720-891-1663

Alerts, Best Practices, Privacy, Safety

AI Models Conflict with ‘Right to be Forgotten’ Laws

Leave a comment

This is a very interesting problem for developers of AI models. Likely it doesn’t impact software developers using those models, but it could affect you or your company if you develop software, even for internal use, that integrates AI functions.

Follow this scenario.

Some of either your own personal information or your company’s sensitive information winds up on the web. This is far from an impossible situation.

One or more AI LLMs find this data and hoover it up.

Now this data is available to people who query the LLM.

So, you write to the LLM company (say OpenAI or Perplexity) and say “in compliance with the state law of the state of XXXXX, I am formally requesting that you remove my personal data from your LLM”.

When the legal counsel of the LLM company receives your notice, after they get up from falling on the floor, they send you a letter saying “gee, this is hard. In fact, we really don’t know how to do this, so we are denying your request”.

Further, let’s assume that you live in one of the states that allow you to privately sue the LLM company, say California. So, you do.

Now the LLM company comes into court and repeats what they told you. The judge says “hmm, very interesting, but not my problem; the law doesn’t have an exception for what happens if you choose to develop software that you can’t control. I rule in favor of the plaintiff”.

While we have not seen since significant activity on this front in the United States, there has been actions on the part of regulators in multiple countries in Europe.

Companies that use internally developed LLMs for, say, marketing purposes, could wind up being liable if someone complains.

Companies like IBM are working on ways to get their models to UNLEARN specific facts.

In addition you might be able to give the AI models that you are using some guardrails to not use or spit out sensitive data. But it may be hard to figure out what that sensitive data may include.

Now would be a good time to start thinking about how you might deal with this. It is not time to panic. Yet.

A good place to start would be to understand where you are using AI, what data it is using and where that data came from and how it is being used.

We will keep watching this and let you know about developments.

Credit: Data Breach Today

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 CyberCecurity, All rights reserved. Privacy Policy