From Gmail to Word, your privacy settings and AI are entering into a new relationship
The Microsoft 365 website on a laptop arranged in New York, US, on Tuesday, June 25, 2024.
Bloomberg | Bloomberg | Getty Images
The beginning of the year is a great time to do some basic cyber hygiene. We’ve all been told to patch, change passwords, and update software. But one concern that has been increasingly creeping to the forefront is the sometimes quiet integration of potentially privacy-invading AI into programs.
“AI’s rapid integration into our software and services has and should continue to raise significant questions about privacy policies that preceded the AI era,” said Lynette Owens, vice president, global consumer education at cybersecurity company Trend Micro. Many programs we use today — whether it be email, bookkeeping, or productivity tools, and social media and streaming apps — may be governed by privacy policies that lack clarity on whether our personal data can be used to train AI models.
“This leaves all of us vulnerable to uses of our personal information without the appropriate consent. It’s time for every app, website, or online service to take a good hard look at the data they are collecting, who they’re sharing it with, how they’re sharing it, and whether or not it can be accessed to train AI models,” Owens said. “There’s a lot of catch up needed to be done.”
Where AI is already inside our daily online lives
Owens said the potential issues overlap with most of the programs and applications we use on a daily basis.
“Many platforms have been integrating AI into their operations for years, long before AI became a buzzword,” she said.
As an example, Owens points out that Gmail has used AI for spam filtering and predictive text with its “Smart Compose” feature. “And streaming services like Netflix rely on AI to analyze viewing habits and recommend content,” Owens said. Social media platforms like Facebook and Instagram have long used AI for facial recognition in photos and personalized content feeds.
“While these tools offer convenience, consumers should consider the potential privacy trade-offs, such as how much personal data is being collected and how it is used to train AI systems. Everyone should carefully review privacy settings, understand what data is being shared, and regularly check for updates to terms of service,” Owens said.
One tool that has come in for particular scrutiny is Microsoft’s connected experiences, which has been around since 2019 and comes activated with an optional opt-out. It was recently highlighted in press reports — inaccurately, according to the company as well as some outside cybersecurity experts that have taken a look at the issue — as a feature that is new or that has had its settings changed. Leaving the sensational headlines aside, privacy experts do worry that advances in AI can lead to the potential for data and words in programs like Microsoft Word to be used in ways that privacy settings do not adequately cover.
“When tools like connected experiences evolve, even if the underlying privacy settings haven’t changed, the implications of data use might be far broader,” Owens said.
A spokesman for Microsoft wrote in a statement to CNBC that Microsoft does not use customer data from Microsoft 365 consumer and commercial applications to train foundational large language models. He added that in certain instances, customers may consent to using their data for specific purposes, such as custom model development explicitly requested by some commercial customers. Additionally, the setting enables cloud-backed features many people have come to expect from productivity tools such as real-time co-authoring, cloud storage and tools like Editor in Word that provide spelling and grammar suggestions.
Default privacy settings are an issue
Ted Miracco, CEO of security software company Approov, said features like Microsoft’s connected experiences are a double-edged sword — the promise of enhanced productivity but the introduction of significant privacy red flags. The setting’s default-on status could, Miracco said, opt people into something they aren’t necessarily aware of, primarily related to data collection, and organizations may also want to think twice before leaving the feature on.
“Microsoft’s assurance provides only partial relief, but still falls short of mitigating some real privacy concern,” Miracco said.
Perception can be its own problem, according to Kaveh Vadat, founder of RiseOpp, an SEO marketing agency.
“Having the default to enablement shifts the dynamic significantly,” Vahdat said. “Automatically enabling these features, even with good intentions, inherently places the onus on users to review and modify their privacy settings, which can feel intrusive or manipulative to some.”
His view is that companies need to be more transparent, not less, in an environment where there is a lot of distrust and suspicion regarding AI.
Companies including Microsoft should emphasize default opt-out rather than opt-in, and might provide more granular, non-technical information about how personal content is handled because perception can become a reality.
“Even if the technology is completely safe, public perception is shaped not just by facts but by fears and assumptions — especially in the AI era where users often feel disempowered,” he said.
Default settings that enable sharing make sense for business reasons but are bad for consumer privacy, according to Jochem Hummel, assistant professor of information systems and management at Warwick Business School at the University of Warwick in England.
Companies are able to enhance their products and maintain competitiveness with more data sharing as the default, Hummel said. However, from a user standpoint, prioritizing privacy by adopting an opt-in model for data sharing would be “a more ethical approach,” he said. And as long as the additional features offered through data collection are not indispensable, users can choose which aligns more closely with their interests.
