Next Article in Journal
Machine Learning Pipeline for Early Diabetes Detection: A Comparative Study with Explainable AI
Previous Article in Journal
AI-Based Proactive Maintenance for Cultural Heritage Conservation: A Hybrid Neuro-Fuzzy Approach
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 17
Issue 11
10.3390/fi17110511
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Privacy Concerns in ChatGPT Data Collection and Its Impact on Individuals

by
Leena Mohammad Alzamil
,
Alawiayyah Mohammed Alhasani
and
Suhair Alshehri
*
Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 22254, Saudi Arabia
*
Author to whom correspondence should be addressed.
Future Internet 2025, 17(11), 511; https://doi.org/10.3390/fi17110511
Submission received: 22 September 2025 / Revised: 5 November 2025 / Accepted: 6 November 2025 / Published: 10 November 2025
Browse Figures
Versions Notes

Abstract

With the rapid adoption of generative AI technologies across various sectors, it has become increasingly important to understand how these systems handle personal data. The study examines users’ awareness of the types of data collected, the risks involved, and their implications for privacy and security. A comprehensive literature review was conducted to contextualize the ethical, technical, and regulatory challenges associated with generative AI, followed by a pilot survey targeting ChatGPT users from a variety of demographics. The results of the study revealed a significant gap in users’ understanding of data practices, with many participants expressing concerns about unauthorized access to data, prolonged data retention, and a lack of transparency. Despite recognizing the benefits of ChatGPT in various applications, users expressed strong demands for greater control over their data, clearer consent mechanisms, and more transparent communication from developers. The study concludes by emphasizing the need for multi-dimensional solutions that combine technological innovation, regulatory reform, and user-centered design. Recommendations include implementing explainable AI, enhancing educational efforts, adopting privacy-by-design principles, and establishing robust governance frameworks. By addressing these challenges, developers, policymakers, and stakeholders can enhance trust, promote ethical AI deployment, and ensure that generative AI systems serve the public good while respecting individual rights and privacy.

1. Introduction

Artificial intelligence is revolutionizing many industries, with platforms like ChatGPT gaining widespread adoption [1]. ChatGPT, an advanced language model, interacts with millions of users daily, offering solutions and suggestions, and engaging in conversations. However, as its use has grown, concerns about data privacy, collection practices, and ethical considerations have become increasingly prominent [2]. Many users engage with such platforms without fully understanding what data is being collected, how it is being processed, or the implications for their privacy and trust [3]. Addressing these gaps is critical to ensuring responsible AI deployment and fostering a safe digital environment. Generative AI, embodied by models like ChatGPT, has seen rapid integration across industries. A recent McKinsey survey indicates that 65% of organizations regularly use generative AI in at least one role, nearly doubling from the previous year [4]. The same survey highlights that individuals across regions, industries, and seniority levels are increasingly using generative AI tools at both professional and personal levels. These innovations are reshaping industries such as entertainment, healthcare, and finance, opening up new opportunities in image synthesis, text generation, and interactive AI [5].
Despite widespread adoption, there is still a significant lack of user awareness regarding the data collection and privacy practices associated with these technologies. Many users unwittingly share personal information while interacting with AI-powered platforms, raising concerns about data security and potential exploitation. This underscores the importance of promoting transparency, educating users, and implementing responsible AI policies to foster trust and ensure the ethical use of AI. As generative AI continues to evolve, balancing innovation with ethical responsibility will be critical in shaping a future where AI augments human capabilities while preserving fundamental rights and privacy [6]. The motivation for this research is the growing demand for ethical AI practices and the need to protect user privacy. With limited user awareness of ChatGPT’s data collection mechanisms, there are risks of loss of trust, privacy, and misuse of personal data [7]. By exploring and analyzing user awareness and its impact, this project aims to provide actionable insights for enhancing transparency and promoting ethical AI usage. Furthermore, this study examines the data collection and use practices of the ChatGPT platform to better understand potential privacy risks, how these concerns influence user trust, and the possible guidelines for enhancing privacy protections in AI-powered systems. This work is essential to encourage the industry and AI companies to comply with user expectations and global privacy standards [8]. The primary objectives of this paper are as follows:
  • To analyze the current practices of data collection and usage in ChatGPT.
  • To evaluate the privacy risks associated with ChatGPT’s data collection.
  • To assess the impact of these privacy concerns on individual users’ trust and willingness to use the technology.
  • To propose recommendations for enhancing privacy protections in ChatGPT and similar AI systems.
The rest of the paper is organized as follows: Section 2 presents background on generative AI and ChatGPT. Section 3 reviews the relevant literature. Section 4 discusses the privacy risks associated with ChatGPT’s data collection. Section 5 presents the results and analysis. Section 6 provides recommendations. Section 7 summarizes the study and outlines the future work.

2. Background

Generative Artificial Intelligence has rapidly emerged as a transformative technological paradigm that enables machines to autonomously generate text, images, music, and code resembling human creativity [9,10]. Through advanced architectures such as the Generative Pre-trained Transformer GPT, GenAI systems have revolutionized automation, communication, and knowledge creation. By training on vast datasets comprising books, articles, and web content, these models develop an advanced understanding of linguistic and contextual relationships. However, this dependence on large-scale and publicly available data raises significant ethical and privacy concerns that continue to challenge policymakers, developers, and users alike [11,12].
While the potential of GenAI is evident across sectors including education, healthcare, media, and software engineering its integration also brings complex ethical, legal, and social implications. Key challenges include data privacy and security risks, as generative models process massive volumes of user information, often without transparent disclosure of data handling practices. This lack of transparency can result in unintended data exposure, tracking of user interactions, and possible noncompliance with international regulations such as the GDPR and CCPA [13,14]. The absence of clear accountability mechanisms in AI systems makes it difficult to ensure user consent and safeguard personal data, creating tension between innovation and privacy protection.
Equally critical are issues related to misinformation, bias, and fairness. Generative models can produce misleading or fabricated outputs such as deepfakes or synthetic news that distort public perception and challenge the authenticity of information. Moreover, because these systems learn from pre-existing data, they inherently reproduce social, gender, or cultural biases embedded within their training datasets [15]. Without proper oversight, this can perpetuate stereotypes and discriminatory outputs, undermining the ethical integrity of AI systems. Ensuring fairness and inclusivity in AI outputs thus requires diverse and representative training data as well as continuous bias evaluation mechanisms.
Finally, Generative AI raises unresolved debates around intellectual property, authorship, and ethical governance. The boundaries of ownership remain ambiguous when AI-generated content closely resembles copyrighted material or when data sources are scraped without explicit consent [14,15]. Furthermore, as AI tools become increasingly embedded in daily life, the demand for transparent governance frameworks intensifies. Ethical AI development now necessitates proactive regulation, corporate accountability, and user education to prevent misuse. In sum, while GenAI continues to advance digital transformation, its success depends on balancing innovation, transparency, and ethical responsibility to ensure that technological progress does not compromise privacy, fairness, or public trust [14].

2.1. ChatGPT

ChatGPT, developed by OpenAI, represents a major advancement in Natural Language Processing (NLP) and conversational AI [16]. Built on a transformer-based architecture, it is designed to understand user intent, maintain contextual awareness, and generate coherent, human-like responses. Since its initial release as a simple chatbot, ChatGPT has evolved through continuous updates that enhanced its linguistic accuracy, contextual reasoning, and conversational depth. This iterative development, driven by user feedback and ongoing refinement, has transformed ChatGPT into a sophisticated dialogue system capable of producing natural, meaningful, and contextually relevant interactions [17].

2.1.1. ChatGPT Architecture and Methodology

ChatGPT, developed by OpenAI, is one of the most sophisticated applications of generative artificial intelligence designed to produce coherent, human-like responses in natural language conversations [16]. It is based on the Generative Pre-trained Transformer (GPT) architecture, which marked a major advancement in Natural Language Processing (NLP) by enabling models to process entire text sequences simultaneously rather than word by word. This transformer-based design allows ChatGPT to understand linguistic context, infer meaning, and generate relevant and grammatically consistent outputs across a wide range of topics and domains [17].
The architecture of ChatGPT, as shown in Figure 1, consists of interconnected layers that perform self-attention and contextual encoding to determine the relationships between words in a sentence [18]. Through this structure, the model can maintain semantic coherence and context awareness, distinguishing it from earlier chatbot systems that lacked long-term memory and contextual continuity. As a result, ChatGPT can engage in extended and meaningful dialogues, producing outputs that simulate human reasoning and conversation flow.
Regarding its methodology, as shown in Figure 2, ChatGPT is developed through two main stages: large-scale pretraining and fine-tuning. During pretraining, the model learns general language patterns from massive textual datasets, enabling it to acquire a broad understanding of vocabulary, syntax, and semantics. This is followed by fine-tuning using Reinforcement Learning from Human Feedback (RLHF), where human evaluators review and rank generated responses to align the model’s behavior with human preferences and ethical standards [19]. This process helps refine accuracy, coherence, and the ability to generate appropriate and informative content.
Overall, ChatGPT’s architecture and training methodology represent a convergence of deep learning and human-centered design principles. By combining large-scale data learning with iterative human feedback, the model achieves greater linguistic precision and ethical reliability. These mechanisms position ChatGPT as a leading example of responsible generative AI, shaping future research on conversational intelligence and user–AI interaction [19].

