Google Gemini updated its privacy policy on March 27, 2026 to explain how it uses data from connected Google apps to personalize your experience, and what happens when you import memories or chats from other AI platforms. Previously, these scenarios were not addressed in the policy. Now, Gemini makes clear that imported AI data and connected app data can be used to train its AI models, which matters because users may not realize their data from other platforms is being fed into Google's systems.
Users who import chat histories or memories from other AI platforms into Gemini may not realize this data will be used to train Google's AI models. This expands the scope of data collection and use in ways that could affect privacy expectations and regulatory compliance.
Google Gemini now explicitly states that data you import from other AI platforms — such as memories and chat histories — will be treated like regular Gemini activity, including being used to train Google's generative AI models. Additionally, if you opt in to 'Personal Intelligence,' data from connected Google apps will be used to personalize your Gemini experience. This significantly broadens the scope of data Google can use for AI training beyond what users might expect. You can manage or delete your imported activity at any time through your Gemini activity settings to limit how this data is used.
Google Gemini's March 27, 2026 privacy policy update introduces two material data processing expansions: (1) data imported from third-party AI platforms is now explicitly subject to AI model training; and (2) connected Google app data can be used for Gemini personalization for eligible users. This touches GDPR lawful basis and purpose limitation obligations (Arts. 5, 6, 13), CCPA disclosure requirements, and may affect vendor risk assessments for organizations that allow employees to use Gemini. Compliance teams should assess whether their acceptable-use policies and data handling notices need updating. Action is likely required for organizations in regulated sectors.
1. GDPR: Art. 5(1)(b) purpose limitation — using imported third-party AI chat data for model training may constitute further processing incompatible with original collection purpose. Art. 6 — lawful basis for processing imported data must be established; consent or legitimate interests analysis required. Art. 13(1)(c) and 13(2)(b) — disclosure obligations regarding purposes and automated processing now triggered. Art. 22 — if personalization constitutes automated decision-making with significant effects, additional safeguards apply. EDPB Guidelines 05/2020 on consent are relevant if opt-in personalization is used as the lawful basis.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000133.
ConductAtlas Policy Archive Entity: Google Gemini | Document: Gemini Apps Privacy Notice | Record: CA-C-000133 Captured: 2026-03-27 06:06:02 UTC URL: https://conductatlas.com/change/2026-03-27-google-gemini-gemini-apps-privacy-notice-133/ Accessed: April 4, 2026
Google Gemini removed language from its privacy policy that explained how users could allow Gemini to personalize experiences using data …
Google Gemini updated its privacy policy on March 28, 2026 to clarify that 'imported chats' are now listed as a …
Google Gemini removed several sentences from its privacy policy on March 23, 2026 that described a feature allowing eligible users …
Create a free account and add Google Gemini to your watchlist. We'll email you the moment something changes.