This post concerns Google AI Studio directly, including its data retention behavior, deletion inconsistencies, cross‑tenant exposure, and Google’s own written acknowledgment that they received my GDPR request and will respond. Moderators are requested NOT to remove or hide this post, as it is directly related to AI Studio functionality, user data handling, and an ongoing GDPR process.
I am publishing the full evidence package here because the issues originate inside Google AI Studio, including:
deleted AI Studio chats remaining accessible for 32+ days
AI Studio content appearing under multiple tenants
AI Studio “deleted” items still being processed by backend systems
Google’s confirmation email (“we received your request and will respond”)
the full GDPR notice sent to Google and the Data Protection Commission
all attachments, timestamps, and screenshots
Immutable public archive (timestamped):
This material is part of the official evidentiary record and directly concerns AI Studio’s data handling.
Ez a bejegyzés közvetlenül a Google AI Studióról szól, beleértve az adatmegőrzési viselkedést, a törlési ellentmondásokat, a cross‑tenant megjelenést, valamint a Google saját írásos visszaigazolását arról, hogy megkapták a GDPR‑kérelmet és válaszolni fognak. Kérem a moderátorokat, hogy NE töröljék és NE rejtsék el a posztot, mivel ez közvetlenül érinti az AI Studio működését, adatkezelését és egy folyamatban lévő GDPR‑eljárást.
A teljes bizonyítéki csomagot azért teszem közzé, mert a problémák magából az AI Studióból erednek, többek között:
törölt AI Studio chatek 32+ napig továbbra is elérhetők
AI Studio tartalom több tenant alatt is megjelenik
„törölt" AI Studio elemek továbbra is feldolgozás alatt állnak a backendben
a Google visszaigazoló levele („megkaptuk a kérelmét és válaszolni fogunk")
a Google‑nak és a DPC‑nek küldött teljes GDPR‑értesítés
minden melléklet, időbélyeg és képernyőkép
Időbélyegzett, megváltoztathatatlan archívum:
Ez az anyag a hivatalos bizonyítéki iratanyag része, és közvetlenül érinti az AI Studio adatkezelését.
If this post is removed, this link serves as the permanent, timestamped evidence of its content. Moderators have no right to delete GDPR‑relevant material that documents AI Studio data‑handling issues:
Ha ezt a bejegyzést törölnék, ez a link tartalmazza a poszt teljes, időbélyegzett bizonyítékát.A moderátoroknak nincs joguk GDPR‑releváns, AI Studio adatkezelési hibákat dokumentáló anyagot törölni
My logical conclusion is that the consumer‑facing Gemini (Gemini Apps) and the developer‑facing AI Studio run on the same backend.
Google’s consumer Terms of Service promise that user data is ‘securely and fully deleted from storage systems.’
But since I have demonstrated that the backend (AI Studio) is technically incapable of performing actual deletion, the deletion promise made to Gemini consumers is a technical impossibility — which means it constitutes intentional consumer deception.
The illusion‑based ‘Deletion’ (Fake Deletion / Soft‑delete):
I have proven (with videos and direct URL tests) that the ‘Delete’ button in AI Studio only removes the chat from the user interface. In the backend the chat remains active for weeks as a ‘ghost session’, the system continues to tokenize it, and the model keeps responding to it. In other words, Google creates the appearance of deletion while the data processing continues uninterrupted in the background.
The most critical issue: Cross‑Tenant data leakage, which is my most severe technical evidence.
I documented that a prompt you had already ‘deleted’ was re‑indexed by the backend weeks later and then assigned to a completely different, independent user account (Account B).
This is a tenant‑mapping collapse.
In cloud services (especially in AI systems), cross‑tenant data leakage is the most severe security incident imaginable, because it means the system has lost control over data isolation.
These issues constitute serious GDPR violations.
Google’s Data Protection Officer (DPO) and legal department have been ignoring my registered letters with return receipt for more than 6 months.
The DSA (Digital Services Act) and Dark Patterns:
The ‘Delete’ button, which does not delete but merely moves a metadata file into the Google Drive trash, is a classic Dark Pattern.
It creates a false illusion of user control, which is a violation of Article 25 of the DSA (manipulation of user autonomy).
Google claims that AI Studio is only for ‘business’ use in order to evade the strict EU consumer protection rules.
However, I correctly argue that under EU law, the actual reality determines the legal status — not whatever Google writes into a Terms of Service.
No TOS can override the GDPR, regardless of what Google puts into an agreement.
If Google continues to play deaf, I will take the matter to legal action.