• Barbarian@sh.itjust.works
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    7 months ago

    Yup. As someone who’s worked a little bit on GDPR compliance, it’s not some magic wand you wave at your data. Any data they receive after the request is also not covered by that request. Also, only EU citizens and residents are legally entitled to make a request. A company may choose to comply with non-EU users, but that’s purely their choice.

    Comments that contain any info about where you live, your ethnicity, disabilities (cognitive or physical), gender, where you work, etc must be deleted as part of a forget request, so that might impact LLM training data.

    Personally identifying information can be somewhat of a grey area in some situations as well. If I were to say I’m from New York, that’d be personally identifying. If I were to say I’m a fan of a sports team in New York, that’s not (even if that implies my location). If I were to say I’m a fan of a New York sports team, my favourite pizza place is in New York, my favourite park is in New York, etc etc, that might arguably be identifying, even if each of the pieces by itself is not.

    EDIT: Oh, and I forgot one of the most important parts: it’s not like there are any spot checks or anything. You’d need someone to actually lodge a formal complaint, with some kind of evidence they haven’t done what they’re supposed to, and the procedures are different for every EU country. They are normally very involved and complex. Essentially, you’d need to lawyer up and care enough to slowly and painfully shove it through the legal system.