional data stores, derived datasets, and audit logs where applicable. Without propagation, the toggle records a preference but does not govern the pipeline.
Proof. The system should produce evidence: notice version, setting state, actor, timestamp, covered data categories, dataset-exclusion marker, vendor or affiliate propagation status, retention consequence, and refusal-path test result.
The Platform Default
Social and professional platforms show the pattern clearly.
Meta's 2025 European announcement gives one form of the platform default. It says Meta planned to train AI at Meta on public content shared by adults in the EU and on people's interactions with Meta AI, while sending notices and linking to an objection form. It also says private messages with friends and family are excluded unless someone chooses to share those messages with AI features, and that public data from EU accounts under 18 is not used for that training purpose. Those distinctions are the consent interface: public versus private, adult versus minor, AI interaction versus ordinary interaction, future objection versus prior ingestion.
LinkedIn's public help pages use a similar interface vocabulary. Its "Data for Generative AI Improvement" setting applies to training and improving content-generating AI models, but the page says it does not apply to other AI models used for personalization, security, safety, or anti-abuse purposes. Its FAQ lists group activity and group messages among content-generating model-training categories while excluding private messages, which makes "messages" too broad a label for governance. LinkedIn also distinguishes regions and legal bases. Its support materials describe opt-out choices in some regions and separate objection paths for other AI or machine-learning training uses.
Those carefully worded pages exist because of what happened in September 2024 and what followed. LinkedIn switched on the generative-AI training setting for members by default and began processing their data before updated privacy terms took effect. After public criticism and engagement by the UK's Information Commissioner's Office, LinkedIn suspended such model training for UK users pending further engagement. The ICO later said LinkedIn had decided to resume its plans after improving transparency material, simplifying the objection path, and providing a longer window. By November 3, 2025, LinkedIn's own help materials said it started using some member data in the EU, EEA, Switzerland, the UK, Canada, and Hong Kong to train content-generating AI models, with opt-out settings and legitimate interest framing in the relevant regions.
These details are not footnotes. They are the system.
A user may think they are answering one plain question: may this company use my data to train AI? The product may actually be answering several narrower questions: may this data be used for content-generating models; may interactions with AI features be used; may public profile data be used; may safety systems learn from flagged content; may affiliates use the data; may personalization systems continue learning; may past data remain in a training environment; may de-identified or aggregated information continue circulating?
The more fragmented the answer, the more the toggle becomes a consent ritual rather than a map.
The Chatbot Memory Problem
Chatbots make the problem more intimate because the training material is not only public performance. It is conversation.
Anthropic's privacy center says its consumer products, including Claude Free, Pro, and Max, may use chat and coding session data for model improvement when a user enables Model Improvement in privacy settings. It describes the covered data broadly: the related conversation, files, custom styles, conversation preferences, and data collected when using Claude for Chrome. It also says Incognito chats are not used to improve Claude even if Model Improvement is enabled, and distinguishes consumer products from commercial products and API usage.
OpenAI's Data Controls FAQ names the same separation from another angle: turning off "Improve the model for everyone" keeps ChatGPT conversations in history but excludes them from model training; Temporary Chats are deleted after 30 days, do not create memories, and are not used to train models. OpenAI's current help pages separately carry a legal-development caveat for retention in certain services. OpenAI's broader data-use page also says feedback may still be used for training even after a user has opted out, and that Codex full environments have separate controls. The governance lesson is that chat history, memory, feedback, temporary mode, business defaults, abuse review, full-environment access, and model training are distinct switches even when they appear in the same settings area.
Those distinctions are useful. They are also evidence that the governance surface has moved into account design. The same person's words may receive different treatment depending on whether they are using a consumer account, enterprise account, API, browser extension, incognito mode, flagged safety review path, or feedback mechanism. A privacy boundary that appears to belong to the person may actually belong to the product tier.
This is not a minor issue for model-mediated knowledge. A chatbot conversation can contain draft emails, family conflict, code, diagnosis questions, contract language, religious doubt, political uncertainty, workplace strategy, passwords accidentally pasted, private documents, and evidence of vulnerability. Even when a company does not use those conversations for general model training, it may still process them for abuse detection, safety review, service operation, debugging, or legal compliance. Those uses can be legitimate, but they should not be hidden under a cheerful "help improve" frame.
