AI tools collect, store your data – how to be aware of what you're revealing

Like it or not, artificial intelligence has become part of daily life. Many devices — including electric razors and toothbrushes — have become "AI-powered," using machine learning algorithms to track how a person uses the device, how the device is working in real time, and provide feedback. From asking questions to an AI assistant like ChatGPT or Microsoft Copilot to monitoring a daily fitness routine with a smartwatch, many people use an AI system or tool every day.
While AI tools and technologies can make life easier, they also raise important questions about data privacy. These systems often collect large amounts of data, sometimes without people even realizing their data is being collected. The information can then be used to identify personal habits and preferences, and even predict future behaviors by drawing inferences from the aggregated data.
As an assistant professor of cybersecurity at West Virginia University, I study how emerging technologies and various types of AI systems manage personal data and how we can build more secure, privacy-preserving systems for the future.
Generative AI software uses large amounts of training data to create new content such as text or images. Predictive AI uses data to forecast outcomes based on past behavior, such as how likely you are to hit your daily step goal, or what movies you may want to watch. Both types can be used to gather information about you.
Generative AI assistants such as ChatGPT and Google Gemini collect all the information users type into a chat box. Every question, response and prompt that users enter is recorded, stored and analyzed to improve the AI model.
OpenAI's privacy policy informs users that "we may use content you provide us to improve our Services, for example to train the models that power ChatGPT." Even though OpenAI allows you to opt out of content use for model training, it still collects and retains your personal data. Although some companies promise that they anonymize this data, meaning they store it without naming the person who provided it, there is always a risk of data being reidentified.
Beyond generative AI assistants, social media platforms like Facebook, Instagram and TikTok continuously gather data on their users to train predictive AI models. Every post, photo, video, like, share and comment, including the amount of time people spend looking at each of these, is collected as data points that are used to build digital data profiles for each person who uses the service.
The profiles can be used to refine the social media platform's AI recommender systems. They can also be sold to data brokers, who sell a person's data to other companies to, for instance, help develop targeted advertisements that align with that person's interests.
Many social media companies also track users across websites and applications by putting cookies and embedded tracking pixels on their computers. Cookies are small files that store information about who you are and what you clicked on while browsing a website.
One of the most common uses of cookies is in digital shopping carts: When you place an item in your cart, leave the website and return later, the item will still be in your cart because the cookie stored that information. Tracking pixels are invisible images or snippets of code embedded in websites that notify companies of your activity when you visit their page. This helps them track your behavior across the internet.
This is why users often see or hear advertisements that are related to their browsing and shopping habits on many of the unrelated websites they browse, and even when they are using different devices, including computers, phones and smart speakers. One study found that some websites can store over 300 tracking cookies on your computer or mobile phone.
Like generative AI platforms, social media platforms offer privacy settings and opt-outs, but these give people limited control over how their personal data is aggregated and monetized. As media theorist Douglas Rushkoff argued in 2011, if the service is free, you are the product.
Many tools that include AI don't require a person to take any direct action for the tool to collect data about that person. Smart devices such as home speakers, fitness trackers and watches continually gather information through biometric sensors, voice recognition and location tracking. Smart home speakers continually listen for the command to activate or "wake up" the device. As the device is listening for this word, it picks up all the conversations happening around it, even though it does not seem to be active.
Some companies claim that voice data is only stored when the wake word — what you say to wake up the device — is detected. However, people have raised concerns about accidental recordings, especially because these devices are often connected to cloud services, which allow voice data to be stored, synced and shared across multiple devices such as your phone, smart speaker and tablet.
If the company allows, it's also possible for this data to be accessed by third parties, such as advertisers, data analytics firms or a law enforcement agency with a warrant.
This potential for third-party access also applies to smartwatches and fitness trackers, which monitor health metrics and user activity patterns. Companies that produce wearable fitness devices are not considered "covered entities" and so are not bound by the Health Information Portability and Accountability Act. This means that they are legally allowed to sell health- and location-related data collected from their users.
