Get the weekly digest
Every policy change across 844 tracked documents, once a week. No account needed.
OpenAI modified two sentences in its Enterprise Privacy Policy, detected on July 16, 2026. The opening section now includes a formatting change (addition of 'Enterprise privacy at OpenAI' as a header). More substantively, the language describing workspace admin control over data retention was changed from 'Your workspace admins control how long your workspace data is retained' to 'Your workspace admins can control how long your data is retained.' This shifts the framing from an affirmative control right to a permissive capability, and removes the word 'workspace' before 'data,' potentially broadening the scope of data subject to admin control beyond workspace-specific data.
The updated policy now states that workspace admins 'can control' data retention rather than 'control' it, introducing subtle ambiguity about whether retention control is a guaranteed right or a permitted option. Additionally, the removal of the word 'workspace' before 'data' broadens the scope of data potentially subject to admin control beyond workspace-specific information. These changes could affect how enterprise customers understand the extent of their administrative authority over data retention practices.
The updated language introduces ambiguity about whether data retention control is a right or a capability, and broadens the scope of data subject to admin governance, which may affect how enterprise customers structure their internal data handling practices and how OpenAI's obligations map to data protection regulations.
→ Review existing vendor agreements and data processing addenda with OpenAI to confirm whether the prior language was referenced or incorporated.
→ Enterprise customers may continue to rely on prior interpretations of their data retention governance authority without realizing the scope has been ambiguously reframed.
ConductAtlas has recorded 2 material changes to this document over 49 days of monitoring (since May 2026). An additional minor or cosmetic changes were excluded.
Across all monitored documents, OpenAI has made 15 significant changes.
9 of OpenAI's significant changes have been classified as negative for consumers.
Language shifted from affirmative 'control' to permissive 'can control,' and scope expanded from 'workspace data' to 'data.'
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
OpenAI has modified language in its Enterprise Privacy Policy regarding workspace administrator control over data retention. The change shifts from affirmative language ('control') to permissive language ('can control') and expands scope from 'workspace data' to 'data.' For organizations using OpenAI's enterprise products, this affects how governance structures map to data retention authority. The change may engage GDPR data processing obligations and contractual DPA terms if those agreements reference the policy language. Compliance teams should review whether existing vendor agreements and data processing addenda are still accurately reflected by the updated policy language.
Full compliance analysis
Regulatory exposure, obligation analysis, escalation trigger, board language, and recommended action.
Analyst $49/moConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003719.
OpenAI updated the GPT-5.5 System Card on April 24, 2026, to include safeguards information. In an update detected on July …
OpenAI's GPT-5 System Card was updated on July 18, 2026, with a modification to the document's linked content references. The …
OpenAI removed the audio article feature reference from its Frontier Governance Framework post on July 18, 2026. The updated version …
H.R. 8094 would make the FTC the referee for AI model disclosure. It also names system cards as a way to comply, which turns a voluntary in…
The bill does not regulate most AI startups directly. But it changes the companies they depend on. Here is what the first federal AI law wo…
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Get alerted when this policy changes again — including what changed and why it matters.