A Resetera forum member known as ‘RedbullCola’ discovered through network traffic analysis that Gaming Copilot Artificial Intelligence was transmitting screenshot data to Microsoft servers without explicit notice. The app performs optical character recognition on users’ screengrabs and sends the extracted text back to Microsoft to train large language models. The user found this activity while testing a game under a non disclosure agreement, raising concerns that unreleased game text could be exposed.
The article’s author verified the behavior and confirms the screenshot training feature is enabled by default. The only training option presented as an opt in is model training on voice chats, which remains disabled by default. To change the screenshot training setting, open Game Bar, navigate to Gaming Copilot, go to Settings and then Privacy, and uncheck the training slider to stop screen records from being sent to Microsoft for large language model training.
The default collection of screenshots for model training raises privacy and legal concerns. Under the GDPR, using European Union users’ personal data to train Artificial Intelligence requires transparent notice and an appropriate legal basis or explicit informed consent. Automatically enabling screenshot collection without clear consent or legal justification could breach the law and potentially prompt action from EU regulators. The combination of automatic data collection, optical character recognition, and default enablement creates a risk for users, including possible breaches of nondisclosure agreements and unintended disclosure of sensitive or unreleased content.
