1. Introduction
The progressive integration of generative AI systems, particularly OpenAI's ChatGPT, into corporate processes raises urgent data protection issues, particularly with regard to the processing of personal data. Although the EU-US Data Privacy Framework (DPF), a new transatlantic agreement, aims to create legal certainty, recent US court rulings and technological realities raise considerable doubts about the actual feasibility of European data protection laws.
2. Historical context – Safe Harbor, Privacy Shield and Schrems case law
The European Court of Justice (ECJ) has already twice declared the basis for transatlantic data traffic to be illegal.
2.1. Schrems I (C-362/14) – Safe Harbor: In 2015, the Safe Harbor Agreement was annulled by the European Court of Justice. This occurred due to the extensive access powers granted to US authorities such as the NSA to data of US companies, without EU citizens having effective legal protection.
2.2. Schrems II (C-311/18) – Privacy Shield: In 2020, the ECJ also declared the Privacy Shield invalid. Despite assurances to the contrary from the US government, access to data by US intelligence agencies – again without adequate legal protection – could not be ruled out.
Both judgments found violations of the EU Charter of Fundamental Rights, in particular Article 7 (right to privacy) and Article 8 (right to data protection), as well as a lack of legal remedies within the meaning of Article 47.
3. The EU-US Data Privacy Framework (DPF)
3.1. Objectives and content: The Data Protection Regulation (DPF) was introduced in July 2023 to ensure an "adequate level of protection" for data transfers to the United States. It includes self-certification obligations for US companies, principles for data minimization, purpose limitation, and storage limitation, complaint mechanisms and arbitration procedures, and the inclusion of a Data Protection Review Court (DPRC) as an independent appeals body.
3.2. Critical assessment: Critics, including Max Schrems and NOYB, see the DPF as merely a remake of the Privacy Shield with only cosmetic changes and no structural improvements. In particular, US intelligence laws, such as FISA 702, remain untouched.
4. Current US case law against deletion obligations: OpenAI and Output Log Data
In spring 2025, a US court in New York prohibited OpenAI from deleting certain "output log data," even if EU companies requested this as part of their GDPR obligations. This applies to prompts, generated responses, metadata (e.g., IP address, timestamp), and content that could potentially contain personal data.
4.1. Conflict with Art. 17 GDPR: The right to erasure (“right to be forgotten”) enshrined in Art. 17 GDPR is a core element of European data protection. The US decision effectively overrides this right, as OpenAI has been ordered by the court not to delete certain data.
4.2. Contradiction to the Data Protection Framework: Although the Data Protection Framework promises effective rights to data subjects, practice shows that US courts can and may contradict it. This reveals the same weakness that was already observed with the Privacy Shield.
4.3. Judicial Context: The New York Times v. Microsoft et al.: In The New York Times Company v. Microsoft Corporation et al. (Case No. 1:23-cv-11195, US District Court, SDNY), OpenAI was ordered to preserve and segregate all output log data that would otherwise be deleted until further notice, regardless of whether such data was required to be deleted at the request of a user or due to numerous data protection laws and regulations.
5. OpenAI Enterprise and ChatGPT Team – truly data protection compliant?
OpenAI offers paid versions such as ChatGPT Team, ChatGPT Enterprise, and API integrations via Azure OpenAI Services. These promise no data use for training, optional local storage, and enhanced privacy through dedicated resources.
Despite improved control options, there are still no guarantees of complete compliance, and no publicly available DPA-compliant contracts are apparent. The DPF issue persists as long as hosting takes place in the US. Even if the use may appear more technically isolated, little changes legally without additional contracts (e.g., standard contractual clauses (SCCs), data processing agreements (DPAs), or EU hosting).
6. Microsoft as a comparison: Azure OpenAI and DPF
Microsoft is a partner of OpenAI and enables access to GPT models via Azure OpenAI Services, optionally from EU regions.
6.1. Benefits of Microsoft integration: Benefits include hosting in the EU (e.g., Frankfurt, Amsterdam), DPA compliance under Microsoft Standard Contractual Clauses (SCC), certifications according to DPF, ISO 27001, TISAX, etc., as well as control over data storage and auditing.
6.2. DPF problem remains: US law (Cloud Act, FISA 702) remains relevant for Microsoft as well. Even with EU hosting, US authorities can demand access under certain circumstances – a risk that cannot be eliminated solely through technical or contractual commitments.