2.1.2. ChatGPT Applications

AI has rapidly changed many work fields, and ChatGPT is leading this big change. It is applied across various fields, making things fast, easy to access, and better for users. ChatGPT is widely used in schools as an online helper, helping with schoolwork, making learning fit each person, aiding with languages, and making materials for teachers.
In business and customer service, it helps out with customer support, helps with market study, and is helpful in making content. In healthcare, ChatGPT is suitable for giving medical information, early help with diagnosis, administrative help, and support for mental health. In finance and banking, it provides money help, finds fraud, gives fast answers, and helps manage money portfolios. E-shops and stores use ChatGPT for personalized shopping experiences, quick help for buyers, talking about products, and chatbot help with sales.
Media and entertainment use it to write scripts, summarize news, make games interactive, and handle social media. Lawyers use ChatGPT to look up laws, write contracts, talk to clients, and analyze cases. In hiring, it helps sort resumes, prepare for interviews, help workers, and plan training. The research area gets help from ChatGPT in looking at data, summarizing papers, writing grants, and working together on studies. The travel and hospitality business use ChatGPT for trip plans, booking help, talking in other languages, and guiding virtual tours. These many uses show how ChatGPT changes tech, making it more accessible, quick, and suitable for lots of industries [20].

2.1.3. ChatGPT Concerns and Challenges

As more people use ChatGPT, fears about trust and use have grown. As we talk more about AI, worries come up about keeping data safe, the risk of wrong information, and relying too much on this tech. Many appreciate how fast and easy ChatGPT makes things, but they worry about the accuracy of the information. Looking forward, it is key to weigh both the good and bad sides. ChatGPT could change how we talk with computers, creating new opportunities in education, workplace assistance, and creative fields. Studies show that as people get used to AI, their jobs shift to working with technology rather than against it. This collaboration can bring more new ideas and improve productivity in many fields [21].
AI does not just affect individuals—it has significant effects on entire industries. As AI advances, it is set to transform jobs and increase the demand for new skills. We must understand these shifts to make the most of AI and address its challenges. Studies show that when industries adopt AI, they foster a culture of continuous learning and adaptability. This is key in our fast-moving tech world. In our tech-driven world, wisely using AI tools like ChatGPT is crucial. Recent research provides guidelines for AI, ensuring that technology enhances knowledge and creativity rather than limiting human potential. If we balance it right, humans and AI can work together for greater success [22,23].

2.1.4. Data Collection, Storage, and Use in ChatGPT

  • Data Collection
Data collection is the primary and most significant task of ChatGPT. It is carried out in two ways. Firstly, data is collected by training the model on a vast number of books, articles, Internet texts, and websites. It helps the ChatGPT model in learning patterns, language, and real-world knowledge.
The second stage deals with collecting data from user interactions. This includes logs that may contain personally identifiable information, such as email addresses or phone numbers, usage data, and the frequency of access to the model. So, OpenAI keeps this data for a short period so that ChatGPT can periodically update the model dataset user interaction [24].
  • Data Storage
Data storage is crucial for maintaining user privacy. One of the most critical practices and security precautions OpenAI offers for its ChatGPT model is data encryption during storage and transmission to prevent unauthorized access or data theft and to ensure that user data is not exposed to theft or unauthorized use. The other essential action is that ChatGPT does not hold on to this information for more than 30 days when it is removed or anonymized so that sensitive information cannot be accessed or seen.
The data practices of OpenAI are conjoined align with data protection laws, such as the GDPR and CCPA, which ensures strict data handling and security measures [24].
  • Data Uses
ChatGPT employs information in various but interrelated ways throughout its operation and user experience development. User interaction data is first analyzed to improve the chatbot’s workings. OpenAI leverages user observations on inputs and chatbot outputs to determine which areas to focus on to improve the algorithm’s performance.
The last steps of the machine learning fine-tuning are applied based upon a more narrowed dataset where human raters score responses based on given criteria. This feedback from users improves the model’s alignment with expected outputs, resulting in more contextually relevant responses. Also, the constant inflow of feedback from user interaction is an invaluable methodology for fixing and improving the system, creating a feedback loop in the later version of the model itself.
In combination, such practices allow ChatGPT to fulfill information security requirements and, by design, address the shortcomings of its own AI model, thereby enhancing the overall user experience [24].

3. Literature Review

This section provides an overview of the studies and scholarly articles conducted on generative AI is presented and categorized into two key areas: Privacy and Security, and User Awareness. When AI-driven platforms such as ChatGPT became popular, researchers have extensively examined the implications of data collection, security risks, and ethical considerations.
The first section, Privacy and Security, covers academic research on how AI models handle user data, the risks of data breaches, and best practices for deploying AI securely. The second section, User Awareness, reviews studies that assess users’ understanding of AI data practices, their rights, and the impact of transparency on trust. This section organizes the literature into these two themes for a structured analysis of existing knowledge, highlighting gaps and areas for further exploration.
The selection of literature for this study followed a systematic and structured process to ensure relevance, credibility, and comprehensiveness. The primary databases consulted included IEEE Xplore, ScienceDirect, SpringerLink, Google Scholar, and ResearchGate, chosen for their extensive collections of peer-reviewed publications related to artificial intelligence, cybersecurity, and data privacy.
A combination of targeted keywords was used, including “ChatGPT,” “Generative AI,” “Data Privacy,” “User Awareness,” “Data Collection,” “Ethical AI,” and “Cybersecurity Risks.” Boolean operators (AND, OR) were applied to refine search results and capture a broader scope of relevant studies.
Studies were included if they were published between 2019 and 2025, focused on ChatGPT or similar generative AI models, addressed privacy, security, or user awareness issues, and appeared in peer-reviewed journals or reputable conference proceedings. Conversely, exclusion criteria eliminated studies that lacked empirical or theoretical relevance to ChatGPT privacy concerns, were purely technical without ethical or user-awareness dimensions, or originated from non-academic or duplicate sources such as blogs or unverified websites.
The screening process began with a review of titles and abstracts to determine preliminary relevance, followed by full-text evaluation of shortlisted studies.This multi-stage selection process ensured that the literature review incorporated the most relevant, credible, and recent research addressing privacy, security, and user awareness within the context of ChatGPT and generative AI.

3.1. Privacy and Security

The reviewed studies collectively highlight the complex dual role of Generative Artificial Intelligence in shaping privacy and security dynamics, with ChatGPT serving as both a technological enabler and a potential risk factor. Gupta et al. [25], Al-Kamli et al. [26], and Falade [27] converge on the argument that while ChatGPT offers innovative opportunities for enhancing cybersecurity, it simultaneously introduces new vulnerabilities related to data protection, ethical compliance, and misuse of AI-generated content.
All three studies share the view that data collection and model training practices represent the core of privacy vulnerability in ChatGPT’s architecture. Gupta et al. [25] highlight how GenAI can simultaneously function as a defensive cybersecurity tool automating threat detection, generating incident reports, and simulating attacks while also being exploited for malicious purposes such as phishing, malware creation, and system manipulation. This duality aligns with Falade’s [27] argument that the same features that make AI efficient and scalable can be repurposed by adversaries, revealing a systemic weakness in how data and model access are governed. Similarly, Al-Kamli et al. [26] emphasize users’ growing fear that ChatGPT’s reliance on personal and public data can lead to unintended disclosures or unauthorized exploitation, reflecting widespread anxiety about transparency and consent in AI-mediated communication.
Despite these shared concerns, the three studies diverge in scope and methodological orientation. Gupta et al. [25] adopt a technical-security perspective, focusing on operational mechanisms and AI-enabled cyber defense strategies, while Al-Kamli et al. [26] approach the issue from a user-centered and empirical standpoint, combining social media analysis with survey data to categorize distinct types of privacy risks public data exploitation, input misuse, and unauthorized access. In contrast, Falade [27] applies a socio-technical analytical lens, synthesizing online discourse and literature to contextualize privacy concerns within broader questions of regulation, human reliance, and ethical governance. This methodological diversity enriches the discourse, illustrating that the challenges of ChatGPT’s privacy and security extend beyond technology itself to include human awareness, institutional responsibility, and policy enforcement.
In terms of proposed solutions, all studies converge on the necessity of multi-layered protection mechanisms that combine technical safeguards with educational and ethical interventions. Gupta et al. [25] advocate for proactive cybersecurity frameworks, ethical regulation, and AI-driven monitoring tools. Al-Kamli et al. [26] emphasize enhancing user awareness and participatory feedback mechanisms, while Falade [27] calls for a more balanced approach that integrates encryption, auditing, legal reform, and public engagement. This collective insight suggests a shift in the scholarly conversation from focusing solely on technological mitigation to acknowledging the human and governance dimensions of AI privacy.
Taken together, the literature reveals a critical gap in current understanding. Although these studies illuminate vital aspects of privacy and security, they largely examine the issue from either a technical or conceptual standpoint, often neglecting how individual users perceive, understand, and respond to data risks associated with ChatGPT. There remains limited empirical evidence linking user demographics, awareness, and trust to perceptions of data safety and ethical AI use. Addressing this gap is essential to developing an integrated framework that bridges technological safeguards and human-centric understanding, ensuring more responsible and transparent use of generative AI systems.

