The Case for Local AI
Every prompt you send to the cloud is data you no longer control.
Lawsuits & enforcement actions
P.M. v. OpenAI — CIPA wiretapping class action alleging billions in damages for using chat data to train models without consent. Called "potentially the biggest class action in history."
National Law Review →NYT v. OpenAI & Microsoft — billions sought for training on copyrighted content. Court ordered OpenAI to produce 20 million ChatGPT conversation logs for discovery.
National Law Review →Samsung engineers paste proprietary chip source code into ChatGPT. Data ingested into training pipeline. Samsung bans all GenAI company-wide.
Bloomberg →Italy fines OpenAI €15M — first GenAI-specific GDPR penalty. Training on personal data without legal basis, failure to report 2023 breach.
Euronews →Thele v. Google — class action alleges Gemini silently enabled scanning of all Gmail, Chat, and Meet content. $5,000 per violation under CIPA.
ClassAction.org →Perplexity AI class action — user prompts, AI responses, and personal data shared with Meta and Google for ad targeting, even in "Incognito mode."
Bloomberg →Clearview AI settles BIPA class action for $51.75M over biometric data collection from billions of photos without consent.
Regulatory Oversight →FTC investigation of OpenAI for deceptive data privacy practices. Expanded Sept 2025 to seven major AI companies over data collection and child safety.
Washington Post →By the numbers
of companies have experienced an AI privacy event
Stanford 2025 AI Index →say they need to do more to reassure customers on AI data handling
Cisco 2024 →of files uploaded to GenAI contain sensitive data
Stanford 2025 →cite privacy as #1 obstacle to AI adoption
Stanford 2025 →in financial sector supervision penalties in 2024
FINRA 24-09 →U.S. federal AI regulations in 2024, 2x from 2023
Stanford 2025 →What you're agreeing to
OpenAI trains on all ChatGPT Free/Plus/Pro inputs by default. Users must manually opt out. Even API tier retains inputs for 30 days.
Zoom granted itself a “perpetual, worldwide, royalty-free license” to customer content for AI training in 2023. Reversed after backlash.
GitHub Copilot uses interaction data for training by default on Free/Pro/Pro+ plans as of March 2026.
When your data goes to the cloud, you're trusting that today's terms are tomorrow's terms. History says they aren't.
Regulatory exposure
HIPAA: 71% of healthcare workers use personal AI accounts for work. HHS proposed first major Security Rule update in 20 years (Jan 2025) adding AI-specific requirements.
FINRA/SEC: Notice 24-09 — firms are liable for customer data sent to third-party AI. AI governance is a 2025 exam priority.
GDPR: €4B+ cumulative fines. Italy banned ChatGPT in 2023, fined OpenAI €15M in 2024. EU data sent to U.S. AI providers faces Schrems II scrutiny.
SOX: Ungovern AI use creates internal control deficiencies auditors will flag.
The technical case
For focused tasks, small models match the big ones.
Microsoft Research: fine-tuned 13B models hit ~95% of GPT-4 on specific benchmarks. Google's 7B Gemma matches GPT-3.5 on domain tasks.
Local inference: 30-80 tokens/sec on modern GPUs. No rate limits, no shared capacity, no round-trip latency.
Gartner: by 2027, 50%+ of enterprise GenAI models will be domain-specific (up from ~1% in 2023).
Being honest
When cloud is the right call.
Prototyping — proving a concept before investing in hardware.
General reasoning — diverse domains needing frontier capability.
Non-sensitive, low volume — public data where privacy isn't a factor.
Local wins where it matters most: high-volume automation on data you can't afford to have anywhere else.
Want to understand your exposure?
We'll audit what data your team is sending to cloud AI and assess whether on-premise makes sense.
Book a free assessment