What WeTransfer’s terms of service backtrack tells us about AI, data, and digital trust
Earlier this week, Dutch file-sharing platform WeTransfer found itself in the crosshairs of an increasingly familiar story: AI ambition colliding with user trust.
A subtle but potent tweak to its ‘terms of service’ – a clause suggesting user files might be used to “improve performance of machine learning models” -triggered feelings of unease through its global user base, particularly among the creatives it’s long catered to.
Artists, writers, filmmakers and journalists took to X to voice concerns. Was their intellectual property about to become grist for an AI mill? Or would their work be used, without credit or compensation, to help build systems that might one day compete with them?
WeTransfer acted quickly, and by Tuesday, it had revised the clause, removed references to machine learning entirely, and issued a clarifying statement.
“We don’t use customer content to train AI, we never have, and we don’t sell or share user data”, it wrote.
The company explained that the original language was meant to allow for possible future content moderation tools, but conceded the wording had been “unclear”.
The episode, though, is less about WeTransfer itself than what it represents, which is a growing trust deficit between users and tech providers in the age of artificial intelligence.
Ultimately, this is a data issue, with concerns around whose it is, who controls it, and what can legally be done with it.
WeTransfer: the clause that sparked concerns
The specific phrasing at issue was: “You hereby grant us a perpetual, worldwide, non-exclusive, royalty-free, transferable, sub-licensable license… including to improve performance of machine learning models”.
To most lawyers, it reads like standard risk-management language. Yet, to most creatives, it reads more like a dystopian data grab. And therein lies the gap between legal logic and public interpretation, between commercial possibility and communicative responsibility.
WeTransfer insists nothing changed in practice, only on paper. “There’s no change in how WeTransfer handles your content in practice,” said a spokesperson.
But the distinction between ‘what we’re doing’ and ‘what we could do’ isn’t always anm obvious one, especially when the clause suggests rights that far exceed the technical needs of a file transfer service.
A broader pattern emerges
WeTransfer’s misstep is not isolated. Zoom, Adobe, Slack, Dropbox – each has been forced to clarify, retract or explain clauses in their service terms that users took to imply their data might be used for AI training.
In every case, legal language intended to secure operational flexibility has been interpreted as an overreach.
Dropbox’s drama involved a toggle switch buried in settings suggesting users could opt into “third-party AI services.”
Meanwhile, Zoom came under fire for language that appeared to give it permission to use video, audio and chat data to develop its AI – until it added the line: “Zoom will not use customer content to train AI models without consent.”
Adobe, for its part, was hit hardest, with its community of illustrators and designers calling foul over AI language they felt granted the company unfettered access to their creations.
Adobe executives scrambled to reassure them that Firefly, its generative model, was only trained on Adobe Stock and public domain content.
In each case, a pattern emerges where vague phrasing prompts loud backlash and retroactive amendments.
The legal terms may be technically defensible, but in an industry now living through an “AI trust crisis” as developer Simon Willison calls it, that doesn’t seem like enough.
The stakes
To understand the fury, especially from the creative industries, one needs only look at the mechanics of generative AI.
Training large language and visual models requires enormous datasets, from text, images, audio, code.
If user uploads are fair game, even hypothetically, companies risk being seen as strip-mining the very users they serve.
The ‘We’ve never trained on customer data, and we don’t intend to’ quote has become the new mantra. But that reassurance often arrives only after the controversy.
For artists, writers and independent creators, whose income depends on the originality of their output, the idea that their work might fuel the development of tools that replicate or undercut them is both infuriating and deeply personal.
The Writers’ Guild of Great Britain welcomed WeTransfer’s climbdown, adding pointedly: “Members’ work should never be used to train AI systems without their permission.”
Legal grey zones
From a legal standpoint, terms of service are evolving to accommodate new technical capabilities.
As solicitor Neil Brown of decoded.legal explains, companies often include catch-all licensing language to ensure they’re covered for operational necessities – copying files between servers, performing virus scans, generating previews.
But AI adds complexity. When terms suggest the use of content to ‘develop new technologies’, courts may one day be asked whether that includes AI training, and whether a user, by ticking a box, genuinely understood what they were agreeing to.
The result is a legal grey zone populated by very different expectations. “There’s a real risk of mismatch between what a company wants to do with data and what a user thinks they’ve agreed to”, Brown says. “And that opens the door to legal challenges, reputational damage, or both.”
An industry reckoning
If there’s a lesson from WeTransfer’s walk-back, it’s that the cost of ambiguity is rising. In a landscape where even routine T&Cs now carry AI implications, companies can no longer afford to hide behind ‘industry standard; legalese.
WeTransfer says it will work to earn back trust. “As a company with deep roots in the creative community, we hold our customers and their work in the highest regard”, its statement reads.
The new version of its T&Cs strips all AI references, and restricts content use to “operating, developing, and improving the service”, in line with its privacy and cookie policies.
Unfortunately for the photo-sharing platform, in the absence of transparency, suspicion fills the vacuum.
If tech firms want access to access their users’ data, whether for moderation, product improvement, or AI, it seems they’ll need more than boilerplate clauses and retroactive FAQs. Instead, they need clarity and consent that’s active, rather than assumed.