• Rikudou_Sage@lemmings.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    1 year ago

    Nope, they probably can’t. I don’t have any definitive answer, but I’d say yes, though our company doesn’t have any comments / private messages, so I kinda skipped those parts when we were implementing it.

    Edit: I recently was playing with embeddings and GPT to feed it some data and I tested it specifically on GDPR, so this is a response from GPT AI that has access to the GDPR document:

    Question: Using the right to be forgotten, do companies have to delete also my private messages and comments I made?

    Answer: Yes, under the right to erasure or ‘right to be forgotten’, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay. This includes any personal data you have made public, such as private messages and comments. The controller is obliged to erase this personal data and should also take reasonable steps to inform other controllers processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.