OpenAI updated its privacy request procedures on May 14, 2026. Previously, the policy stated users could exercise privacy rights by submitting requests through privacy.openai.com or dsar@openai.com. The updated language now describes the four substantive privacy rights themselves—access, deletion, correction, and freedom from retaliation—rather than the submission mechanism. This shifts the policy from procedural instruction to rights enumeration, establishing explicit recognition of these privacy protections.
The updated policy now explicitly states four privacy rights that apply depending on your location and subject to applicable exceptions: the right to know about and access your personal data in portable format, the right to request deletion, the right to correct inaccurate data, and the right to be free from retaliation for exercising these rights. Previously, the policy referenced these rights only through procedural language about how to submit requests. The explicit enumeration establishes clearer notice of what protections the policy recognizes. You can exercise these rights by submitting a request through privacy.openai.com or dsar@openai.com.
The updated policy establishes explicit, detailed notice of four substantive privacy rights that apply depending on jurisdiction and subject to applicable exceptions. This clarification reduces ambiguity about what protections the policy recognizes and aligns with transparency requirements under GDPR, CCPA, and similar frameworks. Organizations relying on OpenAI's stated privacy rights in their own compliance programs can now reference more specific language.
→ Review the four privacy rights now explicitly stated in the policy to understand what protections apply to you based on your jurisdiction
→ Submit a privacy rights request through privacy.openai.com or dsar@openai.com if you wish to exercise any of these rights
→ The four privacy rights now explicitly stated in the policy will apply as written, subject to applicable exceptions and jurisdiction
→ If you do not exercise these rights through the stated request mechanism, OpenAI will not take action on access, deletion, or correction requests
This is the 3rd significant Transparency Removal change OpenAI has made since ConductAtlas began monitoring.
ConductAtlas has recorded 5 material changes to this document (since April 2026). An additional minor or cosmetic changes were excluded.
2 of OpenAI's significant changes have been classified as negative for consumers.
Policy now explicitly lists four privacy rights (access, deletion, correction, anti-retaliation) subject to applicable exceptions and jurisdiction, replacing prior procedural-only language
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
OpenAI's privacy policy now explicitly enumerates four substantive privacy rights (access, deletion, correction, anti-retaliation) that apply depending on jurisdiction and subject to applicable exceptions. This change shifts from procedural language to explicit rights statement, which aligns with privacy regulatory frameworks including GDPR, CCPA, and LGPD that require clear disclosure of consumer rights. The language includes appropriate jurisdictional and exceptions qualifiers, reducing ambiguity about scope. No new operational obligations appear to be created; this primarily clarifies existing rights already available through the request mechanism.
GDPR (Articles 12-22 establish data subject rights including access, rectification, erasure, and restrictions on processing), CCPA (Sections 1798.100-1798.120 establish California consumer rights including access, deletion, correction, and non-discrimination), UK GDPR (Articles 12-22 mirror GDPR protections), LGPD (Brazil; Articles 18-22 establish similar subject rights). FTC Act Section 5 prohibits unfair or deceptive privacy practices; explicit enumeration of rights supports compliance posture.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002058.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorOpenAI updated its Usage Policies page on June 29, 2026 to display language selection options for multiple languages before the …
OpenAI removed the phrase 'Enterprise privacy at OpenAI' from the opening header of their privacy policy on June 28, 2026. …
OpenAI removed two hyperlink annotations from its EU Terms of Use on June 28, 2026. The phrase '(opens in a …
The bill does not regulate most AI startups directly. But it changes the companies they depend on. Here is what the first federal AI law wo…
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
872 provisions across 8 AI platforms. The terms your AI provider sets become the terms your product operates under.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.