Honest question I have. I've worked in advertising and the laws around PII are interesting. In California there are the CCPA laws that require them to allow a form to submit and have my PII removed after 90? days.
What happens if these people train a model on a cali residents PII, having a request come in, 3 months later someone asks it about you and it spits out the PII that was "removed"? I'm assuming it's a matter of this going to court to be decided but I'd be curious if any californian legal nerds have some reasons why no one has started trying to target these things for settlements if nothing else?
I don’t know CCPA laws that well, but I do the EU ones. As it stands “the right to erasure / to be forgotten” is extremely vague on this, and there doesn’t seem to be a wide precedent. In general the law is applicable to raw data records and not to aggregate data/metrics, neither to models. However, models in this context refers to one particular ruling w.r.t. to insurance or credit scoring industry (don’t remember exactly which one).
I want to point out that the model doesn’t need to “spit out” removed data. It can be a classifier, or regression model, and not a generative model, and ideally, it would not be trained on your data.
Worth noting that from the technical standpoint, it’s difficult too. Say, a model costs X-large amount of dollars. Normally, I would retrain it e.g. every 6 months. But now I have erasure requests coming in on a regular basis —- retraining often to comply with those is too expensive. There’s a line of research on “machine unlearning” on how to do it efficiently but it’s quite underwhelming so far.
What happens if these people train a model on a cali residents PII, having a request come in, 3 months later someone asks it about you and it spits out the PII that was "removed"? I'm assuming it's a matter of this going to court to be decided but I'd be curious if any californian legal nerds have some reasons why no one has started trying to target these things for settlements if nothing else?