The training opt-out therefore has to be read alongside retention, deletion, memory, feedback, safety review, enterprise controls, and connector permissions. Memory is not the same thing as training data: a product may remember facts about a user without training a foundation model, and a provider may train on selected conversations without making those conversations visible as user memory. A model-improvement switch is not a complete privacy interface.
The Workplace Boundary
Workplace products expose a different fault line: users often do not control the contract.
Slack's privacy principles distinguish generative AI from non-generative AI and say Slack will not use customer data to train generative AI models unless the customer affirmatively opts in. The same page says Slack may analyze customer data for global AI and machine-learning models in areas such as channel and emoji recommendations and search results, and that customers can opt out of customer data helping train Slack global models. Zoom's AI Companion materials take a stronger headline position: Zoom says it does not use audio, video, chat, screen sharing, attachments, or other communications-like customer content to train Zoom or third-party AI models.
These commitments matter because workplace data is not ordinary consumer content. It includes internal strategy, personnel issues, legal discussions, customer records, security incidents, unpublished research, source code, sales pipelines, and private worker speech. The individual employee usually cannot negotiate the data-processing addendum. Their practical protection comes from the employer's procurement choices, administrative controls, vendor promises, audit rights, and internal policy.
That makes the workplace opt-out a governance object, not a personal preference. A worker may be told not to paste secrets into unauthorized tools while sanctioned collaboration platforms quietly add AI features. The organization may disable model training but enable summarization, search, transcription, memory, analytics, or third-party model processing. The boundary is not simply "training" versus "no training." It is whether institutional speech becomes reusable signal, searchable memory, vendor-accessible context, or behavioral evidence.
A mature policy should therefore ask more than whether a vendor trains foundation models on customer content. It should ask what data is sent to models at inference time, what is retained, what humans can review, what subprocessors can see, what metadata is used for improvement, how opt-outs are recorded, and whether workers understand the difference between service operation and model training. Those answers belong in vendor governance, tool-permission records, and AI contact disclosures, not only in employee etiquette memos.
Why Opt-Out Is Not Consent
Opt-out can be lawful and still weak.
The European Data Protection Board's 2024 opinion on AI models says legitimate interest can be assessed for AI model development and deployment, but only through a structured analysis of the interest, necessity, and the balance with people's rights and freedoms. The opinion also says anonymity claims for AI models need case-by-case assessment, and that unlawful processing during model development can affect later deployment unless the model has been duly anonymized. The opinion is important because it rejects both lazy extremes: it does not say personal data can never be used for AI development without consent, and it does not treat "legitimate interest" as magic words that make a training pipeline harmless.
A GDPR objection based on legitimate interest is not consent. Consent, objection, withdrawal, contract, and rights reservation are separate mechanisms. Treating "you can opt out" as if it meant "you consented until you found the switch" reverses the burden of governance.
In the United States, the Federal Trade Commission has repeatedly warned that interface design can subvert privacy choice. Its dark-patterns report describes designs that obscure, impair, or manipulate consumer decision-making, including privacy choices that steer people toward sharing more data. Its 2024 social media and video streaming report found that major companies collected large amounts of information, used it for automated systems, and generally offered weak or incomplete controls over data use.
The AI training opt-out sits directly inside that problem. If the default is on, the burden is on the user. If the setting is hard to find, the burden is larger. If the label says "improve AI" but does not explain training, retention, affiliates, scope, or past data, the user is not making an informed choice. If refusal applies only to future data, the opt-out is a door after the room has been copied. If the same setting excludes one model class but not personalization, safety, ads, or other machine-learning systems, the user may misunderstand the boundary.
There is also a collective-action failure. The value of training data comes from populations, not isolated individuals. One person's refusal may protect some future use of their own data, but it does not stop the model from learning the social patterns of their profession, community, dialect, network, neighborhood, or workplace through others. That does not make individual choice useless. It means individual choice cannot carry the whole governance burden.
A Governance Standard
A serious AI training consent interface should meet a higher standard than "there is a toggle somewhere."
First, defaults should match sensitivity. Public posts, private messages, workplace documents, child data, health data, biometric data, code, legal material, and intimate chatbot conversations should not be treated as one consent class.
Second, settings should name the actual use. "Improve products" is too broad. Interfaces should distinguish foundation-model training, product-specific improvement, safety model training, abuse detection, personalization, retrieval, human review, evaluation, and feedback analysis.
Third, opt-outs should be scoped and durable. Users and administrators need to know whether a choice applies to future data, past retained data, interactions with AI features, uploaded files, public posts, metadata, affiliates, subprocessors, and derived datasets.
