“AI privilege” or why and how should our chats with AIs be legally protected?
About:
Join us for a moderated discussion on a question that is quickly moving from science fiction to subpoena practice: Should your conversations with an AI assistant be legally protected?
Millions of people now ask chatbots questions they might hesitate to put in an email, say to a co-worker, or admit to a friend. They use artificial-intelligence tools to think through legal problems, medical fears, family conflicts, business plans, and private doubts. The systems feel confidential. The law does not yet treat them that way.
Recent developments have made the gap harder to ignore. In December 2025, a federal court ordered OpenAI to produce 20 million ChatGPT conversations to opposing counsel in a copyright case. Three months later, the order expanded to cover another 88 million conversations. None belonged to anyone involved in the litigation. They belonged to ordinary users who had typed into a system they experienced as private.
At the same time, U.S. courts split on whether using a consumer artificial-intelligence tool can destroy ordinary work-product protection (Heppner and Warner, February 2026). The Supreme Court heard argument on reverse-keyword warrants that, if extended to chatbots, could identify “everyone who issued a prompt to an AI.” And Meta launched Incognito Chat with Meta AI on WhatsApp, which runs inference inside a hardware-isolated environment that Meta itself cannot inspect.
This event asks whether conversations with AI assistants should receive something like the protection we grant to communications with lawyers, doctors, therapists, or priests. If so, what would be the legal basis? What should the limits be? And what technical safeguards must exist before the law can sensibly promise confidentiality?
Sam Altman has publicly called for an “AI privilege.” But no statute or appellate decision has recognized one. A credible privilege may also require more than a provider’s promise not to look. It may depend on whether the provider can show that it could not betray user confidentiality even under legal compulsion.
We will examine the four main ways a chatbot conversation can escape the confidential space users expect: voluntary corporate disclosure to law enforcement, compelled government access, civil discovery, and breach. We will also discuss the technical architectures—confidential computing, client-side encryption, and “Sealed Mode”—that are beginning to change what providers can credibly promise, and what the law can sensibly protect.
The event will feature a moderated dialogue followed by open Q&A. Lawyers, technologists, regulators, journalists, and ordinary users are all welcome.
Co-organized by:
The International Center for Law & Economics
Technische Universität München
Data Regulation & Innovation Initiative
Speakers:
Mikołaj Barczentewicz is a senior scholar at the International Center for Law & Economics and an associate professor of law at the University of Surrey. He writes EUTechReg and has argued that hardware-backed confidential computing—exemplified by Meta’s Incognito Chat—is the most credible path to combining frontier-grade AI with reasonable data safety. He also argues that voluntary technical self-restraint strengthens, rather than displaces, the case for legal protection.
Theodore Christakis is a professor of international, European, and digital law at Université Grenoble Alpes. He is the author of “You Trust Your Chatbot With Everything. Should You?,” the first integrated treatment of the four pathways described above, including a detailed reconstruction of the NYT v. OpenAI discovery battle and the case for a “Sealed Mode” architecture.