3.2. User Awareness

The literature on user awareness and perception of ChatGPT emphasizes that understanding how individuals interact with generative AI is central to ensuring ethical and responsible use. Across studies by Shahzad et al. [7], Alawida et al. [3], Albayati [28], Al-Murshidi et al. [8], and Haque et al. [29], a consistent theme emerges: while ChatGPT offers substantial educational, professional, and social benefits, users’ limited awareness of its data handling practices continues to raise concerns about privacy, misinformation, and ethical implications.
A key point of convergence among these studies is that user awareness and trust directly influence adoption and responsible engagement with ChatGPT. Shahzad et al. [7] demonstrate this relationship empirically through the Technology Acceptance Model TAM, revealing that greater awareness and perceived intelligence enhance students’ willingness to adopt AI-based tools in higher education. Similarly, Albayati [28] extends the TAM framework by incorporating variables such as privacy, security, social influence, and trust, concluding that awareness and confidence in ChatGPT’s reliability significantly shape users’ acceptance behavior. Both studies confirm that awareness functions as a mediating factor between technological innovation and ethical usage, with trust emerging as the critical determinant for sustainable adoption.
While Shahzad et al. [7] and Albayati [28] focus on academic contexts, Al-Murshidi et al. [8] broaden the scope by exploring students’ perceptions in the UAE, where awareness is linked to optimism and responsible engagement. Their findings suggest that students who recognize ChatGPT’s limitations such as bias or misinformation tend to use it more critically and ethically. This aligns with Haque et al. [29], who analyze the societal impact of ChatGPT beyond education, noting that although users appreciate its versatility and efficiency, they often underestimate the biases and inaccuracies embedded in AI-generated content. Both studies highlight the need for educational interventions that promote critical thinking and media literacy to strengthen awareness and mitigate risks of overreliance or misuse.
From a cybersecurity standpoint, Alawida et al. [3] bridge the technical and behavioral dimensions by examining how user knowledge affects exposure to AI-enabled cyberthreats. Their findings reveal that insufficient awareness can make users unintentional facilitators of phishing, malware generation, or social engineering attacks, while trained and informed users can leverage ChatGPT to enhance defensive practices. This introduces an important divergence from education-oriented studies: while Shahzad et al. [7], Albayati [28], and Al-Murshidi et al. [8] view awareness primarily as a driver of adoption and ethical use, Alawida et al. [3] frame it as a protective mechanism against emerging security threats. Thus, awareness in the literature is conceptualized both as an enabler of informed adoption and as a shield against potential AI misuse.
Despite their shared recognition of awareness as essential, the studies differ in how they operationalize it. Academic-focused research e.g., Shahzad et al. [7]; Albayati [28] emphasizes perceived usefulness and ease of use, while cybersecurity-oriented work e.g., Alawida et al. [3] emphasizes risk perception and defensive behavior. Haque et al. [29] further expand this lens by introducing societal awareness, connecting individual understanding to broader social consequences, including misinformation, skill erosion, and ethical accountability. This diversity of perspectives enriches the discourse but also exposes an underlying fragmentation: most research isolates awareness within specific domains rather than examining it as a multidimensional construct shaped by privacy knowledge, technological trust, and contextual use.
Taken together, these studies demonstrate that awareness is the cornerstone of ethical and effective engagement with ChatGPT. Yet, a critical gap persists in current research. The existing literature often treats awareness as a static concept, neglecting how it interacts with demographic factors such as age, education level, and frequency of AI use, or how it evolves with continued exposure to generative AI tools. Moreover, empirical integration between user awareness, privacy perception, and trust remains limited, leaving unanswered questions about how individuals translate understanding into protective or ethical behavior. Addressing this gap is essential to developing a more holistic framework that links user cognition, privacy awareness, and trust formation ultimately supporting safer and more transparent human AI interactions.

4. Privacy Risks Associated with ChatGPT’s Data Collection

Generative AI models, especially ChatGPT, have made huge progress in user interaction. But with these advancements come major privacy risks. These risks mainly arise from how these platforms collect, use, and store data [11]. This section identifies two primary classes of privacy risks which are Data Collection Risks and Data Usage Risks, each encompassing more specific threats [14].
To interpret the privacy risks associated with ChatGPT’s data collection, this study draws on established theories in privacy and technology adoption. Privacy calculus theory [30] posits that users evaluate technologies by weighing expected benefits against potential risks. In the context of ChatGPT, participants might perceive efficiency and convenience as benefits, while concerns about data retention and third-party use represent significant risks. The AI Trust Framework [31] further explains that user trust in AI systems is shaped by perceived transparency, control, and security safeguards. Our survey results regarding demands for clearer policies and stronger user control can be directly interpreted through this lens, as a lack of transparency amplifies perceived risks and undermines trust.
Finally, the Technology Acceptance Model (TAM) [32] provides a complementary perspective, linking ethical data practices to users’ willingness to adopt ChatGPT. This implies that even when a system is perceived as useful and easy to use, unresolved privacy concerns can hinder its adoption. Collectively, these frameworks provide a strong conceptual basis for understanding users’ concerns about privacy, ethical artificial intelligence, and the legitimate use of personal information, thus supporting the analytical depth of this study.

4.1. Data Collection Risks

Data collection in the context of ChatGPT refers to the practices of collecting and storing user data during interactions with ChatGPT. This threat category encompasses all risks related to gathering user data, as well as what data is collected and how transparent the process is [5].

4.1.1. Unauthorized Data Collection

The ChatGPT system automatically logs user interaction data in great detail. However, users often do not fully understand the extent of the data that is recorded and stored. This data may include not just direct user queries but also behavioral data, such as how often users interact with specific search results and user preferences. This issue raises questions about the unauthorized gathering of data, data that is collected without informed consent, or data that deviates from what a user would expect [14].

4.1.2. Unintentional Exposure of Personal Information

Given the immense quantity of data that ChatGPT processes, the risk of inadvertently disclosing sensitive information is a constant consideration. During these interactions, however, users may accidentally enter their personal data (such as financial information, health details, or contacts). If the system fails to adequately filter or sanitize user input, there is a risk that sensitive data may inadvertently appear in generated responses or be stored without appropriate safeguards [15]. So, this poses a direct and unintended threat to users’ privacy, especially if this information is disclosed in a way neither the user nor the platform anticipated.

4.1.3. Lack of Transparency in Data Handling

The ChatGPT platform does not provide full transparency to users how its data collection mechanisms work. The privacy policies usually do not specify what kind of data is collected, how it is stored, or who can access it. The absence of transparency creates a sense of distrust among users, who may feel they are being monitored without their complete awareness [5].

4.1.4. Data Retention Without Consent

Data retention refers to storing user data even after it has been collected. When it comes to data deletion, for example, in the case of ChatGPT, data is often stored in order to enhance the system. However, most users have no idea how long their data is kept or the various ways in which it is used [14]. Due to the lack of consent mechanisms and transparency about data retention and sharing, users’ personal and private information may be stored longer than they would like or consider acceptable.

4.2. Data Usage Risks

The risks associated with data usage include how the ChatGPT system processes the data that is collected by the system, including how it is shared with partners and whether the data will be used by the platform in the context of misuse, unauthorized access, and potential exploitation [11].

