AI and the Right to Be Forgotten: Can Machines Truly Delete Personal Data?

SHILPI MONDAL | DATE: APRIL 25,2025

In an era where artificial intelligence (AI) permeates every facet of our lives, the concept of the "Right to Be Forgotten" (RTBF) has gained significant traction. Enshrined in regulations like the General Data Protection Regulation (GDPR), RTBF empowers individuals to request the deletion of their personal data. However, as AI systems become more complex, enforcing this right presents unprecedented challenges.

The Intricacies of Data Erasure in AI Models

Traditional data storage systems allow for straightforward deletion of personal information. In contrast, AI models, especially large language models (LLMs), learn from vast datasets, embedding information within their parameters in a manner that's not easily disentangled. This diffusion of data makes pinpointing and removing specific personal information exceedingly difficult.

Moreover, retraining AI models to exclude certain data is not only resource-intensive but also time-consuming. Such processes may not align with the timely response mandated by data protection laws like the GDPR.

Emerging Solutions: Machine Unlearning

To address these challenges, researchers are exploring "machine unlearning" techniques. These methods aim to selectively remove the influence of specific data points from trained models without necessitating complete retraining. Approaches include:

Model-Agnostic Unlearning: Techniques like SISA (Sharded, Isolated, Sliced, and Aggregated) divide training data into segments, allowing for targeted removal.

Approximate Unlearning: Methods such as fine-tuning and influence unlearning adjust model parameters to diminish the impact of certain data, though they may not guarantee complete erasure.

While promising, these techniques are still in developmental stages and may not fully comply with stringent data protection requirements.

Implications for Cybersecurity and Data Protection Companies

The challenges of enforcing RTBF in AI models have significant ramifications for cybersecurity and data protection companies. As custodians of sensitive information, these entities must navigate the complexities of AI data management while ensuring compliance with evolving regulations.

Key considerations include:

Cybersecurity & Data Privacy: Implementing robust protocols to manage data within AI systems, ensuring that personal information can be identified and addressed upon request.

Cybersecurity Compliance Company: Staying abreast of legal requirements and integrating compliance measures into AI development and deployment processes.

Cyber Risk Management: Assessing and mitigating risks associated with data retention in AI models, including potential breaches and non-compliance penalties.

Cybersecurity Awareness Training for Employees: Educating staff on the nuances of data protection in AI contexts to foster a culture of compliance and vigilance.

The Role of Managed Service Providers (MSPs)

Managed Service Providers (MSPs) play a pivotal role in supporting small businesses through these challenges. By offering services such as:

Managed IT Solutions Near Me: Providing localized support to address specific data protection needs.

Cybersecurity Protection for Small Businesses: Tailoring security measures to safeguard against threats unique to smaller enterprises.

24-Hour IT Support: Ensuring continuous monitoring and rapid response to data-related incidents.

MSPs help businesses navigate the complexities of AI data management, ensuring that the RTBF is respected and enforced.

Conclusion

As AI continues to evolve, so too must our approaches to data protection. Enforcing the Right to Be Forgotten within AI-trained models is a multifaceted challenge, requiring collaboration between technologists, legal experts, and cybersecurity professionals. By investing in research, embracing innovative solutions, and fostering a culture of compliance, we can strive to uphold individuals' rights in the digital age.

Citations:

1. iitlabs_sb0f7p. (2024, November 18). The enigma of enforcing GDPR on LLMs • AI blog. https://www.iitlabs.us/the-enigma-of-enforcing-gdpr-on-llms-ai-blog/

2. The right to be forgotten — but can AI forget? | CSA. (2025, April 11). https://cloudsecurityalliance.org/blog/2025/04/11/the-right-to-be-forgotten-but-can-ai-forget#

3. How to make AI “Forget” all the private data it shouldn’t have. (2024, February 22). Harvard Business School. https://www.library.hbs.edu/working-knowledge/qa-seth-neel-on-machine-unlearning-and-the-right-to-be-forgotten

Image Citations:

1. How to make AI “Forget” all the private data it shouldn’t have. (2024, February 22). Harvard Business School. https://www.library.hbs.edu/working-knowledge/qa-seth-neel-on-machine-unlearning-and-the-right-to-be-forgotten

2. United States Artificial Intelligence Institute (USAII®). (n.d.). Machine Unlearning: the new wave of Artificial intelligence in 2024. https://www.usaii.org/ai-insights/machine-unlearning-the-new-wave-of-artificial-intelligence-in-2024.

3. (43) The role of AI in Data Privacy and Security in 2023 | LinkedIn. (2023, October 26). https://www.linkedin.com/pulse/role-ai-data-privacy-security-2023-dave-balroop-exite/

4. Technologysolutions. (2024, August 1). Tailoring IT Solutions: How MSPs serve different industries. Technology Solutions. https://www.technologysolutions.net/blog/tailoring-it-solutions-how-msps-serve-different-industries/