There are real benefits to the current tradeoff between AI-enhanced tools and privacy, Hummel said, based on what he is seeing in the work turned in by students. Students who have grown up with web cameras, lives broadcast in real-time on social media, and all-encompassing technology, are often less concerned about privacy, Hummel said, and are embracing these tools enthusiastically. “My students, for example, are creating better presentations than ever,” he said.
Managing the risks
In areas such as copyright law, fears about massive copying by LLMs have been overblown, according to Kevin Smith, director of libraries at Colby College, but AI’s evolution does intersect with core privacy concerns.
“A lot of the privacy concerns currently being raised about AI have actually been around for years; the rapid deployment of large language model trained AI has just focused attention on some of those issues,” Smith said. “Personal information is all about relationships, so the risk that AI models could uncover data that was more secure in a more ‘static’ system is the real change we need to find ways to manage,” he added.
In most programs, turning off AI features is an option buried in the settings. For instance, with connected experiences, open a document and then click “file” and then go to “account” and then find privacy settings. Once there, go to “manage settings” and scroll down to connected experiences. Click the box to turn it off. Once doing so, Microsoft warns: “If you turn this off, some experiences may not be available to you.” Microsoft says leaving the setting on will allow for more communication, collaboration, and AI served-up suggestions.
In Gmail, one needs to open it, tap the menu, then go to settings, then click the account you want to change and then scroll to the “general” section and uncheck the boxes next to the various “Smart features” and personalization options.
As cybersecurity vendor Malwarebytes put it in a blog post about the Microsoft feature: “turning that option off might result in some lost functionality if you’re working on the same document with other people in your organization. … If you want to turn these settings off for reasons of privacy and you don’t use them much anyway, by all means, do so. The settings can all be found under Privacy Settings for a reason. But nowhere could I find any indication that these connected experiences were used to train AI models.”
While these instructions are easy enough to follow, and learning more about what you have agreed to is probably a good option, some experts say the onus should not be on the consumer to deactivate these settings. “When companies implement features like these, they often present them as opt-ins for enhanced functionality, but users may not fully understand the scope of what they’re agreeing to,” said Wes Chaar, a data privacy expert.
“The crux of the issue lies in the vague disclosures and lack of clear communication about what ‘connected’ entails and how deeply their personal content is analyzed or stored,” Chaar said. “For those outside of technology, it might be likened to inviting a helpful assistant into your home, only to learn later they’ve taken notes on your private conversations for a training manual.”
The decision to manage, limit, or even revoke access to data underscores the imbalance in the current digital ecosystem. “Without robust systems prioritizing user consent and offering control, individuals are left vulnerable to having their data repurposed in ways they neither anticipate nor benefit from,” Chaar said.
Navan, the business travel, payments, and expense management startup, filed on Friday afternoon to go public.
Its S-1 filing with the Securities and Exchange Commission indicates that the company plans to list on the Nasdaq Global Select Market under the symbol “NAVN.”
Navan reported trailing 12-month revenue of $613 million (up 32%) across over 10,000 customers, and gross bookings of $7.6 billion (up 34%), according to the S-1 filing.
Goldman Sachs and Citigroup will act as lead book-running managers for the proposed offering.
Navan ranked No. 39 on this year’s CNBC Disruptor 50 list, and also made the 2024 list.
The IPO market has bounced back this year, with deal activity up 56% across 156 deals (roughly 200 IPO filings in all) and $30 billion in proceeds, up over 23% year over year, according to IPO tracker Renaissance Capital. It has been the best year for IPOs since 2021, though still far below the Covid offering boom years, when over $142 billion (2021) and $78 billion (2020) was raised by IPOs.
This year’s deal flow has been highlighted by hot AI names like Coreweave, as well as some of the startup world’s most highly valued firms from the past decade, such as fintech Klarna and design firm Figma, crypto companies Circle, Bullish and Gemini, and some long-awaited IPO candidates finally hitting the market, such as Stubhub this week, though its shares have slumped since the first day of trading. Top Amazon reseller Pattern went public on Friday.
Other startups are expected to pursue deals given the increased investor appetite.
The Renaissance IPO ETF is up 20% this year.
Launched by CEO Ariel Cohen and co-founder Ilan Twig in 2015, Navan set out to disrupt a business travel sector where incumbents relied on clunky legacy tools and fragmented workflows.
The Palo Alto-based company, formerly called TripActions, refers to itself as an “all-in-one super app” for corporate travel and expenses.
Customers include Unilever, Adobe, Christie’s, Blue Origin and Geico.
It has also been pushing further into AI, with a virtual assistant named Ava handling approximately 50% of user interactions during the six months ended July 31, according to the filing, and a proprietary AI framework called Navan Cognition supporting its platform, as well as proprietary cloud infrastructure.