4.2.1. Misuse by Third Parties

After data collection, the data can be shared with advertisers, researchers, or contractors. These third parties can then use the data for commercial gain or in ways the original users did not explicitly opt into. Without adequate oversight, data could be sold, shared, or repurposed without users being fully aware [5].

4.2.2. Privacy Leakage and Exploitation of Personal Inputs

Input data for ChatGPT could include personal information, such as health-related questions or bank account details, which might become visible or misused if ChatGPT’s privacy features are not sufficient. User data may be stored after interaction and reused for future analytics or system improvements. This data has the potential to be used to personalize user experiences or even shared with third parties long after the conversation ends, posing serious risks to privacy [15]. For example, even personal interactions may be analyzed and used to show users their thoughts and needs.

4.2.3. Unauthorized Access to User Data

Unauthorized access occurs when an unauthorized or malicious user gains access to a user’s personal data. If ChatGPT lacks proper data security measures, hackers can access sensitive data such as personal conversations, preferences, or financial information. Unauthorized access might lead to huge impacts, such as identity theft or financial fraud [14].

4.2.4. Data Bias and Inaccuracy

The primary concern with the data that ChatGPT processes is that it could be biased in its responses [5]. This issue arises because the model is trained on large datasets that may include biased, incomplete, or incorrect information. As a result, the AI could easily generate discriminatory, inaccurate, or even harmful content. Additionally, biased data could be used to target specific users or demographics, raising significant privacy and ethical concerns.

4.2.5. AI-Powered Misinformation and Social Engineering

Generative AI models like ChatGPT can generate accurate, misleading, or completely false information. Malicious actors can exploit this capability for phishing, social engineering, etc. Users with malicious intent can use ChatGPT to generate fraudulent emails, incorrect medical advice, or fake news, misleading others and potentially causing harm in various ways [15]. The misuse of data can lead to serious privacy and security risks.

5. Results and Analysis

The survey was distributed across various regions of Saudi Arabia, including Jeddah, Riyadh, Al Qunfudhah, and Makkah, to capture diverse opinions on the use of ChatGPT and awareness of data privacy. The survey was conducted between April and May 2025 and was available in English with Arabic translations to ensure clarity and accessibility.
The survey was distributed online via Google Forms, shared through social media platforms and email, and received 215 valid responses. The survey included 20 items divided into four sections: general information, awareness of data collection, privacy concerns, and suggested improvements. It was pretested with 10 participants to ensure clarity, coherence, and logical sequencing. Expert review confirmed its internal consistency. Ethical considerations were strictly observed, with voluntary, anonymous participation and informed consent from all participants.
This survey aimed to understand the sensitivity of collecting data and privacy-related concerns in the context of ChatGPT in order to bridge the gap with a larger audience. It aimed to understand users’ thoughts about their data privacy and the risks they face when using ChatGPT. The structure of the questionnaire was meticulously planned based on the following processes:
  • Survey Topics Identification: The survey topics were designed based on the research aim to investigate what users know about application data collection and privacy concerns when using AI-based systems such as ChatGPT.
  • Decision-making Required Information: The essential information was demographic data, knowledge of data collection, concerns with privacy, and recommendations for improving the privacy policy.
  • Identification of Subjects: The subjects were users who frequently and occasionally used ChatGPT. The general mission was to secure a range of views across all age groups, educational backgrounds, and degrees of technological literacy.
  • Selection of Method(s) to Reach Participants: The survey was online and shared through Google Forms, allowing for a wide reach. The survey links were disseminated on social media sites and also directly through email invitations to reach a wide population.
  • Identification of Question Content: Included are questions that were purposefully selected to address salient areas: general information, awareness of data collection, consideration for privacy, and user ideas for refinement.
  • Survey Question Design: The survey questions were crafted in order to get a clear answers from participants, focused on transparency and user control over personal data. All questions related to attitudes and perceptions were in the form of multiple-choice or Likert scale format.
  • Sequencing of Questions: The questions were sequenced in a natural order, including demographic questions first and concluding with recommendations for improving data collection.
  • Checking Questionnaire Length: The questionnaire was carefully designed to be short enough to be manageable, ensuring a high response rate.
  • Pre-Testing the Questionnaire: A small group of participants pre-tested the questionnaire to ensure that the questions were clear and that all ambiguities were eliminated.
  • Final Questionnaire Development: The final questionnaire was constructed after pre-testing was completed, having incorporated the necessary amendments.
The participants were recruited through a convenience sample, using an online Google Form distributed via social media platforms and email. This approach allowed us to reach a broad audience but does not represent a truly random sample, which may limit the generalizability of the findings due to potential self-selection bias.
The study aimed at respondents with different levels of experience in using ChatGPT, both frequent and occasional. The final data set included responses from 215 people who provided valid responses. The data collected was from four main sections of the survey, as shown in Table 1.
The questionnaire’s design consisted of 20 questions covering all sections, as shown in the table above. Participants were asked to indicate their agreement, disagreement, or neutrality with various statements using a five-point Likert scale (Strongly Agree, Agree, Neutral, Disagree, Strongly Disagree).

5.1. Survey Results

5.1.1. The Background of the Participants

Some participants were from a diverse and distinct age group, most of them between 35 and 44 years old (25.9%), and had different professional statuses, including students, employees in technical and non-technical fields, and others. They also had varying educational levels and frequency of use of ChatGPT, as shown in Table 2.

5.1.2. Results Based on Awareness of Data Collection in ChatGPT

The survey in this section included various questions aimed at measuring participants’ awareness of ChatGPT and their understanding of the data collected. As shown in Table 3, the results revealed important indicators of the prevalence of awareness and engagement with this technology.

5.1.3. Results Based on Privacy Risks Related to ChatGPT

The questions were designed to raise awareness of ChatGPT privacy risks from the perspectives of participants. The results are presented in Table 4.

5.1.4. Results Based on Suggested Improvements and User Control

The survey revealed the need for improvements and recommendations based on participants’ opinions. The results are presented in Table 5.

5.2. Survey Analysis

5.2.1. General Information Section

The General Information section provides valuable insights into the demographics of ChatGPT users and highlights some possible concerns from a data privacy perspective. The majority of respondents are aged 35–44 (25.9% of participants), 45–54 (20.4%) and 25–34 (15.3%) respectively. This observation suggests that ChatGPT has considerable usage across the middle-aged group, whose members are more comfortable with digital tools and AI. Notably, the 18–24 age group accounts for 12.5% of participants, indicating that young people are an important group of users on the platform, though not the most prominent. Users under 18 years account for 13.9%, which indicates a lower usage level by younger users, possibly due to age-related limitations or concerns about data privacy. Additionally, 12% of respondents were 55+, suggesting less interest or familiarity among older segments with AI tools.
Concerning the level of education, the majority of survey participants (60.6%) hold a bachelor’s degree, while 22.2% did not go beyond high school. These numbers indicate that the participants are predominantly well-educated and might be more aware of data protection issues than the general public. However, the fact that only 8.8% have a Master’s degree and 3.2% have a PhD suggests that most users are highly educated, but a considerable percentage does not have a post-graduate level of education, which may indicate a gap in terms of advanced knowledge of issues of data privacy and AI ethics.
On the frequency of ChatGPT usage, approximately 19.9% of the respondents indicated that they use ChatGPT daily, and 24.1% use it a few times a week. This indicates that many users are regular users who use ChatGPT frequently enough to become familiar with its functionality and privacy implications. These frequent users also tend to better understand what is being collected and the privacy implications. However, 28.2% rarely use ChatGPT, and 17.6% never use it, which can indicate either limited knowledge of the chatbot’s features or reluctance due to privacy concerns. For professional status, 25% of the respondents are students, 33.8% in non-tech professions, and 7.4% in tech professions. These results show that ChatGPT is being accessed by a broad spectrum of people, including students and working professionals in different industries and fields. Notably, a significant fraction of users are also not in tech, suggesting that ChatGPT is being adopted in areas outside the core tech industry, perhaps indicating less of a technical background but also increasingly relying on digital tools. This emphasizes the importance of making ChatGPT easier to access and understand for non-tech professionals, who might not be as informed about their data and use. Additionally, 6.9% were freelancers, further reinforcing the diversity of user types with different levels of engagement with AI.
Overall, this section indicates that a diverse set of people use ChatGPT, who are, on average, well-educated and middle-aged. The service is popular amongst students and professionals; however, the varying incidence of use reflects differing awareness concerning risks to data privacy. It is important to know the demographic breakdown of ChatGPT users, as frequent users might require different privacy guidance compared to less frequent users on the platform.

