[impossiblefork]

>Here’s why this changes everything: most AI accountability frameworks assume a discrete, auditable dataset. EU’s GDPR gives you the right to erasure — the right to delete your data. But GDPR was written for databases. The Ontology is a graph. You can delete a node. You can’t easily delete the edges i.e, the inferred relationships between you and everything else the system has connected you to.

Edges are personal data according to GDPR so this is completely wrong. Almost all things to which the GDPR applies are edges.

'impossiblefork likes stories' is an edge.

Ontologies are also old. It's been a big research area since like the 90s.

[muskanshafat]

Fair correction - I should have been more precise.

The point I was reaching for is a practical enforcement one: verifying that edges have actually been deleted from an opaque, continuously updated knowledge graph has no standardized technical mechanism. Regulators have audit powers, but graph deletion verification i.e, confirming that relational inferences are gone, not just that a node was removed has no established standard. Controllers can assert compliance in ways that are genuinely difficult to challenge in practice.

[impossiblefork]

Ah, then I don't disagree.

[cyanydeez]

Facebook has shadow profiles and collects phone numvers feom these contacts.

You could certainly include phone numbers, residential addresses as edges that should be deleted for compliance.

[muskanshafat]

That is the easy case, right?

The Ontology problem is one layer harder. The edges I'm describing are inferred i.e, risk scores, behavioral patterns, connections between a person and a geography. There's no standardized form for them and no agreed technical definition of what deletion even means. That's where the enforcement gap is sharpest and what my intention is in writing that piece.

[impossiblefork]

Yes, but that is already legally required. If you aren't storing a name but storing a phone number, and somebody has asked you to delete his personal data, you have broken the law.

[cyanydeez]

I doubt they're legally required to delete your phone number from your friends phone scan, nor your friends pictures with your face.

That's the shadow..

[impossiblefork]

Your phone number is personal information, so they are. They aren't allowed to save your phone number from your friend's phone scan in the first place.

Doing that kind of thing is a serious crime. In Sweden it'd be something like "unapproved intelligence activity against a person" with a multi-year prison sentence, since you're gathering data about someone by deceptive means. We're thus not talking about GDPR any more, but about prison sentences for espionage-adjacent stuff.