NotebookLM: what the sources say
Google · United States
Profile last reviewed 31 May 2026. This record reflects the guide as published; check tautoru.ai/ai/tools/notebooklm for the current version.
What this record is. A dated summary of what Google’s own terms and the applicable New Zealand rules say about putting different kinds of information into NotebookLM, on each of its plans. Each entry links to the primary source it is drawn from.
What it is not. It is not legal advice, and it is not a certificate that any particular use is safe or approved. It records what the sources say; whether a given use is appropriate for your matter is your own judgment, on your own facts, and — where the stakes warrant it — a question for you and your own advisers. The colours summarise sources; they are not Tautoru’s permission.
The position, by kind of information
1. Public information
Material already published to the world and under no restriction: reported case law, statutes and regulations, regulator and government guidance, public company filings, and published writing. One caveat decides the edge cases — information being publicly available does not take it outside the Privacy Act. A public register full of named individuals is still personal information; treat bulk or re-identifiable personal data as category 5, not as category 1.
Public information carries no confidentiality or privacy constraint, so the data handling raises no legal risk for this material; the only live question is accuracy (and NotebookLM's source-grounding helps with that). Permitted on consumer NotebookLM.
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026)
No confidentiality or privacy constraint; in Workspace, NotebookLM does not train on your content. The live question is accuracy.
Sources: Generative AI in Google Workspace Privacy Hub (as at 31 May 2026)
No confidentiality or privacy constraint; NotebookLM Enterprise keeps content in your Cloud project and does not train on it. The live question is accuracy.
Sources: What is NotebookLM Enterprise? (Cloud data residency, VPC-SC, CMEK) (as at 31 May 2026)
2. Internal non-confidential
Material that is neither public nor commercially confidential, and not about any identifiable person: blank templates and precedents, general know-how, and truly hypothetical scenarios.
Low-sensitivity internal material with no confidentiality or privacy constraint; permitted on consumer NotebookLM (which does not train on your sources unless you submit feedback).
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026)
Low-sensitivity internal material; in Workspace, NotebookLM does not train on your content.
Sources: Generative AI in Google Workspace Privacy Hub (as at 31 May 2026)
Low-sensitivity internal material; NotebookLM Enterprise keeps content in your Cloud project.
Sources: What is NotebookLM Enterprise? (Cloud data residency, VPC-SC, CMEK) (as at 31 May 2026)
3. Internal confidential (non-privileged)
Confidential information that is not legally privileged — whether it is your customer’s, client’s or a third party’s. It covers client identity and retainer terms, deal and business information, and anything imparted in confidence (by contract, by undertaking, or by the circumstances). If the material is also privileged, use category 4; if you are unsure whether it is confidential, treat it as if it is.
NotebookLM is unusual: on the consumer tier it does not train on your sources unless you submit feedback — so for internal-confidential material it is usable with care, the live constraint being your duty of confidence (Conduct rules, ch 8). Be clear about the one trigger: submitting feedback on a confidential notebook sends that content for human review and up to three years' retention, so do not submit feedback on confidential material. Source-grounded answering with citations suits document-bound work.
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
In Google Workspace, NotebookLM does not train on your content and is not human-reviewed, regardless of feedback, so the live constraint is your duty of confidence. Two cautions: the Workspace data-region setting does not apply to NotebookLM, and no DLP integration is documented.
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026); Generative AI in Google Workspace Privacy Hub (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
NotebookLM Enterprise keeps your sources within your Cloud project (VPC-SC, CMEK, IAM); the no-training footing flows from the Gemini Enterprise/Cloud terms, which we cite. The duty of confidence governs — obtain authority or rely on adequate safeguards.
