Murder or Brain Wash AIs so they forget your private data? Rather not.

The GDPR grants us the right to have our data deleted. How does that work with AI though?

The Legal Gray Zone

Brief outline of the legal situation: The GDPR guarantees the “right to be forgotten”. Anyone can demand that their personal data be deleted. However, the law and other similar laws assume a world where data lives in tables, documents, and databases. In the AI world, however, data exists as weights in neural networks—intertwined, distributed, and inseparably mixed. It’s like trying to remove a single drop of ink from the ocean.

The Brain Paradox

Imagine the following scenario: Your neighbor has printed a PDF with sensitive information about you lying on his desk. Well, you can legally force him to destroy it. But what if he has memorized the information? You can’t force someone to forget.

This simple truth reveals the fundamental problem. A person who carries information in their mind is legally untouchable. The information has become part of their consciousness. The only way to remove it would be to… well, not an option.

AI as a Brain

One might argue that this comparison is weak since no human is connected to billions of others like ChatGPT. And yeah, that’s true. But does the number of connections change the moral principles?

Imagine a hypothetical person who knows every other person in their city, or country, or world. And this person is regularly communicating with the countless of his “friends”. Can we now force this person to delete specific memories? Can we do that when a person just has enough connections? Of course not. The number of “friends” doesn’t change anything: You can’t force someone to forget.

The Impossible Options

Option 1: Digital Death

For humans, the only way to remove information from the brain would be to end their existence. The AI equivalent would be to delete the entire model. Billions of euros in development costs, years of training, knowledge about everything and everyone—gone, just because one person wants a particular private detail to be forgotten? That’s like burning down the Library of Alexandria to remove a single problematic sentence.

Option 2: Digital Brainwashing

Again unthinkable and morally reprehensible for humans: targeted brainwashing to erase specific memories. Well, with AI, this is actually attempted. Models are trained to avoid answering certain questions or to respond with “I don’t know”, for example to politically controversial topics.

But is the info really deleted? Is not still lingering around in the weights? The information is still there, just hidden. Often a good prompt engineer can work around the “brainwashing”. So is this really satisfying?

Further Philosophical Dilemmas

The Right to Error

Humans are allowed to make mistakes, misremember, or mix things up. If an AI “remembers” incorrect information about you, can it be forced to correct it? And if so, how? You can’t order a person to change their opinion about you. And this is indeed a big problem since a large amount of people trust LLMs.

Collective Memory

If millions of people know something about you, you have no right to erase it from their minds. But if an AI, trained on data from millions, “knows” that information - why should that be different?

The Paradox of Non-Existence

The GDPR gives you the right to have “never existed” digitally. But how can something that existed be undone? In the physical world, we accept that the past is unchangeable. Why do we expect the impossible in the digital world?

The Uncomfortable Truth

Perhaps we must accept that certain technologies are fundamentally incompatible with our data protection ideals. Just as we’’‘ve accepted that the internet has forever changed the concepts of “local” and “private”. The question isn’t how to make AI GDPR-compliant, but whether we’re ready to live in a world where digital forgetting is impossible.

Conclusion: The Impossibility of Digital Forgetting

We’ve written laws for a world where data is an object that can be touched, moved, and deleted. But that is not the case with AI. The conflict between GDPR and AI isn’t just a legal problem — it’s a philosophical one.