Claude: Will It Share Your Data with Police Without a Warrant?

What Happened?

On July 8, Claude's new privacy policy will take effect. The update introduces a significant change: the company may share users' personal data — including identification documents like ID cards or passports and biometric information — with government authorities or law enforcement without requiring a court order under certain circumstances.

According to Hipertextual, the previous policy limited data sharing to compliance with legal requirements, such as a judicial request. The new wording expands the grounds to situations like emergencies, violations of terms of service, or Anthropic's internal investigations. This has sparked strong controversy, especially since Claude has required identity verification with an ID card or passport since the beginning of the year to access certain features.

The update is not a minor change: Anthropic, which had positioned itself as a bastion of responsible AI, is now loosening the protection of sensitive data. The previous privacy policy, in effect since Claude's launch, stated that it would only share personal information in response to "valid legal processes" like court orders. The new wording, however, includes a clause allowing disclosure when Anthropic "determines in good faith that it is necessary to protect its rights, property, or the safety of its users or the public." This broad language leaves room for interpretations that could bypass judicial oversight.

Why Is This Important?

The collection of biometric data and identification documents by tech companies is a sensitive issue. The possibility of this data being shared with police without prior judicial control sets a dangerous precedent for digital privacy. Moreover, the lack of transparency about what constitutes an 'emergency' or a 'terms violation' leaves a wide margin for interpretation that could be abused.

Compared to other companies in the sector, such as OpenAI or Google, Anthropic had positioned itself as a more responsible player in AI. This policy erodes that trust and calls into question its commitment to data protection. For example, OpenAI requires a court order to share data with authorities, according to its privacy policy updated in 2024. Google, for its part, publishes transparency reports on government requests. Anthropic, however, has not detailed how it will report these disclosures.

The historical context is relevant: since the Snowden cases in 2013, trust in tech companies to protect data from governments has been fragile. Anthropic's decision comes at a time of increasing scrutiny of AI and biometrics. In the European Union, the General Data Protection Regulation (GDPR) requires that any transfer of personal data to authorities be based on a clear and proportionate legal basis. Anthropic's new policy could violate this principle, as the exceptions are vague and do not require judicial oversight.

What Consequences Will It Have?

The consequences are multiple: for users, it poses a risk that their intimate data could end up in the hands of authorities without the usual legal safeguards. For Anthropic, it could lead to a loss of credibility and potential legal challenges in jurisdictions with strict data protection laws, such as the EU under the GDPR. Additionally, it could encourage other players in the sector to adopt similar policies, normalizing the handover of data without a court order.

Privacy experts warn that this policy could violate fundamental rights, especially if applied to users who have not committed any crime but merely violated terms of service. The Electronic Frontier Foundation (EFF) has previously pointed out that "emergency" clauses are often used to justify mass surveillance. In Anthropic's case, the lack of a concrete definition of "emergency" could range from a bomb threat to a simple critical tweet against the government.

The market impact is also significant. Anthropic competes directly with OpenAI and Google in the conversational AI space. If users perceive Claude as less secure, they might migrate to alternatives like ChatGPT or Gemini. Moreover, companies that use Claude to integrate AI into their products could reconsider their reliance, especially those in regulated sectors like healthcare or finance, where data privacy is critical.

A similar precedent occurred in 2018 when Facebook shared user data with authorities in Myanmar to identify alleged hate speech inciters without a court order, sparking global criticism. However, in that case, Facebook acted under international pressure and in a context of genocide. Anthropic's policy, on the other hand, is preventive and applies to any user, making it broader.

What Should Readers Know?

If you are a Claude user, you should know that as of July 8, your identity verification data (ID card, passport, biometrics) could be shared with police under certain conditions that do not require a court order. Although Anthropic claims it will not use this data for model training or marketing, the new policy expands the cases in which it can be handed over to third parties.

It is recommended to review the updated privacy policy and consider whether to continue using the service. It is also important to watch for potential regulatory changes or actions by data protection authorities. Specifically, users in the EU can file complaints with their data protection authorities if they believe the policy violates the GDPR. Additionally, organizations like the EFF or Privacy International could launch pressure campaigns against Anthropic.

For those who decide to continue using Claude, it is advisable to minimize the personal information shared: avoid uploading sensitive documents and do not use identity verification unless strictly necessary. Alternatively, you can use Claude without creating an account, although functionality will be limited.

In summary, Claude's new privacy policy represents a worrying shift in Anthropic's stance on privacy. While the company argues it seeks to comply with the law and protect users, critics see an open door to surveillance without oversight. Time will tell whether this decision affects its reputation and market position, but for now, users should be alert.