Concerns about HIPAA data arose in 2018, when Strava, a fitness company released a global heat map of users' exercise routes. In doing so, it accidentally revealed sensitive military locations across the globe through highlighting the exercise routes of military personnel.
The Trump administration has tapped Palantir, a company that specializes in using AI for data analytics, to collate and analyze data about Americans. Meanwhile, Palantir has announced a partnership with a company that runs self-checkout systems.
Such partnerships can expand corporate and government reach into everyday consumer behavior. This one could be used to create detailed personal profiles on Americans by linking their consumer habits with other personal data. This raises concerns about increased surveillance and loss of anonymity. It could allow citizens to be tracked and analyzed across multiple aspects of their lives without their knowledge or consent.
Some smart device companies are also rolling back privacy protections instead of strengthening them. Amazon recently announced that starting on March 28, 2025, all voice recordings from Amazon Echo devices would be sent to Amazon's cloud by default, and users will no longer have the option to turn this function off. This is different from previous settings, which allowed users to limit private data collection.
Changes like these raise concerns about how much control consumers have over their own data when using smart devices. Many privacy experts consider cloud storage of voice recordings a form of data collection, especially when used to improve algorithms or build user profiles, which has implications for data privacy laws designed to protect online privacy.
All of this brings up serious privacy concerns for people and governments on how AI tools collect, store, use and transmit data. The biggest concern is transparency. People don't know what data is being collected, how the data is being used, and who has access to that data.
Companies tend to use complicated privacy policies filled with technical jargon to make it difficult for people to understand the terms of a service that they agree to. People also tend not to read terms of service documents. One study found that people averaged 73 seconds reading a terms of service document that had an average read time of 29 to 32 minutes.
Data collected by AI tools may initially reside with a company that you trust, but can easily be sold and given to a company that you don't trust.
AI tools, the companies in charge of them and the companies that have access to the data they collect can also be subject to cyberattacks and data breaches that can reveal sensitive personal information. These attacks can by carried out by cybercriminals who are in it for the money, or by so-called advanced persistent threats, which are typically nation/state-sponsored attackers who gain access to networks and systems and remain there undetected, collecting information and personal data to eventually cause disruption or harm.
While laws and regulations such as the General Data Protection Regulation in the European Union and the California Consumer Privacy Act aim to safeguard user data, AI development and use have often outpaced the legislative process. The laws are still catching up on AI and data privacy. For now, you should assume any AI-powered device or platform is collecting data on your inputs, behaviors and patterns.
Although AI tools collect people's data, and the way this accumulation of data affects people's data privacy is concerning, the tools can also be useful. AI-powered applications can streamline workflows, automate repetitive tasks and provide valuable insights.
But it's crucial to approach these tools with awareness and caution.
When using a generative AI platform that gives you answers to questions you type in a prompt, don't include any personally identifiable information, including names, birth dates, Social Security numbers or home addresses. At the workplace, don't include trade secrets or classified information. In general, don't put anything into a prompt that you wouldn't feel comfortable revealing to the public or seeing on a billboard. Remember, once you hit enter on the prompt, you've lost control of that information.
Remember that devices which are turned on are always listening — even if they're asleep. If you use smart home or embedded devices, turn them off when you need to have a private conversation. A device that's asleep looks inactive, but it is still powered on and listening for a wake word or signal. Unplugging a device or removing its batteries is a good way of making sure the device is truly off.
Finally, be aware of the terms of service and data collection policies of the devices and platforms that you are using. You might be surprised by what you've already agreed to.
Christopher Ramezan is an assistant professor of cybersecurity at West Virginia University. This article is republished from The Conversation under a Creative Commons license.
This article is part of a series on data privacy that explores who collects your data, what and how they collect, who sells and buys your data, what they all do with it, and what you can do about it.
This article originally appeared on Erie Times-News: AI devices collect your data, raise questions about privacy | Opinion

