OpenAI Challenges Court Order to Preserve User Data in NYT Lawsuit

OpenAI has publicly contested a court order requiring it to preserve all user data, including deleted chats, as part of a copyright lawsuit filed by The New York Times. The order, issued in May, mandates that OpenAI retain all output log data from its ChatGPT and API services, a move that the company argues undermines user privacy and is not relevant to the ongoing lawsuit. The New York Times alleges that OpenAI and Microsoft illegally used its content to train large language models, infringing on its copyrights and threatening the business model of original journalism. The Times claims that potential evidence of copyright infringement might be deleted as users clear their chat histories, which is why the court ordered the preservation of all data.

The heart of the dispute lies in whether using copyrighted material to train generative AI models constitutes "fair use." The Times alleges that OpenAI’s tools sometimes generate near-verbatim outputs from its articles and can bypass its paywall through AI-generated summaries. OpenAI, on the other hand, argues that the court's concerns are speculative and that the order is rushed, premature, and unlawful. The company asserts that it has not destroyed logs in anticipation of litigation and that API data is already managed under strict retention limits. OpenAI also contends that the order forces it to abandon public commitments to user autonomy and to engineer new, expensive storage pipelines, which will consume months and millions of dollars. This, in turn, could harm user trust while offering plaintiffs only a marginal benefit.

The dispute highlights the broader tension between content creators and AI companies. The New York Times alleges that OpenAI scraped paywalled articles without a license, while OpenAI and many AI researchers respond that ingestion for machine learning is transformative and presumptively fair use. This ideological standoff underscores the complexities of data privacy and intellectual property in the age of AI. The order has significant implications for OpenAI's corporate governance and compliance, as the company must now navigate a complex landscape of conflicting obligations, including potential breaches of contract and contempt of court. Additionally, the order collides with existing privacy laws and promises made to users, creating a patchwork of obligations that multinational customers must adhere to.

For executive teams, the practical issue is how to protect corporate interests while the legal situation evolves. Several actions merit immediate attention, including mapping exposure, reviewing contracts and privacy notices, segmenting data flows, implementing encryption under neutral control, and monitoring appellate developments. The episode signals a broader trend where courts and regulators are willing to impose obligations once reserved for telecommunications carriers or health record custodians. As AI systems move from novelty to critical infrastructure, global enterprises must design data strategies that comply with both U.S. discovery rules and European Union privacy principles. Encryption, localization, and vendor diversification are no longer optional but essential risk mitigations at the board level.