AI Model Training Use of User Content

What it is

When you type prompts or upload images, Midjourney may use that content to train its AI, and by using the service you are granting Midjourney a license to do so.

Why it matters (compliance & governance perspective)

The policy states that prompts, uploaded images, and generated images may be used for AI model training, and the terms assert a license to use this content for that purpose, which may affect users who submit personal, sensitive, or proprietary material through the platform.

Consumer impact (what this means for users)

This provision authorizes Midjourney to use prompts and uploaded images you submit for AI training purposes; users who submit personal details, faces, or proprietary content in prompts or image uploads should be aware that such content may inform future model development.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision engages GDPR Article 6 lawful basis requirements for processing personal data for AI training, and potentially Article 9 if sensitive categories of data (health, biometric, racial/ethnic origin) are embedded in submitted content. The EU AI Act may require evaluation with respect to training data governance obligations for general-purpose AI models. The FTC's AI guidance and its authority over unfair or deceptive practices is relevant if the scope of AI training use is not adequately disclosed. CCPA/CPRA may require evaluation regarding whether AI training constitutes a secondary use of personal information requiring opt-out rights. GOVERNANCE EXPOSURE: High. The use of user-submitted content for AI model training is one of the most actively scrutinized data processing activities by EU/EEA data protection authorities and the FTC. The policy does not explicitly identify the GDPR lawful basis for AI training use (consent, legitimate interests, or other), which creates compliance ambiguity for EU/EEA deployments. Legitimate interests assessments, if relied upon, would need to balance Midjourney's interests against user rights. JURISDICTION FLAGS: EU/EEA jurisdictions present the highest regulatory exposure; several EU DPAs have opened inquiries into AI training data practices. Italian, French, and Irish DPAs have been active in this area. California's CPRA creates obligations around secondary use of personal information. Illinois BIPA may be implicated if uploaded images contain biometric identifiers and are used for training without explicit written consent. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should contractually address whether employees' submitted prompts and images may be used for AI training and whether data processing agreements are in place. Standard DPA templates may not adequately address AI training use as a controller-permitted purpose; bespoke contractual provisions may be required. COMPLIANCE CONSIDERATIONS: Legal teams should audit whether the policy's disclosure of AI training use is sufficient to satisfy GDPR transparency requirements, and whether a legitimate interests assessment or separate consent mechanism is needed for EU users. Data mapping should identify whether submitted content categories include personal data subject to heightened protection. For Illinois-based deployments, legal review of BIPA applicability to uploaded images is warranted.

Applicable agencies

Provision details

Other risks in this policy

• Default Public Image Generation medium
• Data Collection Scope medium
• Third-Party Data Sharing medium
• GDPR and UK GDPR Data Subject Rights medium
• California Consumer Privacy Rights medium
• Minimum Age Requirement and Children's Privacy medium