Lead: GitHub will begin using customer interaction data to train its AI models starting April 24, 2026. The change covers Copilot Free, Pro and Pro+ users, while Copilot Business, Copilot Enterprise, and verified students and teachers are exempt under existing contracts. A US-style opt-out option is available through account settings; GitHub says the additional data will improve suggestion accuracy and bug detection. The announcement has prompted significant community pushback and renewed debate about private repository data and consent norms.
Key Takeaways
- Effective date: GitHub’s policy takes effect on April 24, 2026, allowing interaction data to be used for model training when not opted out.
- Affected tiers: Copilot Free, Pro and Pro+ customers are included; Copilot Business and Enterprise customers are exempt by contract.
- Education exemption: Students and teachers using Copilot are excluded from the change.
- Opt-out mechanism: Users can disable “Allow GitHub to use my data for AI model training” at /settings/copilot/features in their account Privacy settings.
- Data types listed: accepted/modified model outputs, model inputs including code snippets, code context near the cursor, comments and docs, file names/repo structure, Copilot interactions (chats), and feedback ratings.
- Community reaction: On the public discussion sampled, there were 59 thumbs-down votes and 3 rocket-emoji reactions; 39 posts commented at the time of filing.
- GitHub justification: The company says interaction data, including Microsoft employee contributions, has measurably increased suggestion acceptance rates in its models.
Background
Developer tools that rely on large language models have long been trained on public code and other signals scraped from the web. OpenAI’s Codex, for example, was fine-tuned on publicly available GitHub repositories, a fact that helped normalize the practice of using repository content for model building. The new GitHub policy extends that principle by adding developer interaction data—what users type, accept, modify or rate—into the training mix.
Regulatory and cultural norms differ across jurisdictions. In the United States, corporate practice often relies on opt-out arrangements for service improvements, while many European rules — and some interpretations of GDPR — favor opt-in consent for newly processed personal data. Enterprises that negotiate bespoke terms with GitHub have contractual protections and are therefore excluded from this change, underscoring how market position affects data use.
Main Event
On March 26, 2026, GitHub announced that, beginning April 24, it will collect certain interaction data from Copilot users for model training unless the user opts out. The company published implementation details and a recommended settings path for users who wish to prevent their interactions from entering training datasets. The settings change is available at /settings/copilot/features under Privacy.
GitHub lists specific categories of data intended for use: model outputs that users accepted or changed; inputs such as code snippets that were shown to users; the code context around a cursor position; user-authored comments and documentation; file names and repository structure; interactions with Copilot features like chat; and explicit feedback such as thumbs-up/thumbs-down ratings. GitHub says collection of private-repo snippets can occur while a user is actively using Copilot in that repository, subject to their settings.
The company’s chief product officer framed the change as a path to better tooling: interaction signals reportedly made internal models more accurate and increased acceptance of suggestions. GitHub’s FAQ points to similar policies at Anthropic, JetBrains and Microsoft to argue that the approach aligns with broader industry practice. Still, community threads show widespread skepticism and concern about the scope and consent model.
Analysis & Implications
Performance vs. privacy is the central trade-off. Interaction data is often richer than static public code because it includes accept/reject signals and local context that can teach a model which suggestions are helpful in real workflows. That can materially improve productivity tools and reduce bugs, a benefit GitHub emphasizes when explaining acceptance-rate gains. However, richer signals also raise the risk of exposing private patterns, business logic, or proprietary snippets if safeguards are incomplete.
Contractual exemptions for Business and Enterprise customers highlight a two-tier outcome: organizations with bargaining power can keep stricter protections, while individual developers and smaller teams face default inclusion unless they opt out. This split could push companies to require enterprise-only tooling or written contracts for sensitive work and complicate internal compliance for mixed teams that use both exempt and non-exempt accounts.
Regulators in jurisdictions with stronger consent requirements may scrutinize the change. In the EU, where opt-in standards for some processing have stronger legal force, the US-style opt-out could prompt inquiries about sufficiency of consent, transparency, and data minimization. Litigation or regulatory challenges are possible if private code ends up influencing public model behavior in ways that expose intellectual property or personal data.
Comparison & Data
| Category | Included | Exempt |
|---|---|---|
| Copilot Free/Pro/Pro+ | Yes (unless opt-out) | No |
| Copilot Business/Enterprise | No (contractual exemption) | Yes |
| Students & Teachers | No (exempt) | Yes |
| Private repo snippets | Collected when user actively uses Copilot | Depends on settings/contract |
The table above synthesizes GitHub’s published scope and exemptions. Community reaction metrics sampled from the public discussion showed 59 negative emoji reactions versus 3 positive-leaning rocket emojis across 39 posts, indicating clear user dissatisfaction in that thread. Such signals are imperfect but underscore developer unease.
Reactions & Quotes
GitHub framed the change as a contribution to model quality, saying participation helps models better mirror development flows and reduce bugs.
GitHub (blog post summary)
Some community leaders and many individual contributors publicly questioned the consent model and the implications for private or proprietary code used while Copilot is active.
GitHub community discussion
GitHub VP of developer relations acknowledged community concerns but has not offered broad-facing endorsements beyond internal staff support.
Martin Woodward (GitHub)
Unconfirmed
- Retention period: GitHub has not publicly detailed how long interaction-derived training data will be stored or the exact retention policy for collected snippets.
- Scope of private repo inclusion: It is not fully clear how broad the “active engagement” threshold is for collecting code from private repositories in all workflow scenarios.
- Downstream model exposure: Whether specific proprietary patterns from private repos could surface in suggestions for unrelated users has not been independently verified.
Bottom Line
GitHub’s policy shift formalizes a step many in the AI tooling industry have already taken: using richer interaction signals to fine-tune models. For developers, the immediate practical action is simple and fast—visit /settings/copilot/features and disable the training toggle if you do not want your Copilot interactions to be included. That opt-out preserves local control for individuals but requires awareness and proactive steps.
Longer term, this change is likely to accelerate two parallel trends: improved model usefulness where interaction data is available, and increased demand for contractual protections, enterprise-only tooling, or alternative services where organizations cannot accept the default data model. Regulators and enterprise customers will be the key arbiters of how far platforms can push default data-use settings without stricter consent requirements.