Sources: What is NotebookLM Enterprise? (Cloud data residency, VPC-SC, CMEK) (as at 31 May 2026); How Gemini for Google Cloud uses your data (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
4. Legally privileged
Material attracting legal advice privilege or litigation privilege — a subset of confidential information, and the most protected. Privilege belongs to the client, not the lawyer. Whether putting it into a third-party tool affects privilege turns on confidentiality and waiver, addressed in each tool profile and in our guidance; it is not a foregone conclusion. Whether a given document is privileged at all is a question for a qualified lawyer — the safe course is precautionary: if it could be privileged, proceed as if it is.
Consumer NotebookLM does not train on your sources unless you submit feedback, so confidential use does not waive privilege (Evidence Act s 65; B v ADLS) — usable for privileged material with care. The trigger to avoid: do not submit feedback on a privileged notebook, as that sends the content for human review and retention. (Confidential use of a no-training tool does not itself waive privilege — see our guidance on privilege.)
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026)
In Workspace, NotebookLM does not train on or human-review your content, so confidential use does not waive privilege (s 65; B v ADLS). Amber, not green, because privileged work warrants a deliberate protocol and client authority.
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026); Generative AI in Google Workspace Privacy Hub (as at 31 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
Project containment and the no-training footing (from the Gemini Cloud terms) keep the material confidential in fact, so privilege is not waived (s 65; B v ADLS). A deliberate protocol is still warranted.
Sources: What is NotebookLM Enterprise? (Cloud data residency, VPC-SC, CMEK) (as at 31 May 2026); How Gemini for Google Cloud uses your data (as at 31 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026)
5. Personal information (Privacy Act 2020)
Personal information means any data about an identifiable living individual. Explicit names are not required. Contextual details alone can identify a client, witness, or opposing party. Inputting this data into AI tools can trigger strict compliance rules. Under Section 11 of the Privacy Act 2020, sending personal data to an overseas cloud service provider solely for processing or safe custody on your behalf is not usually treated as a “disclosure”. You remain responsible for it. The moment an AI provider’s terms allow them to use your inputs for their own purposes (such as training their models), it becomes an official disclosure to an overseas agency, and can trigger information privacy principle 12.
With no training unless you submit feedback, putting personal information into consumer NotebookLM is workable: it remains a cross-border disclosure risk (IPP 12) to a US provider, so rely on the no-training position — which means the US provider is not using the data for its own purposes — and the comparable-safeguards analysis, and do not submit feedback on the material. For volume or sensitive personal data, a Workspace or Enterprise arrangement is better.
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
Cross-border risk under IPP 12 — no training, which means the offshore provider is not using the data for its own purposes, with the Workspace terms supporting comparable safeguards. Note the Workspace data-region setting does not apply to NotebookLM, and there is no documented DLP. Record the basis.
Sources: Generative AI in Google Workspace Privacy Hub (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
Cross-border risk under IPP 12; project containment, CMEK and US/EU residency support comparable safeguards (no NZ region), and mean the offshore provider is not using the data for its own purposes. Record the basis.
Sources: What is NotebookLM Enterprise? (Cloud data residency, VPC-SC, CMEK) (as at 31 May 2026); How Gemini for Google Cloud uses your data (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
6. Sensitive personal information
Personal information whose misuse carries a heightened risk of harm. New Zealand’s Privacy Act does not define a separate “sensitive” class as the GDPR does in Europe, but in practice this material warrants extra care, senior approval and a privacy impact assessment: health and mental-health information, biometric data (a Biometric Processing Privacy Code applies from 3 August 2026), financial details, criminal history, and information about ethnicity, religious belief, sexual orientation or immigration status. Health information in particular requires a significantly higher standard of protection than ordinary personal information.
With no training unless you submit feedback, sensitive personal information can be used with care (IPP 12 risk mitigated by no training on inputs); do not submit feedback on the material. Given the sensitivity, a Workspace or Enterprise arrangement is preferable.
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training; Workspace controls support sensitive data under a deliberate protocol, but note the data-region setting does not apply and there is no DLP. IPP 12 risk mitigated by no training on inputs.
