Simon Willison’s Weblog: Preview: Gemini API Additional Terms of Service

Source URL: https://simonwillison.net/2024/Nov/19/preview-gemini/#atom-everything
Source: Simon Willison’s Weblog
Title: Preview: Gemini API Additional Terms of Service

Feedly Summary: Preview: Gemini API Additional Terms of Service
Google sent out an email last week linking to this preview of upcoming changes to the Gemini API terms. Key paragraph from that email:

To maintain a safe and responsible environment for all users, we’re enhancing our abuse monitoring practices for Google AI Studio and Gemini API. Starting December 13, 2024, Gemini API will log prompts and responses for Paid Services, as described in the terms. These logs are only retained for a limited time (55 days) and are used solely to detect abuse and for required legal or regulatory disclosures. These logs are not used for model training. Logging for abuse monitoring is standard practice across the global AI industry. You can preview the updated Gemini API Additional Terms of Service, effective December 13, 2024.

That “for required legal or regulatory disclosures" piece makes it sound like somebody could subpoena Google to gain access to your logged Gemini API calls.
It’s not clear to me if this is a change from their current policy though, other than the number of days of log retention increasing from 30 to 55 (and I’m having trouble finding that 30 day number written down anywhere.)
That same email also announced the deprecation of the older Gemini 1.0 Pro model:

Gemini 1.0 Pro will be discontinued on February 15, 2025.

Tags: gemini, google, generative-ai, ai, llms

AI Summary and Description: Yes

Summary: The text discusses upcoming changes to the terms of service for Google’s Gemini API, focusing on enhanced abuse monitoring practices and log retention policies. This is significant for AI security professionals, as it raises concerns about user data management and compliance.

Detailed Description:
The text outlines important updates concerning Google’s Gemini API, specifically regarding its terms of service and abuse monitoring practices. These changes highlight key implications for privacy, security, and compliance in the AI domain.

– **Enhanced Monitoring Practices**: The Gemini API will improve its logging of prompts and responses for paid services starting December 13, 2024.
– **Log Retention**: Logs will be retained for a period of 55 days, increased from a previous retention period of 30 days, although the older number isn’t prominently documented.
– **Use of Logs**: The logs are intended solely for detecting abuse and for fulfilling any legal or regulatory disclosure requirements, not for model training—positioning this as a standard industry practice.
– **Legal Concerns**: The text raises an important concern about the potential for data to be accessed via subpoenas, which highlights the need for organizations to be aware of their data security practices in conjunction with compliance obligations.
– **Discontinuation of Older Model**: The announcement also includes the discontinuation of the Gemini 1.0 Pro model, effective February 15, 2025, which is relevant for users currently on that version.

**Key Implications for Security and Compliance Professionals**:
– **Data Privacy**: Organizations using the Gemini API should review their data management policies in light of the new log retention approach to ensure compliance with privacy regulations.
– **Risk Management**: Understanding the implications of log retention for abuse monitoring is vital to mitigate risks associated with data exposure through legal requests.
– **Industry Standards**: The mentioned logging practices indicate a trend toward increased scrutiny and regulation within AI, suggesting that other providers may follow suit.
– **Future Strategy**: Companies must adapt to these changes by updating their compliance strategies and ensuring their teams are informed about the specifics of these updates and their potential impacts on user data.

Overall, the text serves as a critical update for stakeholders in AI and cloud security, emphasizing the need for proactive data governance and compliance strategies.