DocuSign admit to training AI on customer data
DocuSign just admitted that they use customer data (i.e., all those contracts, affidavits, and other confidential documents we send them) to train AI: https://support.docusign.com/s/document-item?language=en_US&bundleId=fzd1707173174972&topicId=uss1707173279973.html They state that customers “contractually consent” to such use, but good luck finding it in their Terms of Service. There also doesn’t appear to be a way to withdraw consent, but I may have missed that.
Gotta say, I find this fairly jaw-dropping. The data in question is “Contract Lifecycle Management, Contract Lifecycle Management AI Extension, and eSignature (for select eSignature customers)”. “DocuSign may utilize, at its discretion, a customizable version of Microsoft’s Azure OpenAI Service trained on anonymized customer’s data.” — so not running locally, and you have to trust their anonymization. It’s known that some anonymization algorithms can be reversed. This also relies on OpenAI keeping their data partitioned from other customers’ data, and I’m not sure I’d rush to trust that. One key skill DocuSign should be good at is keeping confidential documents confidential. This isn’t it. This is precisely what the EU AI Act should have dealt with (but won’t, unfortunately). Still, GDPR may be relevant. And I’m sure there are a lot of lawyers now looking at their use of DocuSign with unease. (via Mark Dennehy)(tags: ai privacy data-protection data-privacy openai docusign contracts fail)