The 2023 OpenAI toggle backlash: an AI data-sharing setting on by default

In December 2023 Dropbox users noticed a new account setting labeled 'third-party AI' that was toggled on by default. The setting governed Dropbox's experimental AI search and Q&A features, which could send file contents to OpenAI when those features were used. Because the toggle was enabled by default for most of the world — with the EU, UK, and Canada opted out, but the United States and others opted in — many users concluded that their private documents were already being shared with OpenAI, or used to train its models. A widely shared post on X warning about the setting was viewed millions of times, and the story was amplified by outlets including CNBC.

Dropbox pushed back, saying the toggle merely enabled or disabled access to its AI features and that no data was 'automatically or passively' sent to any third-party AI service; data left Dropbox only when a user actively invoked an AI feature. A Dropbox spokesperson stated that customer data shared with OpenAI was not used to train or fine-tune OpenAI's models and was deleted within 30 days. CEO Drew Houston apologized for the confusion on X. Critics, including security commentators, accepted the technical clarification but argued the real problem was trust: an opt-out default on a privacy-sensitive AI feature, combined with the absence of enforceable legal limits on future data use, was precisely the kind of design choice that invites suspicion.