5.2.2. Awareness of Data Collection Section

In the Data Collection Awareness section, the findings indicate that, based on our proposed measure, 72.7% of participants were aware that ChatGPT collects data during interactions, of which 36.1% strongly agree, and 36.6% agree. However, 6.9% neither agreed nor disagreed, suggesting that some participants remain uncertain about whether their data is being collected. These findings underscore the need for greater transparency in data collection.
Only 6.5% of users strongly agree that they have read the privacy policy, and 16.7% expressed general agreement. Conversely, 49.5% disagreed or strongly disagreed, indicating limited engagement with the policy. This suggests a broader lack of user awareness and involvement and that ChatGPT should enhance its privacy policy communication to ensure users clearly understand how their data is used.
A notable portion of participants, 37.1%, responded affirmatively when asked if they had control over the data collected about them while interacting with ChatGPT, indicating that some users perceive a sense of control over their data. However, not all participants agreed 28.7% held no opinion, and 34.2% did not agree at all or only slightly, which indicates that many users are uncertain or dissatisfied with their level of control over data collection. The ChatGPT platform should be designed to improve the clarity of communication regarding user data management, making it more transparent and specific about what users can and cannot control. If this issue remains unaddressed, it will likely cause users confusion and frustration.
Concerning knowledge about the types of data ChatGPT collects, 38.9% of participants agreed that they understood what data types were being collected. However, 32.9% were neutral or unsure, and 28.2% disagreed or strongly disagreed. This is somewhat concerning because many users still seem to be unclear about what data is collected and how it is used, which indicates that ChatGPT has some work to do in clearly communicating what information it is collecting and why. There is a need for transparency and easily accessible information on what data is being taken from the user and what the company is doing with it.
As for users’ beliefs regarding sharing the generated data with third parties, 44.9% of the users felt that ChatGPT shares their data with third parties, and 32.9% of the users did not have an opinion. They were not alone; 22.3% of respondents disagreed, highlighting a significant proportion expressing privacy concerns around third-party data sharing. This suggests a high distrust among users of what is happening to their data and where it goes. ChatGPT should be more explicit about how and when it accesses user data, and users should be given confidence in who can or cannot access their data and under what conditions.
Overall, though a large proportion of users are aware that data collection is a common practice, there is still a significant gap in understanding what the data is and is not collected and how it is being used. Many people are unsure how much control they have over their information, and concerns about sharing data with third parties are widespread. These results highlight the need for clarity, increased transparency, and enhanced user control in ChatGPT’s data handling practices. If addressed, these problems can help ChatGPT build user trust and satisfaction by allowing them to understand better how their data is being processed.

5.2.3. Privacy Concerns

The responses in the Privacy Risks section highlighted key concerns about privacy and data security while using ChatGPT. The data indicates that several concerns must be addressed to build user confidence and ensure the protection of personal information. Privacy emerged as the most prominent concern. Regarding whether users are worried about their privacy while using ChatGPT, 61.6% (strongly agree and agree) expressed concern, which means privacy is an important issue for most of the participants. This concern is echoed in the replies and indicates that ChatGPT should offer stronger privacy assurances and be more transparent in handling data. This emphasizes the importance of addressing privacy issues to restore the trust of the users.
Regarding retention of data, 57.9% of respondents (strongly agree + agree) believed that ChatGPT holds on to user data for longer than necessary. This mistrust refers to a lack of confidence in data retention policies; many users do not know how long data remains stored in the system. A high proportion of neutral responses (31.5%) illustrates the lack of clarity in data storage practices. The low percentage of disagreeing responses (12.5%) indicates that the majority of users would prefer data to be retained as long as required and seek increased control over how long their data is stored. These findings clearly show that there is work to be done around more transparent communication of data retention and more user control. Concerning unauthorized access to personal information, 61.6% of respondents (i.e., those who strongly agreed and agreed) expressed concern about access by unauthorized third parties. This demonstrates a considerable lack of confidence in ChatGPT’s ability to secure user data adequately. With that in mind, it is important to shore up security and enhance communication about what is being done to secure the data. While 20.8% remained neutral and just 17.6% disagreed, the majority are concerned about the safety of their data, indicating that current practices need to be supplemented with more transparent and restrictive measures.
The statement to add more transparency to the collection and storage of user data for ChatGPT was also well supported, with 82% (strongly agree + agree) supporting it. This strong demand for transparency reveals that users consider informed consent and transparency in data handling crucial. Reflecting the current climate of anxiety about data protection, ChatGPT can better communicate its data policies and allow users to be more actively involved in decisions about their personal data.
Regarding using data to train AI models, 62.9% (strongly agree + agree) were concerned that their data could be used for training purposes without their explicit consent. This represents an important ethical concern and demonstrates that users want informed consent before their data is used in such ways. The fact that a large proportion of users expressed concern about data usage for AI training highlights the importance of more precise consent mechanisms and better explanations of data usage. Lastly, concerns regarding biased responses generated by ChatGPT based on the data it has been trained on were observed, with 62.5% (strongly agree and agree) of respondents indicating concern. Given the widespread suspicion of bias, ensuring that ChatGPT is trained on balanced and diverse data is necessary to avoid reproducing bias. This illustrates how users expect fair and objective interactions with the platform. 28.2% who remained neutral may be aware of the potential for bias but unaware of its implications, suggesting that ChatGPT should provide more educational content explaining how AI works and how bias is managed.
The findings from this section demonstrate that privacy and security are critical considerations for potential users of ChatGPT. When a significant portion of users worry about data being stored, misused, and biased, AI responses, ChatGPT strengthens its privacy policy, security framework, and transparency in data management practices. The overwhelming demand for greater transparency and informed consent on the use of data, especially in the training of AI, reflects a clear need for better governance of user data. By addressing these concerns, the developers of ChatGPT can build trust and demonstrate that the system is designed to handle user data in ways that respect user expectations and privacy values.

5.2.4. Suggested Improvements

The Suggested Improvements and User Control section offers important insights into what users expect/want ChatGPT to do regarding their data and how much control users want over it. The survey results reveal a strong desire for more control over data. Early findings in the survey indicate that users want more control over their data, as well as clearer privacy policies and stronger regulations to ensure that personal information is handled securely and transparently. In response to a question about whether they think that users should be allowed to opt out of the collection of their data, a vast majority of participants, 86.6%, indicated that they agree that it should be possible to opt out of personal data collection entirely. This response reflects users’ apparent wish to control what data gets collected or even if data should be collected in the first place. The low percentage who disagreed, 1.9%, suggests that opt-out may be seen as an important privacy feature that would strengthen the user’s trust in ChatGPT. Introducing this possibility could significantly increase user satisfaction, especially since they will be able to control their data personally.
Regarding raising awareness of AI privacy risks, 90.7% agreed that the public should be educated about the privacy risks of AI technologies, such as ChatGPT. Fewer than one in ten users think the public is well informed about the risks associated with personal privacy related to AI. This underscores an urgent challenge for ChatGPT to become an exemplar of privacy, as well as a driver for enhancing public awareness of these matters. There is potential for ChatGPT to take a leadership role in educating users and the public about how their data is used, who has access to it, and what actions are being taken to protect it.
The item concerning the deletion of data between each session was not as clear-cut 83.4% agreed that ChatGPT should immediately provide the option to delete data after every interaction, highlighting the demand for more control over personal data. These findings suggest that users clearly want to feel empowered to control and delete their data as they wish. The 4.7% who disagreed with the prompt indicated that allowing users to get rid of their data would increase user trust and ensure ChatGPT supports current privacy benchmarks. It would also assure users that the service is committed to their data privacy.
When asked if stronger laws and regulations are needed to restrict how ChatGPT gathers and uses data, 87% agreed, reflecting a strong appetite for stronger regulations in the AI space. This view is also reflected in the findings that suggest users believe there should be stricter rules around how AI platforms like ChatGPT manage their personal information. The small proportion of user disagreement, 2.4%, underscores that most users would rather see policies and oversight implemented to keep their data handled ethically and safely. This is a notable observation and one that implies the AI industry, more broadly, as well as ChatGPT, needs stronger regulation and must be prepared for future legislation to protect privacy.
The results in this section indicate that there is a high demand for increased user control over personal data and for more transparent and stronger privacy legislation. The positive consensus about having an opt-out mechanism and the ability to delete data after a session, as well as the clear demand for more awareness of the risks of privacy in AI, suggests a growing desire for user empowerment and accountability in data stewardship. By tackling these concerns and adopting the recommendations, we argue that ChatGPT can build trust, increase user satisfaction, and stay ahead of rising privacy expectations in AI.

