[polskibus]

I'm wondering if anyone thought about a GDPR extension that would include machine learning extension, ie. being forgotten meant "unlearning" to the model from my data (or relearning it on dataset from which my data was removed).

[hobofan]

I would consider that already covered under the GDPR. Most machine learning approaches today make little to no guarantees about differential privacy and allow for (partial) extraction of the training dataset, which would mean that the request for deletion was never fully fulfilled.

[polskibus]

So do you mean that GDPR allows for a request for removal from model or of there is an exemption from data mining results?

[hobofan]

I think that it allows for a request for removal from the model unless it can be proven that the PII cannot be retrieved from the model.

(This should not be considered legal advice by me.)

[lifeisstillgood]

if your PII has been incorporated into a model, let's say giving a likelihood to buy red cars based on 100 data points, then it's fairly safe to assume your PII is anonymised - i cannot imagine a way back from model that each input