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Forbes

19 minutes ago

• Forbes

Microsoft Confirms Windows 11 Automatic Deletions: Take Action Now To Protect Yourself

Microsoft's Windows 11 creates System Restore points, that is, snapshots of your PC's system files, settings and registry. But those points expire and are automatically deleted after 60 days, Microsoft has now confirmed. Users can protect themselves by creating regular System Restore points. 'With System Restore you can revert your PC's state to a previous point in time. By using System Restore, you can undo these changes without affecting your personal files,' Microsoft says. Windows 11 Which is great, but those restore points don't last forever, so it's important to know exactly how long they are there for. Previous documentation suggested that on Windows 10, restore points could last as long as 90 days. Windows Latest reports that 'After Windows 11's release in 2021, the retention period has been anywhere between 10 and 90 days (mostly 10 days),' it says. Ten days really isn't long, but there's good news. In a new support document relating to the June 10 update, Microsoft is a bit more specific. 'After installing the June 2025 Windows security update, Windows 11, version 24H2 will retain system restore points for up to 60 days. To apply a restore point, select Open System Restore. Restore points older than 60 days are not available. This 60-day limit will also apply to future versions of Windows 11, version 24H2,' it says. In other words, Microsoft has confirmed that Windows 11 System Restore points will be deleted after 60 days, so you need to periodically create restore points. That's not as good as 90 days, obviously, but way better than 10 days. 'This will give you multiple snapshots, but Windows will still delete the oldest ones once they exceed the retention window (now 60 days on Windows 11 24H2 by default),' says Windows Latest. To create your own System Restore point, as Windows Latest explains, you open Start and search for 'Create a restore point,' which will open System Protection tab in System Properties. Next, under Protection Settings, check that one of the partitions where you're going to put the backup is protected. Choose that partition and Configure to turn on protection. Then, click Create and follow the onscreen instructions. This will last for 60 days. Now that the deletion date is clear, it seems like creating one every few weeks is good practice.

TechCrunch

19 minutes ago

• TechCrunch

Moratorium on state AI regulation clears Senate hurdle

A Republican effort to prevent states from enforcing their own AI regulations cleared a key procedural hurdle on Saturday. The rule, as reportedly rewritten by Senate Commerce Chair Ted Cruz in an attempt to comply with budgetary rules, would withhold federal broadband funding from states if they try to enforce AI regulations in the next 10 years. And the rewrite seems to have passed muster, with the Senate Parliamentarian now ruling that the provision is not subject to the so-called Byrd rule — so it can be included in Republicans' 'One Big, Beautiful Bill' and passed with a simple majority, without potentially getting blocked by a filibuster, and without requiring support from Senate Democrats. However, it's not clear how many Republicans will support the moratorium. For example, Republican Senator Marsha Blackburn of Tennessee recently said, 'We do not need a moratorium that would prohibit our states from stepping up and protecting citizens in their state.' And while the House of Representatives already passed a version of the bill that included a moratorium on AI regulation, far-right Representative Marjorie Taylor Greene subbsequently declared that she is 'adamantly OPPOSED' the provision as 'a violation of state rights' and said it needs to be 'stripped out in the Senate.' House Speaker Mike Johnson defended the provision by saying it had President Donald Trump's support and arguing, 'We have to be careful not to have 50 different states regulating AI, because it has national security implications, right?' In a recent report, Americans for Responsible Innovation (an advocacy group for AI regulation), wrote that 'the proposal's broad language could potentially sweep away a wide range of public interest state legislation regulating AI and other algorithmic-based technologies, creating a regulatory vacuum across multiple technology policy domains without offering federal alternatives to replace the eliminated state-level guardrails.' Techcrunch event Save $200+ on your TechCrunch All Stage pass Build smarter. Scale faster. Connect deeper. Join visionaries from Precursor Ventures, NEA, Index Ventures, Underscore VC, and beyond for a day packed with strategies, workshops, and meaningful connections. Save $200+ on your TechCrunch All Stage pass Build smarter. Scale faster. Connect deeper. Join visionaries from Precursor Ventures, NEA, Index Ventures, Underscore VC, and beyond for a day packed with strategies, workshops, and meaningful connections. Boston, MA | REGISTER NOW A number of states do seem to be taking steps toward AI regulation. In California, Governor Gavin Newsom vetoed a high-profile AI safety bill last year while signing a number of less controversial regulations around issues like privacy and deepfakes. In New York, an AI safety bill passed by state lawmakers is awaiting Governor Kathy Hochul's signature. And Utah has passed its own regulations around AI transparency.

