Cat on an EU ship holding an LLM with personal data

Written by Herman Groenbroek – 9 February 2026

Artificial Intelligence Data Privacy LLMs Laws & Regulations

How does the EU's "Right to be Forgotten" affect trained AI models?

The European Union is a global frontrunner when it comes to data privacy laws and regulations for its citizens. With the General Data Protection Regulation (GDPR), the EU gives citizens basic human rights for privacy such as the Right to be Informed (you can read how organisations collect and handle your personal data), Right of Access (you can request a copy of your data) and the Right to Erasure—perhaps better known as the Right to be Forgotten.

The latter is the most interesting one in my opinion. Oversimplifying: you should be able to ask an organisation that processes your information to delete this, and they must comply. Whether or not this will actually happen is a completely different story, and one that I'm still interested in is how various secret services handle this. But that's something we'll probably never know (we have our suspicions).

There is, however, another case where exercising this right is complicated, and it just so happens to coincide with my field of expertise.

Training AI models on (personal) data...

With the recent boom of AI in terms of enthusiasm and investments, nearly all companies have felt some degree of FOMO, trying to train their own AI models, sometimes before they even know what for. This development coincides almost perfectly after the Big Data boom of yesteryear—which is probably no coincidence. Companies have been gathering huge datasets often without a clear purpose (analogous to how we fill our pantries at home just in case), and they now realize there might be value in training Large Language Models (LLMs) and other more traditional AI models on it. AI can thus be seen as the first major project for the Big Datasets that organisations have gathered throughout the years.

Critically, however, I'd like to note that these datasets likely have incredible amounts of personal information. Think of the apps that follow your every step (Google Maps / Snapchat / Instagram), all of your thoughts written out (Twitter / ChatGPT), as well as your explicit and implicit interests (Instagram / TikTok). In case of the latter, they measure how long you look at a post, link this to the post's contents, and voilà: they know exactly what you like, sometimes before you even realize it yourself.

This should scare you.

That's why the European Union tries to limit the dangers of Big Tech companies and restore bits of your privacy online. However, as great as the "Right to be Forgotten" sounds, we can safely assume that Big Tech companies have trained various AI models on their data already, without you ever being able to know whether your data went into their training datasets. We know that humans make mistakes, and we know that the amounts of data that go into training LLMs (sometimes terabytes in plaintext size) are larger than humans can effectively filter manually in the first place. So it's safe to assume that at least some (and likely a lot) of personal data went into the training of, for instance, the Facebook (Meta) WhatsApp chatbot.

... makes the Right to be Forgotten practically impossible to exercise.

What do you think happens when you exercise your Right to be Forgotten? Facebook is supposed to delete all occurrences of your personal information from all of its datacentres. Let's assume for a second they do this thoroughly (I want to believe). The AI models they've trained have likely been trained on bits of your personal information, and will thus implicitly have a tiny representation of your personal data in the model's weights. Here's the kicker though:

You cannot simply erase the representation of someone from a model's weights.

This is surprisingly similar to how humans cannot simply forget about an ex, no matter how hard they try. It will always occupy some small portion of the brain.

In case you're wondering why your favourite model often answers wrongly when asked who you are: there's data on so many people, that you're actually quite insignificant to the model (sorry). It's trained for general knowledge (🫡), and the training does not specifically focus on improving recollection of personal details for obvious reasons. Imagine if it did...

Is there anything we can do?

"Untraining" an existing model on specific information is a hot research topic. There's been good progress, but similar to how imperfect AI models themselves are, removing a representation is also only somewhat possible. For instance, for various open-weight LLMs, people have created decensored variants by finding what activates the censoring (e.g. asking unethical questions), and decreasing the activation for those cases, while also making sure the model's general performance does not degrade by feeding it more proper training data. Ethically dubious, yet theoretically intriguing. So far though, the models have shown to degrade in performance at least a bit after this operation. It is not yet widely used in practice due to its theoretical nature.

The most pragmatic approach, if money weren't an issue, would be to erase all your personal information from the training data, then training a new model from scratch. Unfortunately, training a typical LLM can quickly cost millions of currency units and months of time. Doing this again and again for every EU citizen that wants to be Forgotten is clearly not an option. Unfortunately, money, as well as time, is an issue.

We can find a workable solution if we reconsider your ex. You can't forget them, but you can make sure to remove as much as possible that reminds you of them. In technical terms, this means finding what activates the model such that it outputs those personal details, and putting up safeguards to minimize this output. This could be the untraining of a model as described above, but it could also be achieved for instance with simple regular expressions that detect specific phrases found to only relate to your personal details, which can then be blocked. This does not remove the representation of you in the model's weights, but it does solve the problem of sharing your personal information to some extent. It's not the prettiest solution, but it could be somewhat automated, which I presume is also an important factor for Big Tech to even consider this as an option.

Whether this truly suffices for the GDPR is not for me to answer. I am not a lawyer. But I do consider this, in terms of technology, a decent middle ground. Only because legislation is already too late on the ship that could have set clear rules in place for training Large Language Models in the first place. The cat got out of the bag too quickly for politics to do something about it. So now we have to work this out retroactively.

If you have encountered solutions to "untrain" an AI model, please be sure to share it with the world. Sharing knowledge is a wonderful thing.