Dutch privacy watchdog warns of rising AI chatbot data leaks

The number of reported data breaches linked to workplace use of AI chatbots such as ChatGPT, Claude and Gemini is rising sharply in the Netherlands, according to the Dutch Data Protection Authority, following a recent leak involving the municipality of Eindhoven.

The Dutch Data Protection Authority, the national privacy watchdog, told Het Financieele Dagblad that it has counted dozens of such AI-related data breach reports so far this year. The regulator cautioned that the increasing use of these "smart" chatbot tools at work heightens the risk of sensitive personal data leakage.

The warning comes after the municipality of Eindhoven experienced a data breach. The municipality said that a large number of files containing personal data about residents and municipal employees ended up in publicly accessible AI chatbots.

According to the Data Protection Authority, these types of breaches often occur because individual employees use AI models on their own initiative, without organizational safeguards.

The regulator noted that free versions of popular AI chatbots store the data users enter, while it is unclear what the companies behind these tools subsequently do with that information.

The watchdog warned that such data could be used to train AI models and expressed concern that personal details could later reappear in chatbot responses.