Federal Judge Cancels Indefinite ChatGPT Log Retention, NYT-Designated Data Still Preserved

Federal Judge Cancels Indefinite ChatGPT Data Retention Order for OpenAI

A federal court has rolled back the requirement that OpenAI indefinitely preserve ChatGPT logs. Judge Ona T. Wang signed a new order on October 9, canceling the prior mandate "to preserve and segregate all raw data logs that would otherwise be deleted in the future."

The dispute stems from The New York Times' late-2023 copyright action alleging OpenAI trained models on NYT material without compensation. A May order required broad preservation so NYT could test its claims. The new ruling means that, as of September 26, 2025, OpenAI is no longer obligated to preserve all chat logs-subject to key exceptions.

What changed

• Indefinite, across-the-board preservation is canceled. Default deletion policies can resume.
• Logs already preserved under the prior order remain accessible.
• OpenAI must continue preserving data tied to ChatGPT accounts designated by the NYT.
• The NYT may expand the list of designated users and keep reviewing saved records.

Why this matters for legal teams

• ESI scope narrows from blanket preservation to targeted holds, reducing volume and cost.
• Spoliation exposure now hinges on selective, well-documented preservation for identified custodians and systems. See FRCP 37(e).
• Privacy risk and data minimization concerns improve under default deletion, but carve-outs for designated accounts remain.
• Discovery strategy should account for existing preserved logs and mechanisms to add or contest designations.

Practical steps for companies using ChatGPT or similar AI tools

• Update litigation-hold playbooks: add a pathway for rapid, targeted holds on AI chat data while allowing routine deletion elsewhere.
• Map where chat data lives (product logs, telemetry, analytics, backups) and document retention periods and deletion controls.
• Revise retention schedules to support defensible deletion plus exception-based holds; log all hold activations and releases.
• Refresh DPAs and vendor diligence to confirm how AI providers handle preservation requests, access controls, and deletion proofs.
• Align privacy notices and DPIAs with reduced retention and clear exceptions; reinforce data minimization principles (GDPR Art. 5(1)(c)).
• Use protective orders and confidentiality protocols to limit exposure of preserved logs containing sensitive or proprietary data.

If you represent plaintiffs

• Move early to designate accounts and systems; make requests precise to avoid overbreadth challenges.
• Seek discovery into preserved log scope, searchability, metadata, and deletion timelines for non-designated data.
• Consider targeted 30(b)(6) topics on data architecture, retention, and hold procedures to test compliance.

If you represent defendants

• Reinstate default deletion policies, but document them and any exceptions tied to holds or designations.
• Negotiate scope: custodians, date ranges, fields, and redaction protocols for sensitive content.
• Maintain an auditable chain for preservation decisions, including who, what, when, and systems impacted.

What users should expect

• Most chat data returns to standard deletion cycles.
• Some logs remain preserved for designated accounts, and the list may grow as the case develops.
• Privacy exposure drops overall, but discovery access continues where legally required.

What to watch next

• Further motions on scope, search protocols, and privilege for preserved logs.
• Any expansion of designated accounts by the NYT and resulting production or inspection schedules.
• Public statements from the parties and how providers adjust retention policies in response.

If your team is updating AI governance, policies, and training around ChatGPT use, see curated role-based resources at Complete AI Training.