Fourth, refusal should not require detective work. A privacy choice that matters should be reachable from the relevant feature, account privacy settings, and notice emails. It should not depend on a user reading support pages after public controversy.
Fifth, enterprise controls should be auditable. Organizations need records showing which AI features were enabled, what data categories were processed, what training exclusions applied, which subprocessors were used, and what changed over time.
Sixth, deletion should be honest about model memory. If removing a source record does not remove its influence from an already trained model, the interface should say so plainly. Future exclusion is not retroactive forgetting.
Seventh, withdrawal should propagate. A training opt-out, deletion request, account closure, data-processing objection, child-protection flag, or copyright exclusion should travel into training pipelines, retained datasets, feedback stores, evaluation sets, fine-tuning jobs, affiliate transfers, and vendor copies where applicable. That is the same discipline required for deletion-order governance.
Eighth, legal basis should be visible. Consent, legitimate interest, contractual necessity, service operation, safety review, and legal compliance are different claims. The interface should not blur them into one "improve AI" invitation.
Ninth, collective harms should not be delegated to individual toggles. Opt-outs protect individuals only partially when model value comes from populations. Dialects, professions, communities, workplaces, and social networks require data-minimization and purpose-limitation rules, not only personal preference switches.
Tenth, regulators should treat interface design as AI governance. A model-training pipeline can be shaped as much by defaults and dark patterns as by architecture. Consent quality belongs in audits, enforcement, procurement, risk assessments, public registers, and incident reporting. The record should connect to transparency infrastructure, AI governance, and AI incident reporting.
Eleventh, systems should issue a consent-state receipt. The user, administrator, auditor, and regulator should be able to see the timestamp, policy version, covered data classes, excluded purposes, affected models or pipelines, regional basis, retention consequence, and downstream propagation status. A preference without a receipt is hard to enforce.
Twelfth, privacy opt-outs should not be confused with rights reservations. A personal account setting for chats or platform posts is not the same as a copyright notice, a data license, a robots directive, or a publisher's machine-readable reservation. They may interact, but they answer different questions. The interface should keep those layers separate and connect them through provenance, data-sheet documentation, and AI copyright governance.
Thirteenth, feedback and safety exceptions should be visible at the point of action. If thumbs-up feedback, support contact, flagged safety review, or trust-and-safety escalation can create a review or training path outside the main opt-out, the interface should say so before the user submits the material.
Fourteenth, test the refusal path end to end. A trustworthy opt-out program should run live propagation tests: set the preference, submit new content, export or inspect the consent-state record, verify the data is excluded from training inputs and feedback queues where promised, check downstream vendors or affiliates, and confirm deletion or retention consequences. The test should fail loudly when a new feature creates an ungoverned path around the setting.
Fifteenth, minimization should be purpose-by-purpose. A provider should not justify broad model-improvement reuse by pointing to a narrower service purpose. The California Privacy Protection Agency's data-minimization advisory frames collection, use, retention, and sharing against each purpose; training interfaces should apply the same test to prompts, files, feedback, memories, telemetry, support tickets, and derived records.
What This Changes
The training opt-out is where an invisible transformation becomes a user interface.
No one sees their sentence become a gradient update. No one watches a public post become a statistical trace. No one can look at a model and identify every workplace joke, support ticket, profile line, chat confession, or product review that helped shape its behavior. The interface has to stand in for a process the user cannot inspect directly.
That makes the toggle politically larger than it looks. It is a small control placed at the entrance to a machine that converts ordinary life into reusable model capability. If the control is vague, late, partial, or manipulative, the user is not consenting to that conversion. They are being given a symbol of agency after the architecture has already decided what kind of agency is convenient.
The answer is not to ban every training use of user data. Some learning from user interaction can improve safety, accessibility, localization, error correction, and usefulness. But useful learning still needs institutional discipline: clear categories, sensitive defaults, durable records, real refusal, retention limits, worker protections, child protections, and audit paths.
AI systems are built from traces. The ethics of those traces cannot be reduced to a switch labeled "improve AI."
A real consent interface should make the bargain visible before the bargain is complete.
Source Discipline
This article treats vendor privacy centers, help pages, support pages, and terms updates as evidence about stated product commitments at the review date, not as proof that any particular deployment is lawful, fair, secure, or technically sufficient. Vendor statements also change by region, account type, product tier, feature rollout, and contract.
