Are you aware of any innovative approaches to enabling data subject rights requests over training and fine-tuning data?

Companies like OpenAI have online portals where an individual can send privacy requests to exercise their rights including downloading their data, asking OpenAI to stop training on their content, delete their personal data and remove their personal data from the outputs of the model. This appears to be a user-friendly interface on OpenAI’s website. This approach could be applied to allow individuals to exercise their rights for GenAI models. However, the actual data which is made available via the OpenAI portal is very limited and does not fully comply with GDPR requirements. We think that PETs are a very important development and something which should be a requirement for most GenAI developers.

PETs play a crucial role in protecting individual rights while enabling data processing. Some relevant approaches include:

• Differential privacy: Adding noise to data to protect individual privacy while maintaining statistical accuracy.
• Multiparty computation: Collaborative computation without revealing raw data.
• Synthetic data: Generating artificial data that preserves statistical properties of the original data.
• Data trusts: Establishing trusted entities to manage and govern data on behalf of data subjects. Privacy Enhancing Technologies: Categories, Use Cases, and Considerations (frbsf.org)

User-centric interfaces are also very important:

• Design user-friendly interfaces that allow data subjects to easily exercise their rights. Provide clear options for accessing, rectifying, or deleting their personal data.
• Consider natural language interfaces that allow users to interact with the GenAI model directly when making rights requests.