Each time this pops up, there is a rush of people saying to delete or edit your comments.
They have a database of your comments and all your edits. Its easy to see when you mass delete or edit them. Anything done past a certain point in time, especially all at once, is automatically reverted.
By deleting and editing, you are taking the data away from scrappers making the dataset they are selling actually unique and more valuable.
I mean that’s completely illegal at least in places like Germany where people have the right to be forgotten, but unfortunately you’re still right. They already commited the biggest heist in human history and got away with it. I guess NFT grifters only got punished because they dared to also steal from some rich people while Altman and his cronies are smart enough to only steal from the other 99.9%. When they have your data once, you can’t request it back anymore. Because the worst that can happen to them is a slap on the wrist and the cost of being in the fastest growing business of our times. In other words: World’s fucked and shit sucks.
I just did a bit of poking around on the subject of the “right to be forgotten” and it’s legally complex. Data without personally identifying information, and data that’s been anonymized through statistical analysis (which LLM training is a form of) aren’t covered.
Yup. As someone who’s worked a little bit on GDPR compliance, it’s not some magic wand you wave at your data. Any data they receive after the request is also not covered by that request. Also, only EU citizens and residents are legally entitled to make a request. A company may choose to comply with non-EU users, but that’s purely their choice.
Comments that contain any info about where you live, your ethnicity, disabilities (cognitive or physical), gender, where you work, etc must be deleted as part of a forget request, so that might impact LLM training data.
Personally identifying information can be somewhat of a grey area in some situations as well. If I were to say I’m from New York, that’d be personally identifying. If I were to say I’m a fan of a sports team in New York, that’s not (even if that implies my location). If I were to say I’m a fan of a New York sports team, my favourite pizza place is in New York, my favourite park is in New York, etc etc, that might arguably be identifying, even if each of the pieces by itself is not.
EDIT: Oh, and I forgot one of the most important parts: it’s not like there are any spot checks or anything. You’d need someone to actually lodge a formal complaint, with some kind of evidence they haven’t done what they’re supposed to, and the procedures are different for every EU country. They are normally very involved and complex. Essentially, you’d need to lawyer up and care enough to slowly and painfully shove it through the legal system.
Surely the use of user-deleted content as training data carries the same liabilities as reinstating it on the live site? I’ve checked my old content and it hasn’t been reinstated. I’d assume such a dataset would inherently contain personal data protected by the right to erasure under GDPR, otherwise they’d use it for both purposes. If that is correct, regardless of how they filtered it, the data would be risky to use.
Perhaps the cumulative action of disenfranchised users could serve toward the result of both the devaluation of a dataset based on a future checkpoint, or reduction in average post quality leading to decreased popularity over time (if we assume content that is user-deleted en masse was useful, which I think is fair).
I think you need to make a special request to get that level of deletion that comes with gdpr. I’m not certain, I just remember other users specifically talking about how you need to send them an email so they have to comply.
I also wouldn’t be surprised if their dataset is mostly stripped of user names to get around GDPR though I’m no expert.
All that to say I’d be very very surprised if they deleted comments in their dataset.
Very valid point of devaluating the user experience thought, especially when you take into account google searches. I’m sure they have already fallen off compared to a year ago where reddit would pop up half the time no matter what you searched.
Well, that’d be the mechanism of how GDPR protections are actioned, yes; but leaving themselves open to these ramifications broadly would be risky. I don’t think it’d satisfy ‘compliance’ to ignore GDPR except upon request. Perhaps the issues with it are even more significant when using it as training data, given they’re investing compute and potentially needing to re-train down the track.
Based on my understanding; de-identifying the dataset wouldn’t be sufficient to be in compliance. That’s actually how it worked prior to it for the most part, but I know companies largely ended up just re-identifying data by cross-referencing multiple de-identified datasets. That nullification forming part of the basis for GDPR protections being as comprehensive as they are.
There’d almost certainly be actors who previously deleted their content that later seek to verify whether it was later used to train any public AI.
Definitely fair to say I’m making some assumptions, but essentially I think at a certain point trying to use user-deleted content as a value add just becomes riskier than it’s worth for a public company
Each time this pops up, there is a rush of people saying to delete or edit your comments.