Source discipline for training opt-outs means comparing several layers: the account setting, the formal privacy notice, the regional legal basis, the terms update, regulator statements, retention rules, deletion rules, feedback rules, child or teen protections, workplace admin controls, and subprocessors. It also means separating model training from inference-time processing, personalization, memory, search, safety review, abuse detection, human review, and customer support. A "not used to train models" commitment may be meaningful and still leave other processing questions open. A "right to object" or "training data summary" may be meaningful and still not be a consumer-facing opt-out.
For provider claims, quote the exact product, tier, region, data class, and date. A help page for one consumer tier should not be generalized to enterprise, API, education, workplace, or third-party connector deployments. A current claim should also note exceptions such as feedback, safety review, support contact, legal holds, subprocessors, and retention caveats.
The strongest evidence comes from records that can be audited: source provenance, purpose records, opt-out logs, retention and deletion logs, model or dataset lineage, vendor contracts, data-protection impact assessments, copyright-compliance policies, public training-content summaries, and regulator correspondence. Related work on AI data licensing, data minimization, data clean rooms, and AI bills of materials is part of the same evidence discipline.
Current factual claims in this page were checked on June 24, 2026.
Related Pages
- Training Data
- AI Data Licensing
- AI Data Provenance
- AI Data Retention
- AI Copyright Litigation
- AI Memory and Personalization
- Machine Unlearning
- Differential Privacy
- Data Minimization
- Contextual Integrity
- Consent or Pay
- Data Trusts
- Platform Governance
- EU AI Act
- Privacy and Data
- Vendor and Platform Governance
- Transparency and Public Registers
- Agent Tool Permission Protocol
- AI Contact and Bot Disclosure
- The Cookie Banner Becomes the Consent Machine
- The Data Clean Room Becomes the Consent Laundromat
- The Deletion Order Becomes AI Governance
- The Crawler Becomes the License Gate
- The Consent Layer for Synthetic People
- The Provenance Layer Becomes the Truth Machine
- The Training Set Eats Itself
- The Data Sheet Becomes the Supply Chain
- The AI Bill of Materials Becomes the Supply Chain Map
Sources
- Meta, Making AI Work Harder for Europeans, April 14, 2025, updated March 27, 2026.
- LinkedIn Help, Control whether LinkedIn uses your data to improve generative AI models that are used for content creation on LinkedIn, accessed June 24, 2026.
- LinkedIn Help, LinkedIn and generative AI FAQs, accessed June 24, 2026.
- LinkedIn Help, Update to our Terms and data use, accessed June 24, 2026.
- Information Commissioner's Office, "Our statement on changes to LinkedIn AI data policy", September 20, 2024, updated in 2025 to note LinkedIn's resumed plans and required safeguards.
- OpenAI Help Center, Data Controls FAQ, accessed June 24, 2026.
- OpenAI Help Center, How your data is used to improve model performance, accessed June 24, 2026.
- Anthropic Privacy Center, Is my data used for model training?, March 16, 2026.
- Anthropic, Updates to Consumer Terms and Privacy Policy, August 28, 2025.
- Slack, Privacy Principles: Search, Learning and Artificial Intelligence, accessed June 24, 2026.
- Zoom Support, How Zoom AI features handle your data, accessed June 24, 2026.
- European Union, Regulation (EU) 2024/1689, Artificial Intelligence Act, Article 53 and recitals 105-108.
- European Commission AI Act Service Desk, Article 53: Obligations for providers of general-purpose AI models, reviewed June 24, 2026.
- European Union, Directive (EU) 2019/790 on copyright and related rights in the Digital Single Market, Article 4 text and data mining exception.
- European Commission, General-Purpose AI Models in the AI Act: Questions & Answers, accessed June 24, 2026.
- European Commission, The General-Purpose AI Code of Practice, accessed June 24, 2026.
- European Data Protection Board, EDPB opinion on AI models: GDPR principles support responsible AI, December 18, 2024.
- European Data Protection Board, Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models, adopted December 17, 2024.
- Federal Trade Commission, Bringing Dark Patterns to Light, September 2022.
- Federal Trade Commission, FTC Staff Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens, September 19, 2024.
- Federal Trade Commission, A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services, September 2024.
- California Privacy Protection Agency Enforcement Division, Enforcement Advisory No. 2024-01: Applying Data Minimization to Consumer Requests, April 2, 2024.
- NIST, Privacy Framework, accessed June 24, 2026.