7. Data protection assessment and recommendation
7.1. Summary of risks: Enforcement of erasure rights cannot be guaranteed in practice (violation of Art. 17 GDPR). US access rights represent a systemic problem, and the DPF alone is not sufficient as long as US law prevails. Even the Enterprise variants do not offer a complete solution.
7.2. Recommended course of action: It is recommended not to process personal data with OpenAI services unless additional protective measures (pseudonymization, EU hosting, SCC) have been implemented. A risk assessment according to Art. 32 GDPR must be conducted, and disclosure obligations (Art. 13/14 GDPR) when using US services must be observed. Microsoft Azure OpenAI should be preferred, but with caution and clear documentation.
8. Outlook
The DPF is expected to be heard again before the ECJ. If it is declared invalid, like its predecessors, companies would have to resort to standard contractual clauses (SCCs) with additional safeguards. The sustainable, GDPR-compliant use of AI from the US will therefore remain an unresolved challenge in 2025.
Scenario 9: ECJ overturns DPF – impact on Microsoft Copilot vs. OpenAI
Should the ECJ declare the DPF invalid, the legal basis for third-country transfers to the US via this mechanism would cease to apply. This applies to all DPF-certified US providers. Companies would then no longer be able to rely solely on the DPF, but would have to resort to alternative safeguards such as standard contractual clauses (SCCs) pursuant to Art. 46 GDPR and, if necessary, additional technical, organizational, or contractual safeguards ("Schrems II compliance").
9.1. Microsoft Copilot: Better starting position: Compared to OpenAI, Microsoft is significantly better positioned to be used legally compliantly even without the DPF. Microsoft offers SCCs as standard (included in the Data Protection Addendum) and enables companies to implement additional measures, such as EU hosting (EU Data Boundary), customer-controlled encryption, pseudonymization before processing, logging, DLP, and rights management. According to its privacy policy, Microsoft acts as a processor for Copilot, not as a controller. These measures enable a high level of data protection, even if the ECJ overturns the DPF. A Data Transfer Impact Assessment (DTIA) would also be required.
9.2. OpenAI: Significant deficiencies: OpenAI's ChatGPT website lacks SCCs, DPAs, and instructions, which are insufficient from a GDPR perspective, even with DPFs. GDPR-compliant settings with SCCs and DPAs can only be achieved via Azure OpenAI Services (via Microsoft), which requires additional technical effort. Furthermore, OpenAI is itself a research institution and product provider, not a pure data processor.
9.3. Recommendation if the DPF is discontinued: If the DPF is discontinued, Microsoft Copilot can continue to be used legally compliantly with SCCs + EU hosting + additional measures, especially in Microsoft 365 E5 environments. OpenAI services may not be used with personal data without further contractual protection, unless they run via Azure OpenAI with proven compliance with SCC + DPA + EU data retention.
10. Comparison table: Microsoft Copilot vs. OpenAI – Data protection analysis
While OpenAI operates primarily through its web offering and only offers limited protection measures in the Enterprise version, Microsoft has integrated comprehensive data protection mechanisms with Copilot, including EU hosting, DPA, SCCs, and administrative controls.
The following table compares the data protection framework:
|
feature |
Microsoft Copilot |
OpenAI (ChatGPT, API, Web) |
|
Contractual partner |
Microsoft Ireland / Microsoft Corporation |
OpenAI Inc. (USA) / OpenAI Ireland (only partially) |
|
SCCs |
Yes, including AVV in the Data Protection Addendum |
No, only via Azure OpenAI |
|
EU hosting |
Microsoft 365 EU Boundary available |
US hosting only by default |
|
Training use |
Disabled |
Default: Active, optionally deactivated in Enterprise |
|
Reaction to deletion |
GDPR-compliant implementation |
Restricted by US jurisprudence |
11. Conclusion in the light of the ECJ and US practice
The analysis shows that Microsoft is structurally better positioned than OpenAI, even in the event of the DPF being abolished. OpenAI currently does not provide a sufficient legal basis for the data protection-compliant processing of personal data from the EU, especially on its website. Microsoft, on the other hand, enables better compliance through DPA, SCCs, EU data retention, and technological controls.