5.3. Cross-Tabulation Analysis of Demographics and User Attitudes

To move beyond descriptive summaries, this section provides an in-depth analysis linking demographic characteristics, such as age, education, and frequency of ChatGPT use, with behavioral indicators like policy reading and data retention awareness to users’ attitudes toward privacy, awareness, and transparency. Cross-tabulated patterns reveal how differences in users’ backgrounds and levels of interaction shape their perceptions of ChatGPT’s data practices, offering insights that enrich the interpretation of the survey results.
Respondents with higher levels of education were more likely to be aware of data retention periods and the possibility of reusing interactions based on policies. In contrast, respondents with lower levels of education often demonstrated only a basic understanding of data collection. This finding suggests that formal education is associated with a more nuanced policy awareness rather than a superficial knowledge of ChatGPT’s data handling practices.
Older participants tended to express stronger privacy concerns and, consequently, called for stricter measures, such as clear data retention limits and opt-out options. Younger participants, though generally less concerned, showed a greater emphasis on the use of clear explanations. These findings suggest that increased concern among older age groups translates into stricter expectations regarding control and consent, while younger groups prioritize accessibility and clear communication.
Frequent users reported greater awareness of data collection and retention practices. However, this awareness did not necessarily translate into greater trust. Rather, these users expressed more specific expectations for transparency, such as dashboard-level controls, data export or deletion features, and clearer consent mechanisms. In contrast, infrequent users were less specific in their demands, often expressing only a general call for transparency and control.
Participants who read or quickly skimmed privacy policies tended to expect detailed and precise consent mechanisms and limited-purpose processing. On the other hand, non-readers were more accepting of default settings, provided the summaries were written in clear and easy-to-understand language. This distinction highlights the need for multiple transparency models, one designed for detail-oriented users and another for those who prefer simplified communication. Participants who believed that interactions could be retained for extended periods were more likely to request time-bound retention policies, explicit delete workflows, and off-record modes. This pattern illustrates how perceptions of data retention duration directly influence user expectations of control and transparency.
Collectively, these relationships form a coherent picture showing that education contributes to a deeper and more focused awareness of policies, age influences the intensity of privacy concerns and the demand for control, frequency of use reinforces expectations of using advanced transparency tools, and reading behavior determines whether users seek detailed or simplified consent procedures. Taken together, these findings demonstrate that user trust and comfort with ChatGPT are not shaped by a single factor but rather by the interaction of demographic and behavioral dimensions, providing a deeper understanding of how individuals evaluate AI data practices.

6. Recommendations and Proposed Solutions

This sections summarizes all the insightful conclusions, recommendations, and practical solutions based on the survey and secondary data from the literature review. These recommendations are designed to tackle the most urgent problems concerning users and researchers, such as lack of user awareness, data privacy, ethical responsibility, and the trustworthiness of generative AI like ChatGPT. The growing demand and interest in these technologies in everyday life, like education, working life, and human-to-human communication, require appropriate action and governance steps by all the concerned stakeholders. Thus, this chapter not only discusses the emerging issues of concern but also presents some realistic and feasible strategies for controlling the use and development of generative AI.

6.1. Enhancing User Awareness

The education of users is an essential foundation for responsible and effective employment of generative AI from an ethical and economic point of view. The findings confirm that most of the users make use of resources like ChatGPT without even knowing anything about the science behind them, how much data is being processed, and even the ethics behind their functioning. Thus, public awareness generation and digital education are required in order to prevent irresponsible and uninformed use. The following strategies are recommended:

6.1.1. Awareness Campaigns

The most direct way of increasing public awareness is through well-designed awareness campaigns by technology firms, universities, and government entities. The campaign needs to focus on clarifying how generative AI systems work, the data training processes, language generation, and real-time interaction. Multimedia like videos, infographics, and interactive simulations can be employed to communicate effectively with a large public. Above all, such campaigns would also increase awareness regarding possible problems such as disinformation, data abuse, and algorithmic bias to allow users to negotiate such systems critically. Influencer engagement, educators, and community leaders can scale up dissemination and improve AI literacy among age and socio-economic groups.

6.1.2. Transparent Onboarding Practices

One such part to teach users is at the start when they join a generative AI platform. Instead of giving long, hard terms of service papers, makers can give concise and clear information about data use, system strengths and weak points, and safety rules in place. Not only does this allow for user freedom, but it also builds trust between users and their platforms. For instance, a concise, interactive tutorial for the process of initializing the application may explain how the responses are generated, the type of data that will probably be logged, and how one may modify his/her privacy settings. Transparency at onboarding helps balance knowledge between creators and customers of AI and meets the standard of informed consent.

6.1.3. Integrating AI Literacy in Education

To prepare current and future groups for a world more influenced by AI, it is essential to incorporate AI literacy into school systems. AI understanding should not just focus on technical facts; it must also include awareness of right and wrong, clear thinking, and the skill to understand what AI produces. Curriculum developers should add classes on how AI models get trained, how algorithms decide things, and what problems may come from the uncontrolled use of AI [33]. Also, schools and universities ought to encourage learning that connects computer science with ethics, sociology, and law. This overall method will create a group of users and builders who are skilled not only in AI technology but also in other fields.

6.2. Strengthening Data Privacy and Security

As AI systems become more common in various sectors, ensuring data privacy and security measures is essential. This list of recommendations is intended to increase trust from the user and verify user confidence in generative AI technologies.

6.2.1. Clear and Accessible Privacy Policies

Developers must provide clear and user-friendly privacy policies that are extensive and intended for laypersons. These policies must be very explicit on what data is collected, why it is collected, and how it is processed. Research has suggested above that privacy policies are hard to understand, and the related issues regarding users’ rights over their data are unclear. These instructions should be distilled to promote transparency and strengthen trust between AI platforms and their users.

6.2.2. Enabling User Consent and Control

Implementing mechanisms that give users greater control over their data is critical. These include optional data collection capabilities, simple privacy controls, and the ability to change or revoke consent at will. “Dynamic consent” is a model consistent with active and ongoing consent processes, allowing users to manage their preferences continuously. Moreover, companies have to ensure that new AI-based features are accompanied by new user agreements and clear notifications to obtain renewed consent rather than hiding behind consent already obtained.

6.2.3. Regular Independent Audits

Conducting regular independent audits of AI systems ensures compliance with privacy laws and ethical standards. These audits should examine data management, safety measures in place, and what all AI systems do to protect the privacy of users. Independent auditing not only discovers potential weaknesses but also forces developers and organizations to be responsible. Policy debates now suggest that third-party should become mandatory to address the socio-technical mess that AI systems created [34]. Indeed, a call to establish audit boards made up of AI audit standard experts has also been made to enact uniform and thorough audit practices in the industry [35].

6.3. Building User Trust

Establishing and maintaining user trust is paramount for the successful deployment of generative AI systems. Trust can be created by ensuring transparency, involving users, and adhering to core ethical principles.

6.3.1. Explainable AI (XAI)

Using Explainable AI techniques provides insights into AI decision-making processes in a transparent way for the user to understand. This is most crucial in high-stakes domains such as healthcare and finance, where explaining the outputs of AI to users needs to be done for confidence and to ensure correct decision-making [36].

6.3.2. Feedback Mechanisms

By adding user feedback tools, one can send a complaint or error (positive) to the users. This would build trust and hold the platform accountable for key matters. Well-designed feedback systems are a key component of iteratively improving AI systems and sending signals that the team is looking to engage and listen to users genuinely.

6.3.3. Ethical Development Principles

Compliance with universal ethical frameworks helps build AI that is responsible and ethical in its design and implementation. Ethical frameworks for the AL development ensure human trust and general social acceptance by respecting transparency, accountability, and respect for human rights.

6.4. Promoting Responsible Use

Incentivizing Generative AI Responsible Use implies following guidelines and safeguards, so the know-how cannot be abused or the accuracy of information harmed.

6.4.1. Usage Guidelines

Enable users to understand the right/ethical usage of AI within AI platforms, which is especially critical for sensitive issues like education and business. These guidelines keep misuse from becoming rampant and create a culture of responsibility among users.

6.4.2. Content Moderation Tools

Prepared with state-of-the-art content moderation tools to detect and thwart the creation of harmful misinformation or deceptive content. AI System Moderation can be used to detect not only context-driven misleading news but also inappropriate stuff like misinformation and explicit content, thus keeping users safe and assuring the purity of information.

6.5. Directions for Future Research

Future research should be devoted to these issues in response to the changing issues, and opportunities of generative AI.

