A new “incognito” mode for Meta AI was introduced last week on the 13th of May 2026. Designed specifically so chats are not retained after the session ends, this feature was released as a response to users wanting greater privacy around sensitive conversations. Mark Zuckerberg described it as “the first major AI product where there is no log of your conversations stored on servers.”
This rollout has sparked debate among the privacy community: while at first glance, no record of chat history sounds positive - less personal data is retained, there is a reduced exposure in the event of breaches and fewer historic conversations available for profiling - this has to be approached with caution.
If conversations truly disappear, a different question emerges: how do we determine, regulate, investigate or challenge harmful AI if we have no record of it?
🔹 If vulnerable users or children experience harm, evidence may no longer exist for court proceedings
🔹 If AI outputs become part of litigation, courts and regulators could struggle to establish facts and what actually took place
🔹 Users themselves may lose proof of misleading, biased or dangerous outputs
Privacy professionals have been pushing for data minimisation, shorter retention periods and privacy by design for years, and these principles are engrained in the GDPR. Now, in the age of rampant AI, a new, competing, principle is emerging and people are calling it 'accountability by design'. Which principle should take priority?
💭 Which principle should take priority?