Motor 1

26 minutes ago

• Motor 1

'Not Having Wireless CarPlay in a $30K Car Is Kinda Crazy,' Says Honda Civic Driver. Then He Finds a Workaround

Your phone charges wirelessly, your earbuds sync automatically, and your car might even drive itself. So why are so many drivers still plugging in cords like it's 2014 just to use CarPlay? In a series of TikToks, creator Bishi (@bishifindsdeals) reveals that the 2025 Honda Civic Sport model is still reliant on wires to access apps and other functions from a smartphone. Get the best news, reviews, columns, and more delivered straight to your inbox, daily. back Sign up For more information, read our Privacy Policy and Terms of Use . 'I love my Honda Civic so much, but one thing I hate the most about this car is that it does not come with wireless CarPlay at all,' Bishi says. His post has been viewed 150,000 times as of this writing. Bishi captions it, 'Not having wireless carplay in a 30k car is kinda crazy.' His post notes that it is eligible for commission. Bishi then lists numerous options to add some wireless living to cars still rocking that tether. These devices act as intermediary dongles that spoof a wired connection between a smartphone and the vehicle's infotainment system. Once paired via Bluetooth and Wi-Fi, they trick the car into thinking a physical cable is connected, enabling wireless CarPlay in vehicles that technically only support it through a wired connection. They're not made or endorsed by Apple, and buyers report that they vary in quality. But the right device can provide a wireless upgrade for people who drive older models or those in new base-model vehicles. Why Don't Automakers Include Wireless? Trending Now 'It Works:' Woman Shares How to Find Out if Furniture Fits in Your Car—Before You Buy From Facebook Marketplace 'He Wears That Little, Dangly Cross Earring:' Woman Says 'Car Guys' Are Major 'Red Flags' for Dating. Is She onto Something? Honda, Toyota, Mazda, and Hyundai often only include the feature in higher trim levels or as an optional infotainment add-on. The reason usually boils down to a combination of cost and technical complexity. Wireless CarPlay requires more than just Bluetooth; it depends on dual-band Wi-Fi (typically 5 GHz) to handle the bandwidth required for smooth audio and screen projection. That requires different antennas, more robust processing, and a system to manage thermal output, especially in dashboard units with limited space and airflow. Carmakers aiming to keep base model prices competitive often opt to leave those components out. There's also the issue of licensing and software integration. While Apple doesn't publish its licensing fees publicly, it's widely reported in industry forums and analyst reports that integrating CarPlay—especially wirelessly—adds to both unit and development costs. For automakers already facing narrow profit margins on entry-level vehicles, that added expense might not be worth it. Modern World, Outdated Technology Not having wireless capabilities in a vehicle in 2025 seems out of step with most consumer expectations. Physically tethering a phone to a USB cable just to get navigation on your dash feels outdated. Perhaps particularly so in a world where features like heated seats and adaptive cruise control were once luxuries, but now often come standard. Many drivers now view wireless smartphone integration as another baseline requirement . Instead, they're met with feature segmentation that positions wireless CarPlay as an upsell, bundled with premium infotainment packages or only available on trims that push the total price several thousand dollars higher. This gap between expectation and reality has given rise to a growing aftermarket ecosystem, especially among younger drivers comfortable with DIY tech. Plug-in adapters that enable wireless CarPlay are now widely available through Amazon, TikTok Shop, and direct-to-consumer e-commerce platforms. Some are from known brands like Carlinkit or Ottocast, which offer Federal Communications Commission-certified devices with regular firmware updates. You can also buy from less established brands. But while many work well enough, customers mention issues including laggy connections, audio dropout, and software bugs. More importantly, these dongles function by spoofing a wired connection, something Apple has never officially supported and which raises questions about security, stability, and compatibility with future iOS updates. Still, if you, like Bish, can't bear to plug in your phone to use wireless, those aftermarket products may be just the solution. 'Let's be honest, it's the big 2025, so you can't be seen using wires just to get some CarPlay in your car,' he says. Motor1 contacted Bishi via direct message. We'll be sure to update this if he responds. More From Motor1 The 20 Most American-Made Cars of 2025 'That's Obviously a Villain Car:' Man Spots Honda Fit in Parking Lot. Then He Notices the Back 'The Pedal [Could] Shift Out of Position:' Honda Recalls a Quarter-Million Cars Over Faulty Brake Pedals Honda Will Supply New Parts for Old Cars, Starting With the NSX Share this Story Facebook X LinkedIn Flipboard Reddit WhatsApp E-Mail Got a tip for us? Email: tips@ Join the conversation ( )