• FaceDeer@fedia.io
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    6 months ago

    I just did a bit of poking around on the subject of the “right to be forgotten” and it’s legally complex. Data without personally identifying information, and data that’s been anonymized through statistical analysis (which LLM training is a form of) aren’t covered.

    • Barbarian@sh.itjust.works
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      6 months ago

      Yup. As someone who’s worked a little bit on GDPR compliance, it’s not some magic wand you wave at your data. Any data they receive after the request is also not covered by that request. Also, only EU citizens and residents are legally entitled to make a request. A company may choose to comply with non-EU users, but that’s purely their choice.

      Comments that contain any info about where you live, your ethnicity, disabilities (cognitive or physical), gender, where you work, etc must be deleted as part of a forget request, so that might impact LLM training data.

      Personally identifying information can be somewhat of a grey area in some situations as well. If I were to say I’m from New York, that’d be personally identifying. If I were to say I’m a fan of a sports team in New York, that’s not (even if that implies my location). If I were to say I’m a fan of a New York sports team, my favourite pizza place is in New York, my favourite park is in New York, etc etc, that might arguably be identifying, even if each of the pieces by itself is not.

      EDIT: Oh, and I forgot one of the most important parts: it’s not like there are any spot checks or anything. You’d need someone to actually lodge a formal complaint, with some kind of evidence they haven’t done what they’re supposed to, and the procedures are different for every EU country. They are normally very involved and complex. Essentially, you’d need to lawyer up and care enough to slowly and painfully shove it through the legal system.