“We built Navan for the road warriors, for CEOs and CFOs who understand travel’s critical importance to their strategy, the finance teams who demand precision and control, the executive assistants juggling itineraries, and the program admins ensuring seamless events,” the co-founders wrote in an IPO filing letter.
“We saw firsthand the frustration of clunky, outdated systems. Travelers were forced to cobble together solutions, wait for hours on hold to book or change travel, and negotiate with travel agents. They struggled to adhere to company policies, with little visibility into those policies, and after all that, they spent even more time on tedious expense reports after a trip. We felt the pain of finance teams struggling to gain visibility into fragmented travel spending and to enforce policies, and the frustration of suppliers unable to connect directly with the high-value business travelers they sought to serve,” they wrote in the filing.
Revenue grew 33% year-over-year from $402 million in fiscal 2024 to $537 million in fiscal 2025, according to the S-1 filing. The company reported a net loss that decreased 45% year-over-year from $332 million in fiscal 2024 to $181 million in fiscal 2025. Gross margin improved from 60% in fiscal 2024 to 68% in fiscal 2025.
The business travel and expense space is crowded, with fellow Disruptors Ramp and Brex, and TravelPerk, as well as incumbents like SAP Concur and American Express Global Business Travel.
Sign up for our weekly, original newsletter that goes beyond the annual Disruptor 50 list, offering a closer look at list-making companies and their innovative founders.
A gamer plays soccer title Pro Evolution Soccer 2019 on an Xbox console.
Sezgin Pancar | Anadolu Agency via Getty Images
Microsoft said on Friday that it will increase the recommended retail price of several Xbox consoles in the U.S. starting in October because of “changes in the macroeconomic environment.”
The company said it would not increase prices for accessories such as controllers and headsets, and that prices in other countries would stay the same.
While Microsoft didn’t explicitly attribute the increase to the Trump administration’s tariffs, many consumer companies have been warning for months that higher prices are on the way. President Donald Trump has issued tariffs this year on multiple countries with a stated goal to bring more manufacturing to the U.S.
“We understand that these changes are challenging, and they were made with careful consideration,” Microsoft said on its website.
It’s the second time Microsoft has raised prices on its consoles in the U.S. this year. Rivals Sony and Nintendo have also raised console prices in the U.S. as Trump’s tariffs went into effect.
Here are the changes, according to a PDF posted on Microsoft’s website:
- Xbox Series S will start at $399, up from $379 previously. A version with 1TB of storage costs $449.
- Xbox Series X Digital console now costs $599, a $50 increase. The Xbox Series X with a disc drive also got a $50 increase to $649.
- The most expensive version, with 2TB of storage, costs $799, up from $729.
WATCH: Fed governor doesn’t see material inflation from tariffs
Ticket reseller StubHub signage on display at the New York Stock Exchange for the company’s IPO on Sept. 17, 2025.
NYSE
After a long wait to get public, StubHub has had a rough start to life on the New York Stock Exchange.
Shares of the online ticket vendor dropped 10% on Friday, falling for a third straight day since debuting on Wednesday. At $18.46, the stock is now down 21% from its IPO price of $23.50.
StubHub, trading under ticker symbol “STUB,” has lagged behind fellow market newcomers like online lender Klarna, design software company Figma and stablecoin issuer Circle, which delivered early returns for investors following their recent IPOs. Shares of cybersecurity firm Netskope also rose 10% on Friday in their second trading day, after an initial pop on Thursday.
StubHub had been trying to go public for the past several years, but delayed its debut twice. The most recent stall came in April after President Donald Trump’s announcement of sweeping tariffs roiled markets. The company filed an updated prospectus in August, effectively restarting the process to go public, and has since seen its market cap slip to about $6.8 billion from $8.6 billion at its IPO.
Founded in 2000, StubHub primarily generates revenue from connecting buyers with ticket resellers. In the first quarter, revenue rose 10% from a year earlier to $397.6 million. The company’s net loss widened to $35.9 million from $29.7 million a year ago.
StubHub CEO Eric Baker told CNBC on Wednesday that the company expects recently introduced federal regulations around transparent ticket pricing to cause a “one-time” hit to its financial results.
Regulators are zeroing in on online ticket sellers over their pricing mechanisms and whether the companies are doing enough to keep automated purchasing bots in check. The Federal Trade Commission on Thursday sued StubHub rival Live Nation Entertainment, the parent company of Ticketmaster, accusing it of illegal resale tactics.
While StubHub has failed to excite Wall Street, its struggles haven’t seeped into other deals as the tech IPO market continues to show signs of a resurgence after an extended dry spell. Amazon reseller Pattern Group saw its stock rise 12% on Friday, though shares initially slipped 6%.
WATCH: StubHub CEO on company’s IPO
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment12 months agoHere are the best electric bikes you can buy at every price level in October 2024