Sources: Generative AI in Google Workspace Privacy Hub (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training; project containment, CMEK and residency support sensitive data under a protocol. IPP 12 risk mitigated by no training on inputs.
Sources: What is NotebookLM Enterprise? (Cloud data residency, VPC-SC, CMEK) (as at 31 May 2026); How Gemini for Google Cloud uses your data (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
7. Children’s information
Information about a child or young person. It is also personal information (category 5), and often sensitive (category 6), and it carries additional care because of children’s vulnerability and the weight given to their best interests. Treat it as needing the strongest justification, even where a rule does not strictly compel it.
With no training unless you submit feedback, children's information can be handled with care (IPP 12 risk mitigated by no training on inputs, and children's information carries heightened sensitivity); do not submit feedback on the material. A Workspace or Enterprise arrangement is preferable for material this sensitive.
Sources: Privacy and Terms of Use in NotebookLM (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training; handle under a deliberate protocol in Workspace. IPP 12 risk mitigated by no training on inputs.
Sources: Generative AI in Google Workspace Privacy Hub (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training; project containment and residency support children's information under a protocol. IPP 12 risk mitigated by no training on inputs.
Sources: What is NotebookLM Enterprise? (Cloud data residency, VPC-SC, CMEK) (as at 31 May 2026); How Gemini for Google Cloud uses your data (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
8. Court-protected material
Material under an independent legal restriction that binds regardless of the tool or plan: name suppression and non-publication orders, confidentiality and sealing orders, statutory automatic suppression (for example in some Family, care-of-children and youth proceedings), and undertakings you have given to the other side. The restriction is the bar, not the technology — if any order or undertaking might apply, proceed with extreme caution.
Suppression orders, confidentiality orders, sealed material and undertakings are independent legal restrictions that can apply regardless of tool or plan; the NZ Law Society's AI guidance is explicit that suppressed material must not be entered into AI tools.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
An independent legal restriction (suppression, confidentiality order, sealing, undertaking) applies regardless of tool or plan.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
An independent legal restriction (suppression, confidentiality order, sealing, undertaking) applies regardless of tool or plan.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
What the colours mean
- GreenBased on current provider terms and standard New Zealand frameworks, using this information on this plan is unlikely to breach primary regulatory or privacy restrictions. However, users must still consider any case-specific confidentiality obligations. Sources linked.
- AmberUse is acceptable only if specific safeguards are active. This workflow demands explicit settings adjustments, precise redactions, or specific contractual coverage to remain within legal limits. Sources are linked below.
- RedUsing this information on this plan will breach primary New Zealand regulatory or privacy limits. Proceeding requires a fundamental structural change — such as upgrading to a secure enterprise tier, switching vendors, or utilising a local, self-hosted deployment. Sources linked.
- BlackAn independent restriction — court order, suppression order, statutory prohibition, undertaking — applies regardless of tool or plan.
- Not yet assessedWe have not yet established a sourced position for this cell. It carries no colour rather than a guess (Policy §5.3).
Sources cited in this record
- Privacy and Terms of Use in NotebookLM — Google. Perma.cc record (as at 31 May 2026).
- Generative AI in Google Workspace Privacy Hub — Google. Perma.cc record (as at 31 May 2026).
- What is NotebookLM Enterprise? (Cloud data residency, VPC-SC, CMEK) — Google. Perma.cc record (as at 31 May 2026).
- Generative AI guidance for lawyers — New Zealand Law Society. source (as at 31 May 2026).
- How Gemini for Google Cloud uses your data — Google. Perma.cc record (as at 31 May 2026).
- Evidence Act 2006, s 65 (Waiver) — New Zealand Legislation. source (as at 31 May 2026).
- B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 — Privy Council (on appeal from New Zealand). source (as at 31 May 2026).
- Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) — Office of the Privacy Commissioner. source (as at 31 May 2026).