They have a database of your comments and all your edits. Its easy to see when you mass delete or edit them. Anything done past a certain point in time, especially all at once, is automatically reverted.
By deleting and editing, you are taking the data away from scrappers making the dataset they are selling actually unique and more valuable.
I mean that’s completely illegal at least in places like Germany where people have the right to be forgotten, but unfortunately you’re still right. They already commited the biggest heist in human history and got away with it. I guess NFT grifters only got punished because they dared to also steal from some rich people while Altman and his cronies are smart enough to only steal from the other 99.9%. When they have your data once, you can’t request it back anymore. Because the worst that can happen to them is a slap on the wrist and the cost of being in the fastest growing business of our times. In other words: World’s fucked and shit sucks.
I just did a bit of poking around on the subject of the “right to be forgotten” and it’s legally complex. Data without personally identifying information, and data that’s been anonymized through statistical analysis (which LLM training is a form of) aren’t covered.
Yup. As someone who’s worked a little bit on GDPR compliance, it’s not some magic wand you wave at your data. Any data they receive after the request is also not covered by that request. Also, only EU citizens and residents are legally entitled to make a request. A company may choose to comply with non-EU users, but that’s purely their choice.
Comments that contain any info about where you live, your ethnicity, disabilities (cognitive or physical), gender, where you work, etc must be deleted as part of a forget request, so that might impact LLM training data.
Personally identifying information can be somewhat of a grey area in some situations as well. If I were to say I’m from New York, that’d be personally identifying. If I were to say I’m a fan of a sports team in New York, that’s not (even if that implies my location). If I were to say I’m a fan of a New York sports team, my favourite pizza place is in New York, my favourite park is in New York, etc etc, that might arguably be identifying, even if each of the pieces by itself is not.
EDIT: Oh, and I forgot one of the most important parts: it’s not like there are any spot checks or anything. You’d need someone to actually lodge a formal complaint, with some kind of evidence they haven’t done what they’re supposed to, and the procedures are different for every EU country. They are normally very involved and complex. Essentially, you’d need to lawyer up and care enough to slowly and painfully shove it through the legal system.
Surely the use of user-deleted content as training data carries the same liabilities as reinstating it on the live site? I’ve checked my old content and it hasn’t been reinstated. I’d assume such a dataset would inherently contain personal data protected by the right to erasure under GDPR, otherwise they’d use it for both purposes. If that is correct, regardless of how they filtered it, the data would be risky to use.
Perhaps the cumulative action of disenfranchised users could serve toward the result of both the devaluation of a dataset based on a future checkpoint, or reduction in average post quality leading to decreased popularity over time (if we assume content that is user-deleted en masse was useful, which I think is fair).
I think you need to make a special request to get that level of deletion that comes with gdpr. I’m not certain, I just remember other users specifically talking about how you need to send them an email so they have to comply.
I also wouldn’t be surprised if their dataset is mostly stripped of user names to get around GDPR though I’m no expert.
All that to say I’d be very very surprised if they deleted comments in their dataset.
Very valid point of devaluating the user experience thought, especially when you take into account google searches. I’m sure they have already fallen off compared to a year ago where reddit would pop up half the time no matter what you searched.
Well, that’d be the mechanism of how GDPR protections are actioned, yes; but leaving themselves open to these ramifications broadly would be risky. I don’t think it’d satisfy ‘compliance’ to ignore GDPR except upon request. Perhaps the issues with it are even more significant when using it as training data, given they’re investing compute and potentially needing to re-train down the track.
Based on my understanding; de-identifying the dataset wouldn’t be sufficient to be in compliance. That’s actually how it worked prior to it for the most part, but I know companies largely ended up just re-identifying data by cross-referencing multiple de-identified datasets. That nullification forming part of the basis for GDPR protections being as comprehensive as they are.
There’d almost certainly be actors who previously deleted their content that later seek to verify whether it was later used to train any public AI.
Definitely fair to say I’m making some assumptions, but essentially I think at a certain point trying to use user-deleted content as a value add just becomes riskier than it’s worth for a public company
Why would that be? It’s not the same.
And what liabilities would there be for reinstating it on the live site, for that matter? Have there been any lawsuits?