6.5.1. Long-Term User Interaction Studies

Conducting longitudinal studies on human interaction with generative AI systems could help reveal changing behaviors, perceptions, and trust over time. Research Value for long-term AI and user: This is important to learn causality or has an impact on pointing out the development of AI systems that users care about.

6.5.2. Cross-Cultural Research

Investigating differences in user awareness and trust across cultural and geographic contexts can support the development of regionally sensitive AI systems. Cross-cultural research can capture the diversity of user requirements and needs to benefit the inclusivity and generalization of AI technologies.

6.5.3. Adaptive Regulatory Frameworks

It is important to develop adaptive regulatory frameworks that keep pace with the rapidly evolving AI technology so that a standard of ethical and lawful guidelines is maintained. These frameworks must strike a balance between innovation and the mitigation of risks—on users and broader society in case of AI deployment.

7. Conclusions and Future Work

This research project offers a comprehensive examination of the privacy concerns surrounding ChatGPT and their implications on user trust and awareness. The study was inspired by the increasing presence of generative AI in our daily lives and the rising concerns of individuals and organizations about the ethical implications of such technologies. Through a user survey, this study generated valuable insights revealing a significant disconnect between what people think they know and what they actually know about how data are collected, stored, and shared. Respondents expressed fears that their data might be accessed without authorization, stored longer than needed, or used for unintended purposes such as training new models, while also showing a strong desire for greater control over their personal information, including opt-out options, deletion, and better communication about data policies. Based on these insights, the article advanced an integrated approach focused on technological design, policy reforms, and wider public engagement—such as explainable AI, improving public education, enhancing consent mechanisms, and developing governance frameworks that prioritize users’ rights. The work reinforced the need for organizational transparency and ongoing dialogue between AI developers, regulators, and users to build trust and ethically guide AI deployment. Overall, the study illustrates the potential of ChatGPT and similar technologies to revolutionize industries but highlights the necessity of coupling innovation with ethical responsibility. Protecting user privacy, enabling meaningful choice, and ensuring accountability are fundamental to building trustworthy AI systems. By conducting a broad analysis of the technological and ethical context for generative AI, the research outlined opportunities in communication, education, healthcare, and business, alongside risks ranging from misuse of data to biased or misleading content and lack of user control. The literature review also emphasized that uncertainty in generative AI is not only technical but also social and psychological, with trust, fairness, and accountability as recurring themes. By addressing these challenges, practitioners across the AI ecosystem can help shape a future where artificial intelligence serves as a force for good, advancing human progress while upholding the foundational values of privacy, fairness, and respect.

Author Contributions

Conceptualization, L.M.A., A.M.A. and S.A.; methodology, L.M.A., A.M.A. and S.A; validation, L.M.A. and A.M.A.; data curation, L.M.A. and A.M.A.; writing—original draft preparation, L.M.A. and A.M.A.; writing—review and editing, S.A.; supervision, S.A. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Informed Consent Statement

All participants were informed about the purpose of the study at the beginning of the questionnaire. Participation was voluntary, and all responses were anonymous and treated confidentially. Completion and submission of the questionnaire was considered as providing informed consent.

