If you are enabling an AI feature scanning all your emails, consider this will also scan the emails people have sent you. This information could include personal or otherwise legally protected information.
If this data leaks later (as it regularly happens with these systems), this could mean severe legal consequences for you down the road.
YOU are responsible for protecting the data of others under your custody.
This includes the messages and emails others send to you.
Question for anyone enabling this scanning in a corporate setting:
If you receive a GDPR notice requiring you to delete the contents of an email (typically it's more than one, but let's go with one), how do you comply?
Bonus question: How do you demonstrate compliance in such a way that it would convince a court?
@david_chisnall @Em0nM4stodon Super spicy take: Using a third-party email provider in such a setting was *never* compliant with GDPR or with private NDAs your company has with various parties, unless you had a written contract with the email provider including its own NDA applying to all your email contents, without any provisions for the provider to unilaterally change the terms and remove that.
The gold rush to mine that shit for "AI" is just exposing what was already a huge violation of trust for the sake of going cheap.
@nojhan I have not examined Google's terms of service specifically, but most companies integrating AI features make it clear in their terms of service that users are responsible for the content they upload, and responsible to ensure no personal or otherwise protected information is uploaded.
Whether a GDPR-protected right or copyright applies in these circumstances would depend on each specific case. But in general, this is a potentially huge legal mess.
Some common sense advice: don't consider ANYONE who gives you the option to give up your privacy as someone who wants to make your life better.
Giving up your privacy NEVER makes your life better.
@steltenpower I am so sick of Windows 10 screaming at me about how my data will be lost if I don't back it up to one drive.
Which is a lie, I back up my data in others ways.
@Em0nM4stodon > this could mean severe legal consequences
Its also just disrespectful to put the data of others on risk. Weither legal consequences happen or not, you are a douch for doing it in the first place.
(Same for sharing contact info to apps that the other person doesn't have themselves)
@Em0nM4stodon @CriticalSilence People didn’t give a damn back then, when WhatsApp aired. They granted access to their contacts, et voila WhatsApp got everybody’s contact data.
I don’t think that people now thinking twice before granting access to their mails, to keep other people’s data safe.
@confidentsecurity @Em0nM4stodon You joke, but if you put certain words (such as the F bomb, lol) in there it may actually refuse to output a summary.
Unfortunately, it will still have been sent and processed in the first place, it just might generate a refusal.
Perhaps there is something less... unbusinesses-like than the F-bomb that could be used? This might have an overall effect of discouraging people from using such a thing knowing it would just keep refusing anyway.
Or maybe a way to poison it in general. Just so it could be made useless for summaries and ultimately discourage people from using that?
@nikhil
Why would that be worse? I think it's great - reviewers shouldn't use AI to review anyway. The hidden prompt will have no influence on a normal reviewing process.
if a reviewer uses AI, I have no problem with them being tricked into writing a positive review. Hopefully that will make them realise that what they are doing is wrong...
AI1/ Emergent behaviors of “scheming” and even outright deception were just covered by The Economist: https://www.economist.com/science-and-technology/2025/04/23/ai-models-can-learn-to-conceal-information-from-their-users (Paywall, may be able to try for free, but in any case, read on for a lecture this week on exactly this topic and link to (open access) technical paper cited.)
@Em0nM4stodon I've known some people who were proudly bragging about how they use chatgpt for dealing with their client emails for their business… Especially unhappy/unsatisfied clients…
Most people just don't care just like they use gmail even though google is an advertising spyware company…
I hope these people get sued and lose trials but it's unlikely, in France… The DPA is way too much pro-business…
(Apologies if this has been addressed; our tiny instance sees few replies to original posts.)
One thing folks might overlook is that, by allowing AI to scan emails, they could arguably lose protection for their trade secrets (e.g. Coca-Cola's secret formula).
🛡️ Trade secret protection is only retained as long as "reasonable efforts" are taken to keep that information a secret.
🚫 Is it "reasonable" to think AI will keep such content private?
I trust the interns who work for our nonprofit org more than I trust AI -- and our interns all sign NDAs.
All of this, but it would be naive for anyone using something like gmail to think google will actually respect users' opt out preferences. They will scan the email anyway, either to train their A.I. or for other purposes like displaying you ads
When Google's own A.I. model claimed it was trained on gmail data, Google never specifically denied the claim. They also documented training their auto-complete features on users' emails. Y'all need to switch to more respectable providers!
@ui3o
Em 
David Chisnall (*Now with 50% more sarcasm!*)
Cassandrich
Epic Null
nojhan
2xfo
zombiewarrior
Chris Real
Jess👾
Ruud Steltenpool
Marlow
shadowwwind
Mad A. Argon 
sonja dolinsek
Bastian
Critical Silence
�
.
Arnd Layer
Confident Security
Nazo
Nick 🦇🕸️🖤🖖
Airikr 
RSNikhil
El Duvelle
gglvxd
Kate Akiko
JohnMashey
Very Human Robot
HoldMyType
🐧DaveNull🐧 ☣️pResident Evil☣
Drew Crecente (they/them)
Adam