A chart titled “What Kind of Data Do AI Chatbots Collect?” lists and compares seven AI chatbots—Gemini, Claude, CoPilot, Deepseek, ChatGPT, Perplexity, and Grok—based on the types and number of data points they collect as of February 2025. The categories of data include: Contact Info, Location, Contacts, User Content, History, Identifiers, Diagnostics, Usage Data, Purchases, Other Data.
- Gemini: Collects all 10 data types; highest total at 22 data points
- Claude: Collects 7 types; 13 data points
- CoPilot: Collects 7 types; 12 data points
- Deepseek: Collects 6 types; 11 data points
- ChatGPT: Collects 6 types; 10 data points
- Perplexity: Collects 6 types; 10 data points
- Grok: Collects 4 types; 7 data points
And what about goddamn Mistral?
Its French as far as I know so at least it abides to gdpr by default.
All services you see above are provided to EU citizens, which is why they also have to abide by GDPR. GDPR does not disallow the gathering of information. Google, for example, is GDPR compliant, yet they are number 1 on that list. That’s why I would like to know if European companies still try to have a business case with personal data or not.
If it’s one thing I don’t trust its non-EU companies following GDPR. Sure they’re legally bound to, but l mean Meta doesn’t care so why should the rest.
(Yes I’m being overly dramatic about this, but I’ve lost trust ages ago in big tech companies)
Fully agree, which is also why I choose EU/Swiss made services by default
not sure about swiss, they shady as hell if you have scepticism towards rich people greed
I’m only referring to data privacy laws.
It doesn’t mean they “have to abide by GDPR” or that they “are GDPR compliant”. All it means is they appear to be GDPR compliant and pretend to respect user privacy. The sole fact that the AI chatbots are run in US-based data centres is against GDPR. The EU has had many different personal data transfer agreements with the US, all of which were canceled shortly after signing due to US corporations breaking them repeatedly (Facebook usually being the main culprit).
I tried to say that, but you were better at explaining, so thank you. Without a court case, you will essentially never know, if they are truly GDPR compliant