In addition to that, that data derived from the data you supply (i.e. a trained ML model on your preferences or face) aren't deleted even if they do permanently delete data you've posted.
Whoa, I hadn't considered this at all. This opens a huge can of worms.
How could this even be enforced? If something like the GDPR gave you the ability to request that your data be deleted, would that extend to learned data?
In my opinion, there's no way they could make FB delete that kind of data. How would you even know they had it? It's not like FB would throw out entire trained models or attempt to retrain with everyone else's data, that would never make economic sense.
Could someone with more knowledge of the current data protection laws comment about how|if this is addressed? To me it seems like companies could just process all your data into some derivative and then delete the original data to stay compliant.
I am not a lawyer, but I think that learned or aggregated data should be fine, however hashed identifiable data is not OK. Identifiable data includes IP addresses and mobile device ids.
How could this even be enforced? If something like the GDPR gave you the ability to request that your data be deleted, would that extend to learned data?
In my opinion, there's no way they could make FB delete that kind of data. How would you even know they had it? It's not like FB would throw out entire trained models or attempt to retrain with everyone else's data, that would never make economic sense.
Could someone with more knowledge of the current data protection laws comment about how|if this is addressed? To me it seems like companies could just process all your data into some derivative and then delete the original data to stay compliant.