The email arrives at 5:40pm: a client wants their heads of terms turned around tonight. You open ChatGPT, paste the document in, and ask for a plain-English summary. It's back in twenty seconds and it's good. Crisis handled.
Except the client's commercially sensitive terms have now left your control entirely — sent to a third party you have no contract with, possibly retained, possibly used to improve a model. You didn't leak it to a competitor. But under the rules you're regulated by, "I only gave it to ChatGPT" is not the reassurance it feels like.
The short answer to the question in the title is no: the free, public version of ChatGPT is not confidential in the sense a lawyer needs. Here's what that actually means, why it matters, and what to do instead — because the answer is not "never use AI."
No — and here's what "not confidential" actually means
When you paste text into a free consumer AI tool, three things are true that aren't true of your case management system:
- You have no operational relationship with the vendor beyond using the product. There's no engagement, no data-processing agreement negotiated for your firm, no contractual confidentiality owed to you the way it would be with a legal-grade supplier.
- The input may be retained and used to improve the model. Consumer tiers have historically defaulted to using conversations for training unless you opt out. Settings change; the point is you're relying on a consumer toggle to protect privileged material.
- The data has left your environment. It's now on infrastructure you don't control, under terms you didn't set, in a jurisdiction you may not know.
The Law Society's guidance cuts straight to it: do not put confidential data into free, public generative AI tools where your only relationship with the vendor is that you use it. That's not cautious hedging. It's the operating instruction.
The two rulebooks this breaks
Pasting client data into a public tool isn't just bad practice — it engages two separate regimes at once.
Professional confidentiality. SRA Code of Conduct for Firms paragraph 6.3 requires you to keep the affairs of clients confidential. There's no carve-out for "I only used a convenient tool." If confidential information leaves your control without the client's informed consent, the duty is engaged regardless of intent.
Data protection. Where the client material contains personal data — and in legal work it almost always does — UK GDPR applies. The ICO's guidance on AI and data protection is built around accountability, lawfulness, security, and data minimisation. Feeding a witness statement or a client's financial details into a consumer chatbot puts you on the wrong side of the security and minimisation expectations, and the accountability sits with your firm as controller.
Field note: The breach here is silent. Nothing visibly goes wrong — you get your summary, the client gets their document, nobody complains. The exposure only surfaces later, if a regulator, an insurer, or the client asks where their data went. By then the paste happened months ago and there's no record of it at all.
Privilege is the quiet casualty
There's a third risk that gets less attention than it should. Legal professional privilege protects confidential lawyer–client communications — but privilege depends on confidentiality being maintained.
The concern isn't settled law and I won't overstate it: there's no UK judgment holding that pasting into ChatGPT waives privilege. But the mechanism is obvious enough that it should make anyone pause. Privilege protects material kept confidential. Deliberately transmitting privileged content to an uncontracted third party is exactly the kind of act that erodes the confidentiality privilege rests on. It is not a risk worth running to save twenty minutes.
Free vs enterprise vs contained — the tiers actually differ
"ChatGPT isn't confidential" is true of the free tier and gets more nuanced above it. The distinction matters, because the answer isn't to abandon AI.
| Option | Data used for training? | Contractual protection | Fit for client data |
|---|---|---|---|
| Free public ChatGPT | Historically yes (behind a toggle) | None beyond consumer terms | No |
| Consumer paid tier | Reduced, still consumer terms | Minimal | Weak |
| Enterprise AI with a data-processing agreement | Contractually excluded | Yes — negotiated | Better, if the DPA is right |
| Contained / self-hosted (data stays in your environment) | Not exposed at all | You control it | Strongest |
The jump that matters is from "consumer product you happen to use" to "supplier you have a data-processing agreement with, or infrastructure you control." That's the line the Law Society guidance is really drawing.
What to do instead, by situation
- If you're a fee-earner under time pressure: the fix is to have an approved, contained tool ready before the 5:40pm crisis — because the risk always materialises exactly when you're rushed. Never let convenience route client data into a free tool.
- If you're a COLP or managing partner: giving people a compliant option is more effective than any prohibition. The reason confidential data ends up in ChatGPT is that it's the only frictionless tool on the desk. Remove the excuse by providing a governed one.
- If your clients are asking where their data sits: especially EU and regulated clients, "in our controlled environment" or "self-hosted, never sent to a third-party model" is a procurement-winning answer. It's the first question sophisticated clients now ask, and we cover the architecture in self-hosted LegalAI Space and data sovereignty.
The reframe: contain the data, keep the benefit
The mistake is treating this as a choice between using AI and protecting client confidentiality. It isn't. The benefit of AI — fast summaries, first drafts, research support — is available in tools where the data never leaves your control. What makes ChatGPT unsafe for client work isn't the intelligence; it's the plumbing underneath it.
Get the plumbing right and the 5:40pm summary is fine. Get it wrong and you've made a silent confidentiality breach to save twenty minutes.
FAQ
Is ChatGPT confidential? The free, public version is not confidential in the way legal work requires. Input may be retained and used to train the model, and you have no contractual confidentiality relationship with the vendor. Don't put client data into it.
Can I get in trouble for putting client data into ChatGPT? Yes. It can breach the SRA duty of confidentiality (Code 6.3) and, where personal data is involved, UK GDPR obligations the ICO enforces. The risk applies even if nothing visibly goes wrong.
Does using ChatGPT waive legal privilege? There's no UK ruling that it automatically does, but privilege depends on maintaining confidentiality, and sending privileged material to an uncontracted third party undermines exactly that. It's a risk not worth taking.
Is the paid or enterprise version safe for client data? Enterprise AI with a proper data-processing agreement that excludes training use is materially safer than the free tier. Safer still is a contained or self-hosted deployment where the data never leaves your environment.
What should a law firm use instead of public ChatGPT? A tool where client data stays contained — enterprise with a DPA, or self-hosted — combined with citation verification and a record of what was processed and reviewed.
LegalAI Space is built so client data stays contained — with EU-hosted and self-hosted deployment options, so "where does our data go?" has a clean answer. Book a 30-minute call with Daman to see how it works.
Related reading
- Can lawyers use ChatGPT? — the full picture of where AI use is fine and where it breaches the rules.
- Self-hosted LegalAI Space and data sovereignty — keeping client and personal data in your own environment.
- What the SRA can actually ask about AI — the confidentiality and record-keeping evidence a regulator can demand.