This is Part 2 in an N-part series where I try to figure out if data subject rights (and other data protection obligations) are achievable with LLMs. In Part 2, I discuss the identification problem.
Hey, great read as always. Your 'needle' analogy makes total sense. Finding individual data in an LLM is like spotting a rare plant in a huge forest. Such a tough problem, Carey. Keep up the excelent work.
This is amazing work Carey! I didn’t realise how complicated locating the requisite personal data in a deletion request could be for LLMs (definitely does not look like something that is easily scalable so as to handle multiple requests). I thought the more difficult part would be the retraining/unlearning that comes after (or maybe that bit is even more tricky). Looking forward to your other posts on this issue.
Hey, great read as always. Your 'needle' analogy makes total sense. Finding individual data in an LLM is like spotting a rare plant in a huge forest. Such a tough problem, Carey. Keep up the excelent work.
This is amazing work Carey! I didn’t realise how complicated locating the requisite personal data in a deletion request could be for LLMs (definitely does not look like something that is easily scalable so as to handle multiple requests). I thought the more difficult part would be the retraining/unlearning that comes after (or maybe that bit is even more tricky). Looking forward to your other posts on this issue.