Why Signal's President Is Sounding the Alarm on AI Chatbot Privacy Risks
Meredith Whittaker, President of Signal — the gold standard in encrypted communications — has delivered one of the clearest and most consequential warnings about AI chatbot privacy risks to emerge from any major technology leader this year. Speaking in a wide-ranging interview with Bloomberg covering policy, privacy, and the future of secure communications, Whittaker was characteristically direct: "These are not your friends. These are not conscious beings. These are not sentient interlocutors." The remarks, aimed squarely at large language model chatbots like OpenAI's ChatGPT and Anthropic's Claude, cut through the anthropomorphic marketing language that has come to dominate the AI industry's consumer messaging.
For developers, privacy professionals, IT decision makers, and policy experts who regularly evaluate the risks embedded in enterprise tooling, Whittaker's comments are not merely rhetorical. They represent a technically grounded critique of a product category that is rapidly expanding its reach into personal communications, financial transactions, and sensitive organizational data — often with insufficient transparency about what data is retained, processed, or shared. As AI tools accelerate their integration into everyday workflows, the question of who controls that data — and under what legal framework — has never been more pressing, particularly in Europe where GDPR compliance requirements impose strict conditions on automated data processing.
Microsoft Copilot and the "Backdoor" Problem: What Pervasive AI Access Really Means
The most technically significant portion of Whittaker's interview concerned a scenario described by Microsoft AI CEO Mustafa Suleyman, who has publicly predicted that users could delegate their Christmas shopping entirely to Microsoft Copilot — with the AI eavesdropping on family group chats to infer gift preferences and completing purchases autonomously. For many in the consumer press, this landed as an exciting glimpse of an agentic AI future. For Whittaker, it was a case study in systemic privacy failure.
"What you've just described is a system with very pervasive access across multiple applications and services," Whittaker said. "In the context of Signal, it would constitute a kind of a backdoor." She enumerated precisely what such a system would require: access to credit card details, browser activity, Signal messages, the ability to send messages to contacts on a user's behalf, home address data, and calendar information. For any security architect or data protection officer reading that list, the implications are immediately clear — this is not a convenience feature. It is a data aggregation architecture with an exceptionally large attack surface.
The "backdoor" framing is significant and deliberate. In cryptography and security policy, a backdoor refers to any mechanism that allows third-party access to a system — often installed under the guise of a legitimate feature. Whittaker is arguing that agentic AI systems with cross-application permissions are functionally indistinguishable from backdoors, even when they are officially sanctioned by the platform vendor. This is a position that aligns with longstanding concerns raised by the Electronic Frontier Foundation and European digital rights organizations about the structural privacy risks of platform integration.
"What you've just described is a system with very pervasive access across multiple applications and services. In the context of Signal, it would constitute a kind of a backdoor."
— Meredith Whittaker, President of SignalHow AI Chatbots Actually Process Your Data — and Why That Matters for GDPR
To understand why Whittaker's warning resonates so deeply with privacy professionals, it helps to examine how large language model-based chatbots handle user input at a structural level. When a user submits a query to a commercial chatbot — whether through a browser interface, a mobile app, or an API integration — that input is transmitted to cloud infrastructure operated by the vendor. Depending on the product's terms of service, that data may be used to improve future model training, retained for safety monitoring, or shared with third-party service providers.
Under GDPR, this creates a complex web of data controller and data processor relationships. Organizations deploying commercial AI tools in a European context must establish valid legal bases for processing personal data, conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, and ensure that cross-border data transfers to non-EEA jurisdictions — most commonly the United States — are covered by adequate transfer mechanisms. Research from the International Association of Privacy Professionals (IAPP) has consistently shown that AI tools represent one of the fastest-growing areas of GDPR compliance complexity for organizations across Europe.
| AI Tool / Platform | Data Retention Policy | GDPR Risk Level | Cross-App Access |
|---|---|---|---|
| ChatGPT (OpenAI) | 30 days (with opt-out) | High | Limited (plugins) |
| Microsoft Copilot | Variable by enterprise tier | Very High (agentic mode) | Extensive (M365 suite) |
| Claude (Anthropic) | Up to 90 days | High | Limited |
| Signal (messaging only) | No server-side retention | Low | None by design |
The distinction between passive AI tools — where a user submits isolated queries — and agentic AI systems — where the AI maintains persistent access across applications — is not merely technical. It is a fundamental difference in privacy posture. Whittaker's critique targets the latter category specifically, where the accumulation of permissions across services creates what security researchers call a "principal-agent problem": the AI system acting on a user's behalf may make decisions or disclosures that the user would not consciously authorize if presented with them explicitly.
