Background information
Digital Omnibus: the EU’s set to restructure digital laws
by Florian Bodoky
Starlink’s now using customer data for AI training – here’s how to opt out
21.1.2026
Translation: Elicia Payne
Starlink has revised its privacy policy. Personal data may now also be used for training AI models. In certain cases, this will even allow third-party providers access for their own purposes. Don’t agree? Then you’ll have to opt out.
On 15 January 2026, Starlink updated its Global Privacy Policy. It now states that data can be used «to train our machine learning or artificial intelligence models». Not only that, but third-party providers may also use this data «in limited cases» to train their own AI models – «including for their own independent purposes».
Third-party providers, AI training and the opt-out
Starlink may share personal data with affiliated companies and service providers in certain cases. For example, when they perform tasks such as hosting, maintenance, backups, storage, payment processing, messaging, advertising or analytics. This is where the real problems begin. It’s not just Starlink’s own AI systems that could have access to your data – third-party models may also use it to pursue their own goals.
Still, you can opt out of sharing your data with third-party providers for AI training. The policy puts it succinctly: «To opt out of the use of your data for artificial intelligence model training by third-party collaborators, please navigate to your user settings and check the relevant option.» Starlink has published a step-by-step guide in its «changelog».
What data Starlink collects – and what it’s used for
The policy also explains what data Starlink collects. This includes details such as name, address, contact information, orders and payment data. When you visit the Starlink website, technical information is also collected – such as the IP address used to access the page, as well as browser and device information. This is normal web tracking and is only connected to visits to the Starlink website – not to general internet use.
When operating the internet service itself, Starlink collects further technical data, such as the quality of the connection, the orientation of the satellite dish, the Wi-Fi strength in the household and the public IP addresses that Starlink assigns to users over time. This information relates to the status of the connection – not the general internet use. There’s no indication in the policy that Starlink stores the individuals website visits or which destination IP addresses reach.
It’s not unusual for an internet provider to collect this range of information. The decisive factor is less the collection itself than the question of what this data may be used for in the future – especially in connection with AI models. And the range of purposes listed in the guidelines is extensive: processing orders, processing payments, improving customer service, maintaining systems, troubleshooting or meeting legal requirements. A new addition is the use «for training our machine learning or artificial intelligence models». According to the policy, anonymised data is no longer considered personal data and can be used further without restrictions.
Tracking, cookies and the Do Not Track thing
Starlink uses cookies, pixels and similar technologies on its website to recognise usage patterns, display content and control advertising. This data can be linked to a customer account and is then considered personal data. The guidelines state that Starlink doesn’t respond to do-not-track signals. If you block cookies, you have to expect limited functionality.
In itself, this is standard tracking. In conjunction with the new use of AI, however, additional data points could flow into the models.
Security, storage and rights
Starlink describes technical and organisational protective measures, encrypts data between devices and the network and trains employees in handling data protection. At the same time, the policy states that no measure guarantees absolute safety. Starlink says that, in the event of suspected violations, the authorities and those affected will be informed, where required by law.
Data’s stored for as long as is necessary for the purposes for which it was collected or as required by law. Account data is generally stored for two years after the account’s closed. There are also regional data protection rights, information on children under the age of 16, third-party websites and possible future changes.
Having read the policy, I’m left with the impression that the new guidelines represent less change on the surface than to the foundations. The «new» aspect isn’t in the collection of data, but in its extended use – especially where service providers are allowed to use personal data for their own AI models. Anyone who doesn’t want this will have to take action and opt out.
Header image: Shutterstock
Martin Jud
Senior Editor
martin.jud@digitecgalaxus.chI find my muse in everything. When I don’t, I draw inspiration from daydreaming. After all, if you dream, you don’t sleep through life.
Computing
Follow topics and stay updated on your areas of interest
Network
Follow topics and stay updated on your areas of interest
Background information
Interesting facts about products, behind-the-scenes looks at manufacturers and deep-dives on interesting people.
Show allThese articles might also interest you
22 comments
later