Generative AI models, such as OpenAI’s GPT-3, rely on vast datasets—GPT-3 alone was trained on approximately 300 billion pieces of words from various web sources and uses 175 billion parameters. This large-scale data collection, often sourced without explicit consent, raises privacy concerns, with potential risks of revealing sensitive information like names, phone numbers, and addresses.

The "right to be forgotten" is a fundamental principle in data privacy that allows individuals to request the removal of their personal information from digital systems. This right poses significant challenges for companies using generative AI, particularly large language models (LLMs), which cannot selectively delete specific data points. For example, the European Union's General Data Protection Regulation (GDPR) grants individuals the right to access and erase their personal data, but compliance is complicated when that data is embedded in LLMs. This challenge was underscored when Meta was fined $1.3 billion for non-compliant data transfers to the U.S.