Whittaker's Own AI Use: A Model for Thoughtful Tool Adoption
What makes Whittaker's position particularly credible — and useful for practitioners navigating real-world AI adoption decisions — is that she does not reject AI tools categorically. She acknowledged using them "to format a document here and there," a low-risk, low-disclosure use case that does not involve sharing sensitive reasoning, personal information, or confidential organizational data. The distinction she draws is between AI as a productivity utility for discrete, bounded tasks versus AI as a cognitive partner or confidant.
"I don't ask them questions," she explained. "I'm very serious about my thinking and writing, and I don't want the process of working through an idea to be foreclosed or eclipsed by the response of a system that's averaging what's already out there." This framing connects to a broader concern within the research community about the epistemological risks of AI-assisted reasoning — specifically, the tendency of large language models to produce confident-sounding responses that represent statistical averages of their training data rather than genuine analysis. For policy professionals and legal practitioners who depend on precise, original reasoning, this is not a trivial concern.
As a noted academic and researcher, Whittaker has previously published work on the structural power dynamics embedded in AI systems, particularly in the context of surveillance capitalism and labor. Her perspective is informed by years of research at New York University's AI Now Institute, where she was a co-founder, as well as her experience inside Google before leaving to advocate publicly for AI accountability. Her warnings are not those of a technophobe — they are those of someone with an unusually comprehensive view of both the engineering and the political economy of AI development.
Digital Sovereignty and the Case for Privacy-First AI Alternatives
For European organizations, Whittaker's concerns map directly onto the digital sovereignty agenda that has accelerated significantly since the invalidation of the Privacy Shield framework and the ongoing negotiations around the EU-US Data Privacy Framework. The question of whether European citizens' and employees' data can be safely entrusted to US-headquartered AI providers — subject to CLOUD Act requests and other extraterritorial legal mechanisms — is one that data protection authorities across the continent are actively examining.
The European AI Act, which entered into force and is being phased in progressively, adds another layer of compliance complexity. Systems classified as high-risk under the Act are subject to mandatory transparency, human oversight, and data governance requirements that many commercial AI chatbots would struggle to meet in their current form. According to analysis from the Brookings Institution's Technology Policy program, the intersection of GDPR, the AI Act, and national data localization requirements is creating what some legal scholars describe as a "compliance trilemma" for multinational technology companies.
In this environment, the alternatives gaining traction among privacy-conscious organizations include self-hosted open-source language models — such as those available through the Ollama framework or via Hugging Face's model hub — which allow organizations to run AI inference entirely within their own infrastructure, with no data leaving their perimeter. This approach aligns with the broader European push for technological sovereignty and provides a credible answer to the concerns Whittaker raises. Crucially, it also allows organizations to maintain full audit trails of AI interactions — a requirement that is increasingly appearing in enterprise AI governance frameworks and regulatory guidance from bodies such as the European Data Protection Board (EDPB).
"The privacy-first approach to AI isn't about refusing to use these tools — it's about using them in ways that preserve your organization's data sovereignty and your users' fundamental rights," said a senior privacy consultant specializing in European technology compliance. "Whittaker is articulating something that data protection officers have been quietly worried about for years."
What Privacy Professionals and IT Decision Makers Should Do Now
Whittaker's comments should serve as a practical prompt for organizations to review their AI tool policies with fresh eyes. Several concrete steps are worth prioritizing. First, organizations should conduct an AI tool inventory — cataloguing every commercial AI service in use across teams, including shadow IT deployments, and assessing the data flows associated with each. Many organizations discover that employees are using consumer-grade AI tools to process data that should be subject to far tighter controls.
Second, legal and compliance teams should examine the data processing agreements (DPAs) offered by AI vendors. Not all DPAs are equal: some enterprise tiers of commercial AI products offer
Originally reported by TechCrunch. Summarised and curated by European Purpose.