Data Availability Statement

The raw data supporting the conclusions of this article will be made available by the authors on request.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Al-Hawawreh, M.; Aljuhani, A.; Jararweh, Y. ChatGPT for Cybersecurity: Practical Applications, Challenges, and Future Directions. Clust. Comput. 2023, 26, 3421–3436. [Google Scholar] [CrossRef]
  2. Wu, X.; Duan, R.; Ni, J. Unveiling security, privacy, and ethical concerns of ChatGPT. J. Inf. Intell. 2024, 2, 102–115. [Google Scholar] [CrossRef]
  3. Alawida, M.; Shawar, B.A.; Abiodun, O.I.; Mehmood, A.; Omolara, A.E.; Hwaitat, A.K.A. Unveiling the Dark Side of ChatGPT: Exploring Cyberattacks and Enhancing User Awareness. Information 2024, 15, 27. [Google Scholar] [CrossRef]
  4. Singla, A.; Sukharevsky, A.; Yee, L.; Chui, M.; Hall, B. The State of AI: How Organizations Are Rewiring to Capture Value; McKinsey & Company: Chicago, IL, USA, 2025. [Google Scholar]
  5. Bandi, A.; Adapa, P.V.S.R.; Kuchi, Y.E.V.P.K. The Power of Generative AI: A Review of Requirements, Models, Input–Output Formats, Evaluation Metrics, and Challenges. Future Internet 2023, 15, 260. [Google Scholar] [CrossRef]
  6. Nah, F.F.-H.; Zheng, R.; Cai, J.; Siau, K.; Chen, L. Generative AI and ChatGPT: Applications, challenges, and AI-human collaboration. J. Inf. Technol. Case Appl. Res. 2023, 25, 277–304. [Google Scholar] [CrossRef]
  7. Shahzad, M.F.; Xu, S.; Javed, I. ChatGPT awareness, acceptance, and adoption in higher education: The role of trust as a cornerstone. Int. J. Educ. Technol. High. Educ. 2024, 21, 46. [Google Scholar] [CrossRef]
  8. Murshidi, G.A.; Shulgina, G.; Kapuza, A.; Costley, J. How understanding the limitations and risks of using ChatGPT can contribute to willingness to use. Smart Learn. Environ. 2024, 11, 36. [Google Scholar] [CrossRef]
  9. Yenduri, G.; Ramalingam, M.; Selvi, G.; Supriya, Y.; Srivastava, G.; Maddikunta, P.; Raj, G.; Jhaveri, R.; Wang, W.; Vasilakos, A.; et al. GPT (Generative Pre-Trained Transformer)-A comprehensive review on enabling technologies, potential applications, emerging challenges, and future directions. IEEE Access 2024, 12, 54608–54624. [Google Scholar] [CrossRef]
  10. What is GPT. Amazon Web Services. 2025. Available online: https://aws.amazon.com/what-is/gpt/ (accessed on 21 September 2025).
  11. Hanna, M.G.; Pantanowitz, L.; Jackson, B.; Palmer, O.; Visweswaran, S.; Pantanowit, J.; Deebajah, M.; Rashidi, H.H. Ethical and Bias Considerations in Artificial Intelligence/Machine Learning. Mod. Pathol. 2025, 38, 100686. [Google Scholar] [CrossRef] [PubMed]
  12. Ladd, V. Generative AI Exposure to PyTorch’s Distributed RPC System and CVE-2024-5480 Vulnerability. Medium. 2024. Available online: https://medium.com/@oracle_43885/generative-ai-exposure-topytorchs-distributed-rpc-system-and-cve-2024-5480-vulnerability-663bfd604913 (accessed on 21 September 2025).
  13. Lee, F. What is a Neural Network? IBM. 2025. Available online: https://www.ibm.com/think/topics/neural-networks (accessed on 21 September 2025).
  14. Levitt, A. Navigating privacy in the age of AI: Evaluating the adequacy of the GDPR and CCPA to combat data exploitation and deepfake technology. Natl. High Sch. J. Sci. 2024. [Google Scholar]
  15. ASEAN Secretariat. Expanded ASEAN Guide on AI Governance and Ethics—Generative AI; ASEAN: Jakarta, Indonesia, 2025. [Google Scholar]
  16. OpenAI. OpenAI: Advanced AI Research and Development; OpenAI: San Francisco, CA, USA, 2024. [Google Scholar]
  17. Ray, P.P. ChatGPT: A comprehensive review on background, applications, key challenges, bias, ethics, limitations and future scope. Internet Things Cyber-Phys. Syst. 2023, 3, 121–154. [Google Scholar] [CrossRef]
  18. Roumeliotis, K.I.; Tselikas, N.D. ChatGPT and Open-AI Models: A Preliminary Review. Future Internet 2023, 15, 192. [Google Scholar] [CrossRef]
  19. Nazir, A.; Wang, Z. A comprehensive survey of ChatGPT: Advancements, applications, prospects, and challenges. Meta-Radiology 2023, 1, 100022. [Google Scholar] [CrossRef] [PubMed]
  20. Choudhury, A.; Shamszare, H. Investigating the Impact of User Trust on the Adoption and Use of ChatGPT: Survey Analysis. J. Med. Internet Res. 2023, 25, e47184. [Google Scholar] [CrossRef]
  21. Giordano, V.; Spada, I.; Chiarello, F.; Fantoni, G. The impact of ChatGPT on human skills: A quantitative study on twitter data. Technol. Forecast. Soc. Chang. 2024, 203, 123389. [Google Scholar] [CrossRef]
  22. Tabone, W.; de Winter, J. Using ChatGPT for human-computer interaction research: A primer. R. Soc. Open Sci. 2023, 10, 231053. [Google Scholar] [CrossRef] [PubMed]
  23. Haque, M.A. AA Brief Analysis of “ChatGPT”—A Revolutionary Tool Designed by OpenAI. EAI Endorsed Trans. AI Robot. 2022, 1, e15. [Google Scholar] [CrossRef]
  24. Sebastian, G. Privacy and data protection in chatgpt and other ai chatbots: Strategies for securing user information. Int. J. Secur. Priv. Pervasive Comput. 2023, 15, 1–14. [Google Scholar] [CrossRef]
  25. Gupta, M.; Akiri, C.; Aryal, K.; Parker, E.; Praharaj, L. From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy. IEEE Access 2023, 11, 80218–80245. [Google Scholar] [CrossRef]
  26. Alkamli, S.; Alabduljabbar, R. Understanding privacy concerns in ChatGPT: A data-driven approach with LDA topic modeling. Heliyon 2024, 10, e39087. [Google Scholar] [CrossRef]
  27. Falade, P.V. Investigating The Security and Privacy Issues in ChatGPT Usage and Their Impact on Organisational and Individual Security. Int. J. Sci. Res. Multidiscip. Stud. 2024, 10, 19–30. [Google Scholar]
  28. Albayati, H. Investigating undergraduate students’ perceptions and awareness of using ChatGPT as a regular assistance tool: A user acceptance perspective study. Comput. Educ. Artif. Intell. 2024, 6, 100203. [Google Scholar] [CrossRef]
  29. Haque, M.A.; Li, S. Exploring ChatGPT and its impact on society. AI Ethics 2025, 5, 791–803. [Google Scholar] [CrossRef]
  30. Meier, Y.; Kramer, N.C. The Privacy Calculus Revisited: An Empirical Investigation of Online Privacy Decisions on Between- and Within-Person Levels. Commun. Res. 2024, 51, 178–202. [Google Scholar] [CrossRef]
  31. Mylrea, M.; Robinson, N. Artificial Intelligence (AI) Trust Framework and Maturity Model: Applying an Entropy Lens to Improve Security, Privacy, and Ethical AI. Entropy 2023, 25, 1429. [Google Scholar] [CrossRef]
  32. Schorr, A. The Technology Acceptance Model (TAM) and its Importance for Digitalization Research: A Review. In Proceedings of the International Symposium on Technikpsychologie, Darmstadt, Germany, 14–16 February 2023; p. 103. [Google Scholar] [CrossRef]
  33. Laupichler, M.C.; Aster, A.; Schirch, J.; Raupach, T. Artificial intelligence literacy in higher and adult education: A scoping literature review. Comput. Educ. Artif. Intell. 2022, 3, 100101. [Google Scholar] [CrossRef]
  34. Raji, I.D.; Xu, P.; Honigsberg, C.; Ho, D. Outsider Oversight: Designing a Third Party Audit Ecosystem for AI Governance. In Proceedings of the 2022 AAAI/ACM Conference on AI, Ethics, and Society, Oxford, UK, 1–3 August 2022; pp. 557–571. [Google Scholar] [CrossRef]
  35. Manheim, D.; Martin, S.; Bailey, M.; Samin, M.; Greutzmacher, R. The necessity of AI audit standards boards. AI Soc. 2025, 2025, 1–16. [Google Scholar] [CrossRef]
  36. Ali, S.; Abuhmed, T.; El-Sappagh, S.; Muhammad, K.; Alonso-Moral, J.M.; Confalonieri, R.; Guidotti, R.; Ser, J.D.; Díaz-Rodríguez, N.; Herrera, F. Explainable Artificial Intelligence (XAI): What we know and what is left to attain Trustworthy Artificial Intelligence. Inf. Fusion 2023, 99, 101805. [Google Scholar] [CrossRef]
Futureinternet 17 00511 g001
Figure 1. ChatGPT Architecture.
Figure 1. ChatGPT Architecture.
Futureinternet 17 00511 g001
Futureinternet 17 00511 g002
Figure 2. Methodological work flow for the ChatGPT model.
Figure 2. Methodological work flow for the ChatGPT model.
Futureinternet 17 00511 g002
Table 1. Overview of Survey Sections.
Table 1. Overview of Survey Sections.
SectionDescription
General InformationCollects demographic data like age, educational level, and ChatGPT usage frequency.
Awareness of Data CollectionAssesses participants’ knowledge about data collection in ChatGPT.
Privacy ConcernsExplores concerns about privacy, including data retention and unauthorized access.
Suggested ImprovementsGathers participants’ suggestions on improving ChatGPT’s privacy policies.
Table 2. General Information.
Table 2. General Information.
Participant Age GroupPercentages
Under 1813.90%
18–2412.50%
25–3415.30%
35–4425.90%
45–5420.40%
55+12%
Participant Current Occupation or StatusPercentages
Student25%
Employee—Technical Field7.40%
Employee—Non-Technical Field33.80%
Freelancer6.90%
Unemployed14.40%
Others12.90%
Participant Educational QualificationPercentages
High School22.20%
Diploma5.10%
Bachelor’s60.60%
Master’s8.8%
PhD3.20%
Number of Times Participants Used ChatGPTPercentage
Daily19.90%
Several Times a Week24.10%
Once a Week10.20%
Rarely28.20%
Never Used17.60%
Table 3. Awareness of Data Collection in ChatGPT.
Table 3. Awareness of Data Collection in ChatGPT.
QuestionsStrongly AgreeAgreeNeutralDisagreeStrongly Disagree
1. I am aware that ChatGPT collects user data during interactions.36.10%36.60%20.40%4.60%2.30%
2. I have read ChatGPT’s privacy policy6.50%16.70%27.30%31%18.50%
3. I understand what types of data ChatGPT collects from users.12.50%26.40%32.90%19.40%8.80%
4. I believe that ChatGPT shares user data with third parties.20.80%24.10%32.90%16.70%5.60%
5. I believe I have control over the data collected from my interactions with ChatGPT.13%24.10%28.70%24.50%9.70%
Table 4. Privacy Risks Related to ChatGPT.
Table 4. Privacy Risks Related to ChatGPT.
QuestionsStrongly AgreeAgreeNeutralDisagreeStrongly Disagree
1. I am concerned about my privacy when using ChatGPT.27.80%33.80%19%14.80%4.60%
2. I believe ChatGPT retains user data longer than necessary.26.40%31.50%29.60%11.60%0.90%
3. I am concerned that my data could be accessed by unauthorized parties through ChatGPT.30.10%31.50%20.80%14.80%2.80%
4. I think ChatGPT should provide more transparency about how it collects and stores user data.43.10%38.90%15.70%1.90%0.5%
5. I am concerned that my data might be used to train AI models without my consent.34.70%28.20%25%9.70%2.30%
6. I am concerned that ChatGPT might generate biased responses based on the data it collects.29.60%32.90%28.20%8.30%0.90%
Table 5. Suggested Improvements and User Control.
Table 5. Suggested Improvements and User Control.
QuestionsStrongly AgreeAgreeNeutralDisagreeStrongly Disagree
1. ChatGPT should allow users to delete their data after each session.56.50%26.90%12%2.80%1.90%
2. There should be stricter regulations to control how ChatGPT collects and uses data.55.10%31.90%10.60%1.90%0.50%
3. Users should have the ability to opt out of data collection in ChatGPT.57.4%29.20%11.60%1.40%0.50%
4. I believe more awareness is needed about AI privacy risks for the general public.67.10%23.60%8.30%-0.90%
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Alzamil, L.M.; Alhasani, A.M.; Alshehri, S. Privacy Concerns in ChatGPT Data Collection and Its Impact on Individuals. Future Internet 2025, 17, 511. https://doi.org/10.3390/fi17110511

AMA Style

Alzamil LM, Alhasani AM, Alshehri S. Privacy Concerns in ChatGPT Data Collection and Its Impact on Individuals. Future Internet. 2025; 17(11):511. https://doi.org/10.3390/fi17110511

Chicago/Turabian Style

Alzamil, Leena Mohammad, Alawiayyah Mohammed Alhasani, and Suhair Alshehri. 2025. "Privacy Concerns in ChatGPT Data Collection and Its Impact on Individuals" Future Internet 17, no. 11: 511. https://doi.org/10.3390/fi17110511

APA Style

Alzamil, L. M., Alhasani, A. M., & Alshehri, S. (2025). Privacy Concerns in ChatGPT Data Collection and Its Impact on Individuals. Future Internet, 17(11), 511. https://doi.org/10.3390/fi17110511

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop