Next Article in Journal
Practical Comparison Between the CI/CD Platforms Azure DevOps and GitHub
Next Article in Special Issue
Generative AI-Enhanced Intelligent Tutoring System for Graduate Cybersecurity Programs
Previous Article in Journal
GraphDBSCAN: Optimized DBSCAN for Noise-Resistant Community Detection in Graph Clustering
Previous Article in Special Issue
A CIA Triad-Based Taxonomy of Prompt Attacks on Large Language Models
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

GDPR and Large Language Models: Technical and Legal Obstacles

by
Georgios Feretzakis
1,*,
Evangelia Vagena
2,
Konstantinos Kalodanis
3,
Paraskevi Peristera
4,
Dimitris Kalles
1 and
Athanasios Anastasiou
5
1
School of Science and Technology, Hellenic Open University, 26335 Patras, Greece
2
Athens University of Economics and Business, 10434 Athens, Greece
3
Department of Informatics and Telematics, Harokopio University of Athens, 17676 Kallithea, Greece
4
Division of Psychobiology and Epidemiology, Department of Psychology, Stockholm University, 10691 Stockholm, Sweden
5
Biomedical Engineering Laboratory, National Technical University of Athens, 15780 Athens, Greece
*
Author to whom correspondence should be addressed.
Future Internet 2025, 17(4), 151; https://doi.org/10.3390/fi17040151
Submission received: 24 February 2025 / Revised: 9 March 2025 / Accepted: 26 March 2025 / Published: 28 March 2025
(This article belongs to the Special Issue Generative Artificial Intelligence (AI) for Cybersecurity)

Abstract

:
Large Language Models (LLMs) have revolutionized natural language processing but present significant technical and legal challenges when confronted with the General Data Protection Regulation (GDPR). This paper examines the complexities involved in reconciling the design and operation of LLMs with GDPR requirements. In particular, we analyze how key GDPR provisions—including the Right to Erasure, Right of Access, Right to Rectification, and restrictions on Automated Decision-Making—are challenged by the opaque and distributed nature of LLMs. We discuss issues such as the transformation of personal data into non-interpretable model parameters, difficulties in ensuring transparency and accountability, and the risks of bias and data over-collection. Moreover, the paper explores potential technical solutions such as machine unlearning, explainable AI (XAI), differential privacy, and federated learning, alongside strategies for embedding privacy-by-design principles and automated compliance tools into LLM development. The analysis is further enriched by considering the implications of emerging regulations like the EU’s Artificial Intelligence Act. In addition, we propose a four-layer governance framework that addresses data governance, technical privacy enhancements, continuous compliance monitoring, and explainability and oversight, thereby offering a practical roadmap for GDPR alignment in LLM systems. Through this comprehensive examination, we aim to bridge the gap between the technical capabilities of LLMs and the stringent data protection standards mandated by GDPR, ultimately contributing to more responsible and ethical AI practices.

1. Introduction

1.1. Background on GDPR

The General Data Protection Regulation (GDPR), officially Regulation (EU) 2016/679, is a comprehensive data protection law that came into effect on 25 May 2018. It was established by the European Union (EU) to strengthen and unify data protection for all individuals within the EU and the European Economic Area (EEA) [1]. Moreover, the GDPR addresses the export of personal data outside the EU and EEA regions, thereby extending its reach globally due to its extraterritorial applicability [2]. More specifically, Article 3 [3] of the GDPR defines its territorial scope, significantly extending the reach of EU data protection law beyond its borders. This has critical implications for the global development and deployment of large language models (LLMs), which often process vast amounts of personal data across jurisdictions. The Regulation applies under the “establishment” criterion when a data controller or processor operates within the EU and under the “targeting” criterion when non-EU organizations offer goods or services to individuals in the EU or monitor their behavior. Even companies with no physical presence in the EU may still fall within the GDPR’s scope if their activities involve EU individuals, and the Regulation further applies where Member State law is relevant under public international law. Given the cross-border nature of AI and LLMs, the GDPR is a crucial regulatory framework in shaping global AI governance.
The primary objectives of the GDPR are to give individuals control over their personal data, simplify the regulatory environment for international business by unifying data protection within the EU, and enhance organizational accountability for data protection [4]. Its key principles require that personal data is processed lawfully, fairly, and transparently; that data is collected for specified, explicit, and legitimate purposes; that only the data necessary for those purposes is processed (data minimization); that personal data is accurate and kept up to date; that data is stored only as long as necessary; and that all processing is carried out securely, with the data controller being accountable for ensuring compliance [5].
In addition, the GDPR grants several rights to individuals (data subjects). These rights include the Right of Access (Article 15) [6], which allows individuals to obtain confirmation of whether their personal data is being processed and to access that data along with information about its processing; the Right to Rectification (Article 16) [7], which enables individuals to correct inaccurate personal data; the Right to Erasure, or “Right to be Forgotten” (Article 17) [8], which permits individuals to request the deletion of their personal data under certain conditions; the Right to Restrict Processing (Article 18) [9], which allows individuals to request limitations on how their data is processed; the Right to Data Portability (Article 20) [10], which gives individuals the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller; the Right to Object (Article 21) [11], which enables individuals to object to the processing of their personal data for certain purposes such as direct marketing; and the Rights Related to Automated Decision-Making (Article 22) [12], which protect individuals from decisions based solely on automated processing, including profiling, that have legal or similarly significant effects.
Organizations (both data controllers and processors) are obligated to implement appropriate technical and organizational measures to ensure and demonstrate compliance with the GDPR. This includes, among other measures, conducting Data Protection Impact Assessments (DPIAs) for high-risk processing activities (Article 35) [13], appointing Data Protection Officers (DPOs) in certain cases (Articles 37–39) [14,15,16], and adhering to the principles of data protection by design and by default (Article 25) [17]. Non-compliance with the GDPR can result in significant penalties, with fines reaching up to 4% of a company’s annual global turnover or €20 million, whichever is higher [18]. Since its enforcement, numerous high-profile cases have underscored the regulation’s stringent enforcement. Moreover, the GDPR has influenced data protection laws worldwide and serves as a benchmark for countries updating their privacy regulations, as seen with the California Consumer Privacy Act (CCPA) in the United States, Brazil’s General Data Protection Law (LGPD), and Japan’s Act on the Protection of Personal Information (APPI).

1.2. Overview of Large Language Models (LLMs)

Large Language Models (LLMs) are advanced artificial intelligence models designed to understand, generate, and manipulate human language in a way that closely mimics human communication [19]. They leverage deep learning techniques—particularly neural networks with transformer architectures—to process and generate text [20]. The introduction of the Transformer model by Vaswani et al. in 2017 revolutionized natural language processing (NLP) by enabling models to capture long-range dependencies in text more effectively than recurrent neural networks (RNNs) [20]. Building on this foundation, models such as BERT (Bidirectional Encoder Representations from Transformers) [21], GPT-2 [22], GPT-3 [23], and the more recent GPT-4 [24] have significantly advanced AI capabilities in language understanding and generation.
LLMs are pre-trained on massive datasets that include a wide array of internet text, books, articles, and other publicly available content [25]. This extensive pre-training allows them to learn complex linguistic patterns, semantics, and world knowledge. As a result, LLMs can perform a variety of tasks, such as producing coherent and contextually relevant text, translating text between languages, responding to queries based on provided context, condensing long documents into concise summaries, and determining the sentiment expressed in text [23,26,27,28,29].

1.3. Real-World Implementation Examples

Although fully documented GDPR compliance cases for LLMs remain relatively scarce, a few noteworthy examples indicate industry movement toward addressing the Right to Erasure in practice. OpenAI, for instance, has introduced user controls allowing individuals to request deletion of conversation logs, which are then excluded from subsequent training updates [30]. Nonetheless, it remains unclear how effectively these logs can be “unlearned” from the core model parameters, as current unlearning methods often require resource-intensive retraining [31]. Similarly, Google has responded to EU regulatory pressures by refining its data usage policies and quarantining user data when erasure requests are granted [32].
Preliminary evidence suggests that while user-facing deletion controls and opt-outs reduce the volume of retained data, selectively removing or editing data that has already shaped an LLM’s internal parameters poses significant technical hurdles. Indeed, many solutions focus on filtering model outputs rather than permanently eliminating learned representations [30,31]. Until more robust machine unlearning techniques achieve scalability and third-party validation, practical implementations of the Right to Erasure in large-scale LLMs will likely remain partial, relying on procedural measures (e.g., privacy policies, segmentation of training data, and post-deployment filtering) rather than guaranteed removal of all personal information from model weights.
Moreover, LLMs are increasingly integrated into applications across various domains. In healthcare, they assist in diagnostics, facilitate patient communication, and summarize medical records [33]. In finance, they analyze market sentiment, automate customer service, and aid in fraud detection [34]. In the education sector, LLMs provide personalized tutoring and language learning support [35], while in customer service they power chatbots and virtual assistants to efficiently handle inquiries [36].
Despite their impressive capabilities, LLMs raise several concerns related to data privacy, security, and ethical considerations. For instance, these models may inadvertently memorize and reproduce personal or sensitive information present in their training data, potentially leading to privacy breaches [37]. Recent work on securing sensitive data in LLMs has proposed comprehensive trust frameworks that incorporate adaptive output control and user trust profiling to dynamically manage the disclosure of sensitive information [38]. Such approaches emphasize the necessity of embedding trust mechanisms into LLMs, especially in domains where data sensitivity is paramount. They can also inherit and amplify biases found in the training data, resulting in discriminatory or offensive outputs [39]. Furthermore, the black-box nature of LLMs makes it challenging to interpret their decision-making processes, complicating accountability and trust [40]. Finally, the methods used to collect and process data for training LLMs may conflict with legal requirements regarding consent and data minimization, posing further challenges to legal compliance [41,42].

1.4. Feasibility and Scalability of Privacy-Preserving Techniques

Implementing privacy safeguards for LLMs exceeding 100 billion parameters poses daunting computational hurdles. Differential privacy (DP) methods, such as DP-SGD, require computing and clipping per-sample gradients, which becomes prohibitively expensive at scale [43,44]. Even when feasible, DP often incurs notable utility losses, with some large-model experiments showing a 10–20% accuracy gap versus non-private baselines [44]. Machine unlearning faces similar challenges: fully retraining a gigantic model to “forget” a single dataset is prohibitively time-consuming, and approximate fine-tuning approaches risk degrading unrelated functionality [45]. Many real-world deployments thus rely on partial solutions, like filtering user-specific outputs rather than fully erasing internal representations [46].
Recent work suggests potential mitigations. For instance, a Mixture-of-Experts approach allows selectively “removing” or retraining only an expert sub-module, decreasing the scope of full-model updates [47]. Likewise, selective DP applies noise only to truly sensitive training steps, reducing overhead and preserving more utility [48]. While these techniques show promise on smaller to medium-scale benchmarks, the path to seamless, large-scale unlearning and high-utility differential privacy remains an open research area. Efforts continue to balance stringent privacy requirements with practical computational costs and minimal accuracy loss.
Practical Examples of Machine Unlearning and Bias Mitigation. Recent studies have investigated techniques for selectively removing or “unlearning” personal data from trained machine learning models to comply with regulations such as the GDPR’s Right to Erasure. Golatkar et al. (2020) presented methods for selective forgetting in deep neural networks, demonstrating effective data removal with minimal degradation in model performance on image classification tasks [49]. Bourtoule et al. (2021) proposed a systematic approach for machine unlearning, employing modular architectures to efficiently delete specific training instances without significant retraining overhead [31]. In terms of bias mitigation, empirical analyses have highlighted effective techniques for debiasing large pretrained language models. For example, Bartl et al. (2020) provided evidence that targeted fine-tuning significantly reduces gender-based stereotypes in language models like BERT [50]. Additionally, Kaneko and Bollegala (2021) introduced efficient debiasing methods for contextualized embeddings, achieving measurable decreases in biases while preserving the overall effectiveness of the embeddings [51]. These studies collectively underscore the potential and current challenges in developing practical technical solutions to enhance privacy and fairness in machine learning applications.
These concerns necessitate a careful examination of the intersection between LLMs and data protection laws to ensure that the deployment of such technologies aligns with legal and ethical standards.

1.5. Thesis Statement

This paper examines the challenges in complying with GDPR articles like deletion (Article 17) [8], access (Article 15) [6], and decision-making (Article 22) [12] with LLMs.
The diagram above (Figure 1) contrasts key GDPR principles such as transparency and accountability, alongside core LLM features, demonstrating significant compliance tensions between technical and legal paradigms.

1.6. Distinction Between Personal and Non-Personal Data

One of the critical challenges in developing and deploying Large Language Models (LLMs) under GDPR is the ability to clearly distinguish between personal and non-personal data. LLMs are typically trained on massive, heterogeneous datasets drawn from a variety of sources—such as websites, social media, and digital archives—that often contain a mix of both types of information. This data aggregation makes it challenging to identify and segregate personal data, especially when much of the input is unstructured and context-dependent.
For example, personal identifiers may not be explicitly present; rather, they can appear as quasi-identifiers (such as postal codes, birthdates, or behavioral patterns) that, when combined with other data, reveal an individual’s identity. Furthermore, the unstructured nature of much of the training data means that sophisticated natural language processing (NLP) tools are required to detect personal information hidden in nuanced contexts. The context in which data appears is also important; a common name like “John” might not be considered personal in isolation but could become personally identifiable when paired with other details such as a location or occupation.
Additionally, once personal data is ingested into an LLM during training, it is transformed into abstract, high-dimensional representations stored in the model’s parameters. While these representations are not readily interpretable, evidence suggests that LLMs can sometimes memorize specific details, raising concerns that personal data may be inadvertently reproduced in outputs. Organizations are exploring several techniques to manage these challenges. Data anonymization methods—such as k-anonymity [52], l-diversity, or t-closeness—can help reduce the risk of re-identification, although achieving true anonymization in large, complex datasets remains difficult. Advances in automated data classification using machine learning and NLP have also shown promise in detecting and flagging personal information, even though such systems are not infallible and may yield both false positives and negatives.
Other strategies include data minimization practices, which involve limiting the collection and processing of personal data to what is strictly necessary, as well as employing human oversight to review flagged data that automated tools may miss. In addition, privacy-preserving techniques like federated learning can help keep personal data localized and separate from the centralized datasets used to train models, while differential privacy can be applied to introduce statistical noise that protects individual data points without significantly affecting model performance.
The implications of these challenges are significant. Failure to properly distinguish and handle personal data can lead to serious GDPR violations, with risks including unlawful processing, data breaches, and substantial fines. Moreover, strict privacy-preserving measures may sometimes degrade model performance by reducing the diversity or representativeness of training data. Therefore, robust data governance and accountability frameworks are essential. Organizations must not only track and manage the data used in LLM training but also ensure that they are in full compliance with data protection regulations. Ultimately, a clear understanding of what constitutes personal data—and the application of advanced techniques to minimize associated privacy risks—is key to balancing compliance with the need to maintain the utility of LLMs.

1.7. Data Protection

GDPR emphasizes data protection through principles such as data minimization, purpose limitation, and ensuring data integrity and confidentiality [5]. These principles require that personal data is processed only for legitimate purposes, kept accurate and up-to-date, and protected against unauthorized access and breaches [1].
LLMs are typically trained on extensive datasets that often include personal data scraped from diverse sources such as the internet, books, and articles [22,37]. During training, these models ingest and transform vast amounts of data, which may inadvertently include sensitive information. Moreover, the ability of LLMs to generate text based on learned patterns can lead to the unintentional disclosure of personal information [37].
Ensuring data protection in LLMs is challenging for several reasons. First, the requirement for large datasets to achieve high performance may conflict with the GDPR principle of processing only the necessary data. Second, the diverse applications of LLMs make it difficult to restrict data usage to specific, predefined purposes. To mitigate these risks, various privacy-preserving techniques have been developed. A recent narrative review provides a comprehensive overview of methods such as differential privacy, federated learning, homomorphic encryption, and secure multi-party computation, specifically in the context of generative AI and LLMs [53]. These techniques not only mitigate risks like model inversion and membership inference attacks but also align technical safeguards with evolving legal requirements. Finally, protecting the integrity and confidentiality of data within the high-dimensional parameter spaces of LLMs is technically complex [39,54].
To mitigate these risks, organizations can anonymize training data to prevent the identification of individuals, incorporate differential privacy techniques during training to limit the influence of any single data point, and employ federated learning to train models without centralizing personal data [54,55].

1.8. Right to Erasure and LLMs

Article 17 [8] of the GDPR, known as the “Right to Erasure” or “Right to be Forgotten”, allows individuals to request the deletion of their personal data under specific conditions [8]. This right is intended to give individuals control over their personal information and to ensure that outdated or irrelevant data is removed from processing systems [4].
Implementing the Right to Erasure in the context of LLMs is particularly challenging. Once trained, the model parameters encapsulate the information learned during training, making it difficult to remove specific data points without retraining the entire model. In addition, the aggregation of data across numerous sources complicates the identification and extraction of individual data points [31,37]. Potential solutions include developing machine unlearning techniques that enable models to “forget” specific data without complete retraining, retraining the model from scratch while excluding the data subject’s information, or designing modular model architectures where specific data segments can be isolated and removed [31,56]. However, these approaches remain in early stages and require further research to be practical for large-scale LLMs [41,42].

1.9. Right of Access and LLMs

Article 15 [6] of the GDPR grants individuals the right to obtain confirmation about whether their personal data is being processed, to access that data, and to receive additional information about the processing activities [6]. This right is crucial for transparency and for empowering individuals to understand how their data is used.
For LLMs, the Right of Access poses significant challenges. Personal data used in training is embedded within the model’s parameters in a non-transparent manner, which makes direct access difficult. Moreover, retrieving specific data points from models trained on vast datasets is not straightforward [31,37]. Potential solutions include developing model auditing tools to detect personal data within the models, providing query-based access to allow individuals to receive outputs related to their data, or publishing transparency reports that detail data sources and processing activities without revealing individual data points [40,41,42].

1.10. Right to Rectification and LLMs

Article 16 [7] of the GDPR provides individuals with the right to have inaccurate personal data corrected or completed. This ensures that data controllers maintain accurate and up-to-date information about data subjects.
Rectification in LLMs is challenging because, once trained, the models lack mechanisms to update or correct specific data points without comprehensive retraining easily. Personal data within these models is often intertwined with other information, making isolated corrections difficult. While methods such as fine-tuning with corrected data, continuous learning frameworks, or modular updates have been proposed, each approach has its limitations. Fine-tuning may not fully eliminate residual inaccuracies if the model retains influences from the original data, and retraining large-scale models is resource-intensive. Consequently, significant advancements in model architecture and training methodologies are needed to effectively implement the Right to Rectification in LLMs [23,37,39,41,42,55,56].

1.11. Automated Decision-Making and Profiling

Article 22 [12] of the GDPR restricts decisions based solely on automated processing, including profiling, thereby ensuring that affected individuals have the right to human intervention, the opportunity to express their views, and the possibility to contest such decisions. LLMs are increasingly employed in automated decision-making across sectors such as finance, healthcare, and human resources due to their capability to process and generate human-like text, making them suitable for tasks like credit scoring, medical diagnostics, and employee evaluations [19].
However, several challenges complicate GDPR compliance in this area. First, the inherent opacity of LLMs makes it difficult to explain how specific inputs lead to particular decisions [40]. In addition, these models can inherit and even amplify biases from their training data, potentially leading to unfair or discriminatory outcomes [39]. Finally, the complexity of determining responsibility for decisions made by autonomous models further compounds the accountability issues [1].
To address these challenges, organizations are exploring multiple strategies. The implementation of explainable AI (XAI) techniques can help provide understandable explanations for decisions made by LLMs. At the same time, bias mitigation methods are being employed to detect and reduce biases in both training data and model outputs. Additionally, incorporating human oversight into critical decision-making processes is essential to ensure compliance with GDPR’s requirement for human intervention. Finally, establishing robust consent frameworks that clearly inform individuals about automated decision-making processes can further enhance transparency and accountability [1,19,39,40].

1.12. Data Minimization and Purpose Limitation

GDPR mandates that personal data collected must be adequate, relevant, and limited to what is strictly necessary for the intended purposes [5]. Moreover, data should be collected for specified, explicit, and legitimate purposes, and should not be further processed in a manner incompatible with those purposes [1].
LLMs, however, require vast amounts of data covering a wide array of topics and sources to achieve high performance [22,25]. This broad data collection can conflict with the principles of data minimization and purpose limitation, as the data used for training may extend far beyond what is strictly necessary for a specific application [39]. In practice, the challenge lies in balancing the need for large, diverse datasets against the GDPR’s requirements. Organizations are addressing this by curating training data selectively, developing models tailored for specific purposes, and implementing robust data governance frameworks that closely monitor data collection, usage, and retention [1,19,39].

1.13. Data Protection by Design and by Default

Article 25 of the GDPR requires that data controllers implement data protection measures from the very beginning of designing data processing systems, ensuring that by default only the personal data necessary for each specific purpose is processed [17]. This principle calls for the proactive integration of privacy measures throughout the development lifecycle.
In the case of LLMs, integrating data protection by design poses significant challenges. The intricate and complex architectures of these models make it difficult to seamlessly embed data protection measures. Moreover, LLMs often require continuous updates with new data, complicating the consistent maintenance of data protection standards. There is also a delicate balance between enhancing data protection and maintaining model performance, as robust privacy measures may sometimes adversely impact functionality [22,39,54].
To mitigate these issues, organizations are adopting a range of strategies. Techniques such as differential privacy, federated learning, and homomorphic encryption are being utilized to safeguard personal data during both training and inference phases. Additionally, designing models with modular components that can incorporate privacy measures independently, and integrating automated compliance tools into the development lifecycle, are promising approaches to ensure that data protection is woven into the fabric of the model from the outset.

Potential Solutions

To effectively implement data protection by design in LLMs, organizations can adopt the following approaches:
  • Privacy-Preserving Techniques: Utilizing methods such as differential privacy, federated learning, and homomorphic encryption to protect personal data during training and inference [54,55].
  • Modular Design: Designing models with modular components that can incorporate data protection measures independently [56].
  • Automated Compliance Tools: Integrating tools that automatically enforce data protection policies throughout the model development and deployment lifecycle [41,42].
These measures facilitate the integration of data protection principles into the core design of LLMs, ensuring compliance with GDPR from the ground up [17].
Figure 2 illustrates a comprehensive Privacy-Preserving LLM Development Pipeline with integrated GDPR compliance measures. The diagram visually maps out the end-to-end process—from data collection and privacy assessment to data processing, model training, evaluation, compliance documentation, deployment, and continuous monitoring. By embedding privacy-preserving techniques and automated compliance checks at each stage, the figure reinforces the modular design and integrated approach needed to meet GDPR requirements in LLM development.

1.14. Records of Processing Activities

1.14.1. GDPR’s Requirement for Records of Processing Activities

Article 30 of the GDPR mandates that data controllers and processors maintain detailed records of all personal data processing activities [57]. These records should include information about the data categories, processing purposes, data recipients, and data retention periods [1].

1.14.2. Challenges with LLMs

Maintaining comprehensive records of processing activities for LLMs is challenging due to:
  • Scale and Complexity: The vast scale and complexity of data processing in LLMs make it difficult to document all activities accurately [25].
  • Dynamic Data Sources: LLMs often integrate data from numerous, dynamic sources, complicating the tracking of data provenance and processing steps [22].
  • Model Updates: Frequent model updates and retraining cycles necessitate continuous record-keeping, which can be resource-intensive [55].

1.14.3. Potential Solutions

To effectively manage records of processing activities in LLMs, organizations can implement:
  • Automated Documentation Tools: Leveraging tools that automatically generate and update processing records based on data ingestion and model training activities [41,42].
  • Comprehensive Data Logging: Establishing robust data logging mechanisms that capture detailed information about data sources, processing purposes, and data transformations [25].
  • Regular Audits: Conducting periodic audits to ensure that records of processing activities are accurate, up-to-date, and compliant with GDPR requirements [1].
These strategies enhance the ability to maintain accurate and comprehensive records, thereby facilitating GDPR compliance [57].

1.15. The European Union’s Artificial Intelligence Act (AI Act)

The EU’s Artificial Intelligence Act (AI Act), officially adopted on 13 June 2024, introduces a harmonized regulatory framework for AI systems across the European Union [58]. In addition to the current regulation, earlier studies have provided an AI security perspective on the proposed requirements. For instance, Kalodanis et al. have examined the applicability of the AI Act’s technical requirements to high-risk systems, highlighting the gap between the regulatory mandates and available AI security countermeasures [59]. Their work reinforces the need for an integrated framework to evaluate AI system security within the context of the new regulatory landscape.
Key provisions relevant to Large Language Models (LLMs) include several requirements. First, AI systems operating in high-risk areas must meet stringent data quality standards, ensuring that training datasets are accurate, representative, and free of bias. This aligns closely with GDPR principles by ensuring data used by AI systems is both relevant and fair. In addition, transparency obligations require that AI systems interacting with users disclose their AI nature, making it clear when individuals are engaging with an automated system. Organizations must document and share detailed information about the functioning of their AI systems, thus enhancing traceability and explainability. Furthermore, the Act mandates the establishment of compliance frameworks: providers must maintain detailed technical documentation, register high-risk AI systems in an EU database, and conduct ongoing monitoring and reporting to mitigate risks related to data accuracy, bias, and safety.
For LLMs, these provisions have significant implications. Providers must clearly disclose when users are interacting with an AI system and ensure that risk management practices, including comprehensive risk assessments, are in place. Data governance is also critical: training data must meet high standards of quality and fairness to avoid perpetuating biases, and human oversight is required especially in critical decision-making contexts such as recruitment or credit assessments. Organizations need to navigate the overlaps between the AI Act and GDPR, ensuring compliance with both sets of regulations. This involves maintaining detailed technical documentation for each AI system and implementing robust risk management and human oversight measures to ensure that AI systems are deployed in a safe, transparent, and ethically sound manner.
In summary, the AI Act represents a significant step toward making AI systems, including LLMs, safer and more transparent by mandating robust risk management, human oversight, and detailed documentation. Organizations must proactively align their AI development and deployment practices with these new regulations to ensure full compliance and to foster ethical and fair AI practices within the EU [58].

1.16. Comparative Analysis: GDPR vs. AI Act Interactions

The European Union’s General Data Protection Regulation (GDPR) and the forthcoming Artificial Intelligence Act (AI Act) are complementary yet distinct frameworks. While the GDPR establishes technology-neutral, principles-based rules to protect personal data, the AI Act adopts a risk-tiered, system-focused approach to ensure AI systems are safe and ethical by design. Importantly, the AI Act is implemented “without prejudice” to the GDPR, meaning that organizations must comply with both regimes when processing personal data with AI. The AI Act classifies AI systems based on risk—from banned applications (unacceptable risk) to high-risk systems (e.g., those used in employment, healthcare, or law enforcement) that must meet strict requirements for risk management, transparency, and oversight [58]. In contrast, the GDPR governs all personal data processing based on principles such as lawfulness, fairness, transparency, and data minimization, ensuring robust data subject rights [60]. Together, these regulations aim to safeguard both technological integrity and individual privacy. Sectors such as healthcare and recruitment face dual compliance challenges. Healthcare AI systems must satisfy the AI Act’s requirements for risk management and technical documentation while also adhering to the GDPR’s strict rules for processing sensitive health data [61]. Similarly, recruitment AI tools must balance the AI Act’s bias mitigation and transparency measures with GDPR mandates on lawful processing and non-discrimination [62]. Adopting a “GDPR-first” approach—where robust data protection forms the foundation for additional AI-specific controls—is widely recommended as a strategy to achieve an integrated framework for trustworthy AI. In summary, the GDPR and the AI Act together promote a vision of trustworthy AI that ensures both system safety and the protection of fundamental rights. Despite challenges in aligning their differing approaches, integrated compliance strategies can enable organizations to meet both sets of obligations without compromising innovation or privacy.

1.17. Balancing Compliance and Innovation

The intersection of GDPR and LLMs highlights significant challenges in aligning advanced AI technologies with stringent data protection regulations. The core GDPR principles of transparency, accountability, and data protection often conflict with the technical nature of LLMs, which inherently obscure data processing activities and make individual data point manipulation difficult. Addressing these challenges requires a multifaceted approach that combines technological innovations, robust governance frameworks, and ongoing collaboration between technologists and legal experts. By implementing privacy-preserving techniques, enhancing model interpretability, and establishing comprehensive documentation practices, organizations can better navigate the complexities of GDPR compliance in the realm of Large Language Models.

2. Detailed Analysis of GDPR Articles Challenging for LLMs

Applying the General Data Protection Regulation (GDPR) to Large Language Models (LLMs) introduces a myriad of technical and legal challenges. Each relevant GDPR article presents unique obstacles that stem from the inherent complexities and operational methodologies of LLMs. In the following subsections, we analyze these challenges, discuss potential solutions, and illustrate the issues with relevant case studies or examples.

2.1. Article 17—Right to Erasure (‘Right to Be Forgotten’)

LLMs encode information within their neural network weights during training, which makes it extremely difficult to remove specific data points without altering the entire model. In addition, personal data is often intertwined with non-personal data, further complicating the isolation and removal process. Current machine unlearning methods, although promising, are not yet scalable for models with billions of parameters (e.g., GPT-4) [31,37,56].
Several approaches have been proposed to tackle these issues. One idea is to develop algorithms for machine unlearning that allow models to forget specific data points without requiring full retraining. Alternatively, one could retrain the model from scratch after excluding the requested data, although this process is both resource-intensive and time-consuming. Other potential solutions include designing modular architectures that can isolate and remove specific data segments or implementing differential privacy techniques during training to limit the influence of any single data point [31,54].
Real-world examples further illustrate these challenges. For instance, Google has faced numerous right-to-erasure requests aimed at removing personal data from its search indices, highlighting the difficulties of applying Article 17 [8] to systems that aggregate and process vast amounts of data [63]. Similarly, although not publicly documented, hypothetical scenarios involving requests to remove personal data from OpenAI’s GPT models underscore the technical hurdles associated with compliance [37].

2.2. Article 15—Right of Access

The right of access under Article 15 [6] is also challenged by the way LLMs operate. Personal data used during training is embedded within the model’s parameters in a highly non-transparent manner, making direct access to specific data points nearly impossible. The transformation of data into high-dimensional representations further obscures both the origin and the details of individual data points, and unlike traditional databases, LLMs lack an index of these entries [31,37,41,42].
To address these challenges, researchers have suggested several approaches. One potential solution is the development of model auditing tools that can analyze models to detect the presence of personal data. Explainable AI (XAI) techniques may also offer insights into how personal data influences model outputs, while data provenance tracking mechanisms can help document the origin and usage of the data during training [25,40,41,42]. However, ethical considerations must be taken into account: balancing an individual’s right to access their data with the risk of compromising model integrity or inadvertently exposing sensitive training data is paramount [39].

2.3. Article 16—Right to Rectification

Rectifying inaccuracies within LLMs poses significant technical challenges. Once a model is trained, correcting specific inaccuracies tied to personal data is difficult because the data is deeply embedded in the model’s parameters. The complex interdependencies among data points mean that isolating and updating a specific piece of information can inadvertently affect other aspects of the model’s performance. Fine-tuning the model with corrected data may help, but it often fails to completely remove the influence of the inaccurate data, as the model tends to retain learned representations from the initial training [37,39,64].
Furthermore, updating large-scale models is computationally expensive and may not be feasible in real-time. Even after retraining or fine-tuning, LLMs might exhibit residual memory effects due to overfitting, making it challenging to verify that inaccuracies have been fully corrected through exhaustive testing [65]. Various approaches have been proposed, including targeted data editing techniques (such as Rank-One Model Editing, or ROME), model auditing to assess the extent of inaccuracies, and the development of continuous learning frameworks. However, each of these solutions faces limitations in scalability and practicality. In many cases, methods like retraining, fine-tuning, or modular updates remain resource-intensive and may not fully address the persistence of incorrect data. Consequently, ongoing research is essential to develop more effective techniques for enabling compliance with GDPR’s Right to Rectification in the context of LLMs.

2.4. Ethical Considerations in Access and Rectification

Balancing an individual’s rights to access and rectify their personal data with the technical limitations of LLMs requires careful ethical evaluation. Organizations must ensure that granting access or making rectifications does not compromise the integrity of the model or inadvertently reveal sensitive information embedded within it. This balance is essential for maintaining trust and accountability while complying with GDPR requirements [39].
In summary, each of these articles presents unique challenges when applied to LLMs, from the immutability and complexity of model parameters to the limitations of current data correction techniques. While a number of promising solutions have been proposed—such as machine unlearning, model auditing, and continuous learning frameworks—each approach has its own set of limitations. As such, the development of scalable, effective methods remains an ongoing area of research, crucial for achieving compliance with GDPR’s stringent data protection standards.

2.5. Article 22—Automated Decision-Making, Including Profiling

Automated decision-making using LLMs raises significant challenges due to the opaque nature of these models. Their black-box design makes it difficult to explain how specific inputs lead to particular decisions, which hinders transparency [40]. Moreover, because LLMs can inherit and even amplify biases from their training data, there is a risk of discriminatory or unfair outcomes [39]. This opacity and potential bias complicate the assignment of accountability, especially when multiple stakeholders are involved [1].
Several strategies have been proposed to address these issues. For example, the implementation of explainable AI (XAI) techniques can help provide understandable explanations for model decisions [40]. In addition, bias mitigation strategies are essential to detect and reduce any discriminatory tendencies in both training data and model outputs. It is also important to incorporate human oversight into critical decision-making processes, ensuring that automated decisions are reviewed in accordance with GDPR’s requirement for human intervention [19]. Furthermore, establishing robust consent frameworks that clearly inform individuals about the nature of automated decision-making processes can contribute to compliance with GDPR [1]. From a regulatory standpoint, organizations deploying LLMs in high-stakes applications such as hiring, lending, or healthcare must conduct thorough impact assessments and integrate XAI tools to maintain transparency and accountability [66].

2.6. The Explainability Gap in Transformer-Based Models

Understanding and interpreting the decision-making process of Large Language Models (LLMs) remains a fundamental challenge, particularly in the context of GDPR’s transparency requirements. Traditional Explainable AI (XAI) techniques, such as SHAP and LIME, are well-suited for structured data but struggle to provide meaningful insights into the highly non-linear and distributed representations used in Transformer-based architectures [40]. These methods often rely on perturbation-based explanations, which fail to capture the intricate contextual dependencies across long text sequences processed by LLMs [67].
Recent interpretability approaches tailored for Transformers include attention weight visualization, attention rollout, and gradient-based saliency mapping, which attempt to trace decision-making pathways within multi-layer, multi-head attention models [68]. However, studies indicate that attention distributions do not always correlate with model reasoning, raising concerns about their reliability as interpretability tools [69]. Additionally, methods such as causal mediation analysis and concept-based interpretability frameworks are being explored to bridge this gap, yet they remain computationally intensive and lack standardization [70]. Addressing this explainability gap is critical for regulatory compliance and user trust, necessitating further research into robust, scalable, and legally viable interpretability solutions for LLMs.
Figure 3 provides a visual summary of the challenges associated with implementing key data subject rights in LLM systems. The diagram consolidates the challenges for the Right to Erasure (Article 17) [8], Right of Access (Article 15) [6], Right to Rectification (Article 16) [7], and restrictions on Automated Decision-Making (Article 22) [12]. It highlights common issues such as data-parameter entanglement, non-transparent processing, and the inherent opacity of LLMs, and suggests potential solutions including machine unlearning, model auditing, targeted fine-tuning, and explainable AI techniques. This figure serves as an effective visual aid to contextualize the technical hurdles and possible strategies for achieving GDPR compliance in automated decision-making systems.

2.7. Article 6—Lawfulness of Processing

LLMs typically rely on data collected from the web, often without explicit consent, which raises questions about the lawfulness of such processing under GDPR [41,42]. Ensuring that training data is sourced from licensed and publicly available datasets is challenging due to the vast and diverse nature of the data involved. The automated aggregation of data at scale can further complicate compliance with consent and data protection principles [2].
To address these concerns, organizations are exploring scalable mechanisms for obtaining explicit consent from data subjects and increasingly relying on datasets that are explicitly licensed for training purposes [25,71]. Automated compliance checks can also play a crucial role in verifying that data sources meet legal standards. It is critical for organizations to ensure that their data processing activities have a lawful basis—whether that is consent, contractual necessity, or legitimate interests—to avoid severe legal repercussions such as fines and reputational damage [1,18]. The European Data Protection Board (EDPB) has even issued special opinions, including a three-step test framework, to help determine whether legitimate interest can be lawfully relied upon for processing personal data in AI-related activities [72].

2.8. Article 25—Data Protection by Design and by Default

The complexity of LLM architectures poses significant challenges when attempting to integrate data protection measures from the outset. Continuous data ingestion and frequent updates further complicate maintaining consistent protection standards. Moreover, enhancing data protection may sometimes come at the cost of model performance, creating a difficult balance between privacy and functionality [22,39,54].
To overcome these issues, organizations are adopting various privacy-preserving techniques, such as differential privacy, federated learning, and homomorphic encryption, to secure personal data during both training and inference [54,55]. Designing models with modular components that can incorporate data protection measures independently, as well as integrating automated compliance tools into the development lifecycle, are additional strategies that can help ensure adherence to GDPR’s requirements. Best practices include conducting regular privacy assessments and embedding privacy by design principles throughout the development process [17].

2.9. Article 20—Right to Data Portability

Article 20 [10] of the GDPR grants individuals the right to receive the personal data they have provided to a controller in a structured, commonly used, and machine-readable format, as well as the right to transmit that data to another controller [10]. However, this right specifically applies to data directly provided by the individual—such as account information or feedback—and not necessarily to data collected indirectly through methods like web scraping or from publicly available sources [2,73].
In practice, distinguishing between data directly provided by a data subject and data gathered from other sources is particularly challenging with LLMs due to the massive and diverse nature of the training datasets. Additionally, LLMs transform personal data into high-dimensional abstract representations, making it technically complex to extract the original data in a structured and portable format [25,37]. The absence of standardized formats further complicates interoperability, while the sheer scale of data processed by LLMs creates additional resource challenges [31].
Organizations can enhance compliance by maintaining separate records of personal data provided directly by data subjects and offering original submission data in structured formats (e.g., JSON or XML). Comprehensive documentation of data sources and processing methods can also aid in identifying personal data relevant to portability requests. Collaborative standardization efforts with industry bodies and regulatory authorities may eventually help establish universal protocols for data portability. It is important to recognize, however, that the right to data portability may be limited to data explicitly provided by individuals, and the practical extraction of data from LLMs remains a significant technical challenge.
Legal Implications and Considerations: Failure to comply with Article 20 can result in legal action and significant fines, as it undermines individuals’ control over their personal data [10]. Organizations must, therefore, implement robust data governance practices that ensure the accurate and secure transfer of personal data. In doing so, they should assess the extent to which Article 20 applies to their operations, engage legal counsel to interpret these rights in their specific context, and explore technological solutions that balance data portability with privacy and security.

2.10. Article 35—Data Protection Impact Assessment (DPIA)

The unpredictable and opaque nature of LLMs poses significant challenges for conducting effective DPIAs. One major issue is the complexity of risk assessment, as the dynamic behavior of these models—shaped by continuous learning and updates—makes it difficult to identify and evaluate potential risks and biases accurately [19]. Moreover, the lack of standardized frameworks tailored to the unique complexities of LLMs further complicates the process.
To address these challenges, researchers advocate for the development of robust DPIA frameworks specifically designed for AI and LLMs, which would enable a systematic evaluation of risks. In addition, the implementation of automated risk assessment tools that operate in real-time could help identify potential data protection risks as they emerge. Establishing continuous monitoring mechanisms to track the evolving behavior of models is also critical to ensure that emerging risks are promptly mitigated [40].

2.11. Article 30—Records of Processing Activities

Documenting the vast and complex data processing activities of LLMs is another considerable challenge. The scale of these operations, combined with the integration of data from numerous dynamic sources, makes it difficult to accurately track data provenance and all processing steps [22,25]. Furthermore, the frequent updates and retraining cycles inherent to LLMs necessitate continuous record-keeping, which can be highly resource-intensive [55].
Potential solutions include leveraging automated documentation tools that generate and update processing records based on data ingestion and training activities. Establishing comprehensive data logging mechanisms is essential to capture detailed information about data sources, processing purposes, and the transformations applied. In addition, conducting regular audits can ensure that records remain accurate, current, and compliant with GDPR requirements [1].
Scalability and Feasibility Considerations. Machine unlearning aims to remove data related to individual users from trained models without full retraining [74]. However, scaling unlearning techniques to large language models (LLMs) with billions of parameters is notoriously challenging. Current unlearning methods typically require retraining or extensive fine-tuning, both computationally expensive and often impractical for models at this scale [49,74]. Additionally, federated learning, although advantageous for data privacy, introduces significant computational and communication overhead as model sizes increase, exacerbating bandwidth limitations and runtime inefficiencies [75]. Empirical studies demonstrate that the communication demands of federated learning with large-scale models frequently exceed available resources, creating significant barriers to practical deployment [75]. Moreover, maintaining detailed, auditable records for large AI models and datasets poses additional infrastructure and compliance challenges. As data volumes and model complexities grow, organizations struggle to manage and store comprehensive metadata required by regulations, often leading to inconsistent documentation and compliance issues [76,77]. These scalability, infrastructure, and compliance hurdles collectively represent critical feasibility gaps between theoretical frameworks for responsible AI and their practical implementation at scale.

3. General Challenges and Considerations

While specific GDPR articles present direct challenges to LLMs, there are overarching issues that further complicate compliance. This section explores these general challenges, providing a holistic view of the intersection between GDPR and LLMs.

3.1. Traceability

LLMs transform individual data points into high-dimensional representations within neural network weights, which inherently obscures the origin of specific information. This obfuscation makes it challenging to identify, rectify, or delete individual data points [37]. To enhance traceability, one can implement data provenance systems that meticulously track the origins and history of the data used in training [25]. In addition, designing modular data processing pipelines with clearly defined boundaries and maintaining comprehensive metadata management practices can help document data origins and transformations more effectively [1].

3.2. Model Interpretability

The outputs of LLMs are frequently opaque, complicating the task of understanding the decision-making processes behind generated content. This lack of transparency poses significant challenges for ensuring accountability and building user trust [40]. One promising approach is to apply explainable AI (XAI) techniques, such as SHAP (SHapley Additive exPlanations) or LIME (Local Interpretable Model-agnostic Explanations), which offer insights into how the model behaves. Alternatively, developing inherently interpretable model architectures or creating user-centric explanations can further clarify model decisions without sacrificing performance [40].

3.3. Ethical Implications

Large language models (LLMs) can unintentionally propagate biases present in their training data, often producing content that reinforces societal stereotypes and inequalities. For instance, GPT-3 has been shown to generate text reflecting gender and racial biases [78]. Incidents such as Microsoft’s Tay chatbot—which, in 2016, began posting offensive tweets after interacting with Twitter users [79]—demonstrate how AI systems can learn and disseminate harmful content. Additional studies on biased language generation highlight concerns regarding the deployment of LLMs in sensitive applications [39].
From the perspective of GDPR, key principles such as fairness, non-discrimination, and accountability are essential. GDPR emphasizes the lawful and equitable processing of personal data, and biased AI outputs that result in unfair treatment can lead to violations of these principles [5]. Consequently, organizations deploying LLMs bear the responsibility to prevent unethical behavior by implementing robust ethical guidelines, ensuring diversity within development teams, and continuously monitoring AI outputs. Such ethical AI practices are not only crucial for legal compliance but also for maintaining public trust and social responsibility [80].

3.4. Technological Limitations vs. Legal Requirements

There exists a significant gap between the technical capabilities of LLMs and the stringent legal requirements set forth by GDPR. On one hand, LLMs are capable of processing vast amounts of data through complex, often opaque methodologies [1]. On the other hand, current regulatory frameworks are not always agile enough to address the rapid evolution of AI technologies, creating challenges for compliance and enforcement.
Bridging this gap requires collective action. Collaboration among technologists, legal experts, and policymakers is essential to develop adaptable frameworks that can keep pace with advancements in AI [1]. Regulations must be designed to be flexible and evolve alongside emerging technologies, while continuous research should be supported to devise new techniques and methodologies that enhance GDPR compliance in the context of evolving AI capabilities [71]. Balancing technological innovation with robust data protection principles is crucial to ensure that LLMs adhere to the core tenets of GDPR.
Utility vs. Compliance Trade-Offs. Achieving GDPR compliance often comes at the expense of model utility. For instance, training with differential privacy (DP) guarantees typically incurs some accuracy loss—Bagdasaryan et al. highlighted that differential privacy significantly impacts model accuracy, especially harming performance on underrepresented classes [81]. Empirical studies confirm this trade-off: DP-SGD can moderately reduce performance under intermediate privacy budgets (e.g., a noticeable drop in accuracy or BLEU score at ϵ 3 [81]), while stricter privacy budgets substantially amplify this effect. Gupta et al. demonstrated that strong DP noise ( ϵ = 8 ) applied to language models severely limited BLEU scores to around 24, compared to a baseline of 63 achieved by pre-training on public data before private fine-tuning [82].
Similarly, modular or isolated architectures designed for efficient machine unlearning expedite data removal processes but may disrupt global model coherence. Bourtoule et al. proposed a modular machine unlearning framework that accelerates compliance with deletion requests, achieving approximately 4 × faster updates compared to full retraining [31]. In vision benchmarks, Chen et al. further illustrated that boundary-based modular unlearning can deliver substantial efficiency gains, reporting speedups of up to 17 × [83]. However, these methods can slightly degrade overall accuracy due to the compartmentalization of training data or model parameters, potentially limiting context integration [31].
This trade-off is not only technical but also economic. Gupta et al. noted that fully retraining or fine-tuning models for individual erasure requests is often prohibitively expensive, with modern models requiring weeks of compute time and resources valued in the millions [82]. Additionally, storing multiple model versions to address individual data removal requests significantly increases storage costs [82]. Consequently, organizations must carefully weigh the benefits of high-performing, context-rich models against the legal and ethical imperatives of robust data protection, balancing privacy methods applied during training (e.g., DP) against on-demand modular unlearning mechanisms.

4. Discussion

Navigating the complex intersection of the GDPR and Large Language Models (LLMs) requires recommendations that target policymakers, industry practitioners, and the research community. The overall goal is to bridge the gap between regulatory requirements and technological capabilities, ensuring that LLM deployment aligns with data protection and privacy standards.
Critical Legal Interpretations and Implications for Developers. Recent regulatory discussions underscore ongoing uncertainties in applying GDPR to Large Language Model (LLM) training. For instance, the Hamburg Commissioner for Data Protection and Freedom of Information warns that high-dimensional embeddings may still be re-identifiable, casting doubt on whether mere pseudonymization or anonymization suffices [84]. Similarly, the European Data Protection Board’s Opinion 28/2024 highlights divergent national stances on whether broad web-scraping for AI training constitutes a legitimate interest, urging a case-by-case assessment of both necessity and proportionality [62]. Legal commentators further note that authorities like the Garante (Italian DPA) increasingly scrutinize the extent of user consent when publicly available data is re-purposed for commercial LLMs [85]. In contrast, certain industry perspectives argue that data subjects’ rights over passively collected training data may be limited under existing privacy doctrines [86], leaving developers with inconsistent guidance. As a result, and given the lack of definitive Court of Justice of the EU rulings on LLM-specific data removal thresholds, risk management for AI developers hinges on conservative data governance and robust documentation [87] until courts and regulators clarify these grey areas.
Regulators are encouraged to update existing GDPR guidelines to address the unique challenges posed by LLMs, providing clearer definitions and standards for data processing practices specific to AI and machine learning. In addition, it is important to develop AI-specific regulations that complement GDPR by focusing on issues such as model transparency, accountability, and ethical AI development. International cooperation is also essential to harmonize data protection laws, thereby facilitating standardized frameworks that support global AI deployments.
Clear guidelines should be established regarding data deletion and rectification in the context of LLMs, including acceptable methods for machine unlearning and conditions under which retraining is required. Transparency reporting is another key area; organizations should be mandated to publish regular reports detailing their data processing activities, the sources of training data, and the measures taken to ensure compliance with GDPR. Such reporting not only enhances accountability but also builds trust with stakeholders.
From an industry perspective, it is advisable for organizations to embed privacy-by-design strategies throughout the AI development lifecycle. This means integrating data protection measures from the very beginning of model design and maintaining these considerations during development, training, and deployment. In parallel, organizations should adopt transparent data processing practices and maintain comprehensive documentation to support accountability. The use of Explainable AI (XAI) techniques can further help in making model behaviors and decision-making processes more understandable.
Investing in privacy-preserving technologies such as differential privacy, federated learning, and homomorphic encryption is crucial for safeguarding personal data during both training and inference. Regular Data Protection Impact Assessments (DPIAs) are recommended to identify and mitigate potential risks associated with data processing. Robust data governance frameworks that oversee data collection, usage, retention, and deletion must be established, and comprehensive records of processing activities should be maintained in accordance with GDPR requirements.
Practical applications of high-risk AI systems further underscore the challenges of aligning advanced AI technologies with regulatory and ethical standards. A recent study on AI-based lie detection for border control systems illustrates the complex interplay between technical performance, ethical concerns, and strict regulatory compliance under the EU AI Act [88]. By evaluating real-world case studies such as iBorderCtrl and AVATAR, the study emphasizes the necessity for rigorous risk assessments and tailored security controls in high-stakes environments.
Preliminary Quantitative Assessments and Simulation Results. Preliminary evaluations of privacy-preserving LLMs highlight notable trade-offs between privacy and model performance. For instance, training with differential privacy (DP) often reduces accuracy and even amplifies biases: Bagdasaryan et al. (2019) report that DP-SGD can significantly lower overall accuracy and disproportionately hurt underrepresented classes [81]. On text generation tasks, DP also tends to degrade quality (e.g., a strong privacy setting ε 3 only modestly reduced a GPT-2 model’s BLEU score from about 66.8 to 64.6 [89]). Recent techniques seek to mitigate such losses. Shi et al. (2022) propose *Selective* DP, which protects only sensitive tokens and yields a much better privacy–utility trade-off: in experiments, Selective-DPSGD roughly halved the perplexity increase caused by DP (bringing test perplexity down to 160 from DP-SGD’s 306, versus 61 with no privacy) at equivalent privacy levels [48]. Meanwhile, modular *machine unlearning* methods improve the efficiency of data removal from trained models. Bourtoule et al. (2021) introduced a “SISA” training strategy that accelerates retraining after deletion requests by 2–5× with minimal impact on accuracy [31]—for example, SISA achieved about 4.6× faster unlearning on a Purchase dataset model and 2.4× on SVHN, and even a 1.36× speed-up for ImageNet-scale models (with only minor accuracy degradation). These results illustrate that privacy enhancements (whether during training or post-hoc) do incur performance costs, but careful design (e.g., SDP and SISA) can substantially narrow the gap while upholding strong privacy guarantees.

Proposed Framework for GDPR-Aligned LLM Governance

Bridging the gap between GDPR obligations and the technical realities of Large Language Models (LLMs) requires an approach that addresses data governance, technical safeguards, continuous compliance, and transparency. We propose a four-layer governance model that integrates existing regulatory guidance with novel conceptual contributions to align LLM development and deployment with GDPR. This model synthesizes the expectations of multiple Data Protection Authorities (DPAs) and reflects GDPR’s core principles of lawfulness, fairness, and accountability, while providing practical mechanisms for end-to-end compliance.
The first layer, “Data Governance and Consent Management”, focuses on creating a robust foundation before any training or deployment of the model. This involves maintaining detailed records of data origins, especially where personal data may be present, as well as establishing lawful bases for data processing (such as explicit consent or legitimate interest). It also requires verifying that the training data collected is fit for purpose, thereby fulfilling the principle of data minimization and ensuring that only what is strictly necessary is used. Strong access controls and organizational policies are put in place so that sensitive data remains protected and so that any relevant GDPR obligations—such as handling data subject requests—can be efficiently managed.
The second layer, “Technical Privacy Enhancements”, addresses the safeguards needed during training and inference. Here, developers may rely on techniques such as differential privacy (DP) to ensure that individual data points are not easily traced or reconstructed from the model’s parameters. They can also opt for modular architectures that allow specific segments of data to be selectively unlearned in response to erasure requests, reducing the need for retraining entire large-scale models. Federated learning, when appropriate, helps keep personal data on local devices rather than centralizing it, and encrypted training methods protect raw data against unauthorized disclosures. Furthermore, output filters and policy enforcement mechanisms can be implemented to prevent the inadvertent leakage of personal data in generated outputs.
Because LLMs evolve over time—either by ingesting new data or through model updates—the third layer, “Continuous Compliance Monitoring”, ensures that privacy and compliance obligations are not seen as a one-time project but rather an ongoing effort. Automated systems for data protection impact assessments (DPIAs) and risk analyses can detect emerging threats as the model changes. Regular auditing of training logs, inference requests, and unlearning operations helps verify that privacy measures are functioning as intended. In addition, targeted retraining protocols allow developers to respond efficiently to specific requests for erasure or rectification. If a data subject wishes to remove their personal data from the model, well-defined retraining or unlearning methods can be applied to address that need without unduly disrupting the model’s functionality. This continuous monitoring framework extends to incident response plans that align with GDPR’s breach notification requirements, ensuring swift containment and remediation of any data leak or privacy lapse.
Finally, the fourth layer, “Explainability and Oversight”, targets the transparency of the model’s decisions and the establishment of human review for high-stakes scenarios. Because LLMs can act as black boxes, it is crucial to incorporate techniques for interpretability, such as saliency mappings or model distillation, that provide insight into how certain inputs affect outputs. In settings like finance, healthcare, or legal decision-making, there should be a mandatory human-in-the-loop stage to fulfill the GDPR requirement of allowing data subjects to contest automated decisions that have significant effects on them. This layer also involves publishing periodic transparency reports, informing stakeholders about model performance, known biases, and any privacy incidents. In addition, audits focusing on fairness and bias can help detect and mitigate discriminatory outcomes, thus upholding GDPR’s principle of non-discrimination and fostering public trust.
Taken together, these four layers operate in tandem to deliver a comprehensive governance model for GDPR-aligned LLM development. By embedding privacy controls throughout the entire lifecycle, developers can more effectively manage evolving legal obligations, particularly in high-risk application domains, and demonstrate a proactive approach to safeguarding individual rights. This end-to-end framework helps to meet the complexities of personal data definitions, legitimate interests, and unlearning feasibility, thereby supporting a “GDPR-first” culture of compliance that remains sensitive to the unique challenges posed by large-scale AI systems. As shown in Figure 4, our proposed governance framework divides LLM compliance into four interconnected layers. The first layer focuses on data governance practices and lawful bases for data collection, ensuring that all personal information is gathered under appropriate conditions and thoroughly documented. Building on this foundation, the second layer deploys technical mechanisms such as differential privacy and modular unlearning to safeguard personal data throughout the model’s training and inference stages. The third layer underscores the importance of continuous monitoring through regular audits, automated risk analyses, and protocols for retraining or incident response in alignment with GDPR. Finally, the fourth layer highlights the role of transparency and accountability mechanisms—such as interpretability techniques, human oversight for high-stakes decisions, fairness evaluations, and public reporting—in fostering trust and compliance in AI-driven systems.
Future research should focus on developing scalable machine unlearning techniques to efficiently remove specific data points without necessitating complete retraining. Enhancing model interpretability remains a key priority, with efforts aimed at creating more intuitive and effective XAI tools. Modular model architectures that facilitate easier updates and corrections are also a promising area for further study. Standardizing data portability mechanisms, investigating advanced bias detection and mitigation techniques, and integrating privacy-preserving machine learning into standard AI pipelines will further support compliance with GDPR. Additionally, there is a need for comprehensive regulatory frameworks that evolve with technological advancements, as well as cross-disciplinary collaboration among technologists, legal experts, ethicists, and policymakers to create holistic solutions. Finally, the development of benchmark datasets specifically designed to assess the privacy and compliance aspects of LLMs, along with the exploration of ethical AI development practices, can guide organizations toward deploying LLMs in a manner that is both responsible and compliant.

5. Conclusions

The intersection of GDPR and LLMs presents a unique set of technical, legal, and ethical challenges. As LLMs continue to evolve and be integrated into various sectors, their compliance with data protection laws like GDPR becomes increasingly complex [90]. The core GDPR principles of transparency, accountability, and data protection often conflict with the technical characteristics of LLMs, which obscure data processing activities and make it difficult to manipulate individual data points.
Our analysis shows that addressing these challenges will require a multifaceted approach, combining advancements in technology, improvements in data governance frameworks, and ongoing collaboration between legal experts, policymakers, and technologists. Organizations need to invest in privacy-preserving techniques such as differential privacy, federated learning, and anonymization, while also ensuring compliance with GDPR’s requirements for transparency and accountability through explainable AI (XAI) methods and robust documentation practices.
Moreover, the inherent biases within LLMs, stemming from the large-scale and diverse data they are trained on, highlight the need for ethical AI development. Organizations must adopt ethical guidelines, promote fairness, and implement bias mitigation strategies to ensure that AI outputs do not reinforce societal prejudices. These efforts are essential not only for GDPR compliance but also for fostering public trust in AI systems.
Future research and policy development should focus on scalable solutions for managing personal data in LLMs, ensuring that rights such as the Right to Erasure and Right to Access are effectively upheld. Additionally, regulatory frameworks like the EU’s Artificial Intelligence Act (AI Act) will play a crucial role in shaping the future of AI, providing clearer guidelines and promoting responsible innovation in the field of LLMs.
In conclusion, the successful alignment of LLMs with GDPR will require ongoing collaboration, innovation, and adaptability. As AI technologies continue to advance, legal and regulatory frameworks must evolve alongside them, ensuring that the benefits of LLMs are realized without compromising data protection and individual rights. By bridging the gap between technological capabilities and stringent data protection standards, we can create a more transparent, accountable, and ethically sound future for AI systems.

Author Contributions

Conceptualization, G.F.; methodology, G.F.; software, G.F.; validation, G.F., E.V., P.P. and A.A.; formal analysis, G.F., E.V., K.K., P.P. and A.A.; investigation, G.F., P.P. and D.K.; resources, not applicable; data curation, not applicable; writing—original draft preparation, G.F., E.V., K.K., P.P. and A.A.; writing—review and editing, G.F., D.K. and A.A.; visualization, G.F. and K.K.; supervision, G.F. and D.K. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Acknowledgments

During the preparation of this manuscript, the authors used Grammarly (Free Version) to support grammar, spelling, and stylistic refinement. The authors thoroughly reviewed and edited all suggested changes and take full responsibility for the content of this publication.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Voigt, P.; von dem Bussche, A. The EU General Data Protection Regulation (GDPR): A Practical Guide, 2nd ed.; Springer: Cham, Switzerland, 2024; p. XII, 339. [Google Scholar] [CrossRef]
  2. Kamarinou, D.; Millard, C.; Singh, J. Machine Learning with Personal Data; Technical Report 247; Queen Mary School of Law: London, UK, 2016. [Google Scholar]
  3. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 3. 2016.
  4. Albrecht, J.P. How the GDPR Will Change the World. Eur. Data Prot. Law Rev. 2016, 2, 287–289. [Google Scholar] [CrossRef]
  5. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 5. 2016.
  6. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 15. 2016.
  7. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 16. 2016.
  8. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 17. 2016.
  9. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 18. 2016.
  10. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 20. 2016.
  11. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 21. 2016.
  12. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 22. 2016.
  13. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 35. 2016.
  14. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 37. 2016.
  15. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 38. 2016.
  16. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 39. 2016.
  17. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 25. 2016.
  18. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 83. 2016.
  19. Bommasani, R.; Hudson, D.A.; Adeli, E.; Altman, R.; Arora, S.; von Arx, S.; Bernstein, M.S.; Bohg, J.; Bosselut, A.; Brunskill, E.; et al. On the Opportunities and Risks of Foundation Models. arXiv 2021, arXiv:2108.07258. [Google Scholar]
  20. Vaswani, A.; Shazeer, N.; Parmar, N.; Uszkoreit, J.; Jones, L.; Gomez, A.N.; Kaiser, Ł.; Polosukhin, I. Attention Is All You Need. In Proceedings of the Advances in Neural Information Processing Systems, Long Beach, CA, USA, 4–9 December 2017; pp. 5998–6008. [Google Scholar]
  21. Devlin, J.; Chang, M.W.; Lee, K.; Toutanova, K. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In Proceedings of the NAACL-HLT, Minneapolis, MN, USA, 2–7 June 2019; pp. 4171–4186. [Google Scholar]
  22. Radford, A.; Wu, J.; Child, R.; Luan, D.; Amodei, D.; Sutskever, I. Language Models are Unsupervised Multitask Learners. OpenAI Blog 2019, 1, 9. [Google Scholar]
  23. Brown, T.; Mann, B.; Ryder, N.; Subbiah, M.; Kaplan, J.D.; Dhariwal, P.; Neelakantan, A.; Shyam, P.; Sastry, G.; Askell, A.; et al. Language Models are Few-Shot Learners. In Proceedings of the Advances in Neural Information Processing Systems, Virtual, 6–12 December 2020; Volume 33, pp. 1877–1901. [Google Scholar]
  24. OpenAI. GPT-4 Technical Report. arXiv 2023, arXiv:2303.08774. [Google Scholar]
  25. Gao, L.; Biderman, S.; Black, S.; Golding, L.; Hoppe, T.; Foster, C.; Phang, J.; He, H.; Thite, A.; Nabeshima, N.; et al. The Pile: An 800GB Dataset of Diverse Text for Language Modeling. arXiv 2020, arXiv:2101.00027. [Google Scholar]
  26. Liu, Y.; Gu, J.; Goyal, N.; Li, X.; Edunov, S.; Ghazvininejad, M.; Lewis, M.; Zettlemoyer, L. Multilingual Denoising Pre-training for Neural Machine Translation. Trans. Assoc. Comput. Linguist. 2020, 8, 726–742. [Google Scholar] [CrossRef]
  27. Kwiatkowski, T.; Palomaki, J.; Redfield, O.; Collins, M.; Parikh, A.; Alberti, C.; Epstein, D.; Polosukhin, I.; Devlin, J.; Lee, K.; et al. Natural Questions: A Benchmark for Question Answering Research. Trans. Assoc. Comput. Linguist. 2019, 7, 453–466. [Google Scholar] [CrossRef]
  28. Zhang, J.; Zhao, Y.; Saleh, M.; Liu, P. PEGASUS: Pre-training with Extracted Gap-sentences for Abstractive Summarization. arXiv 2019, arXiv:1912.08777. [Google Scholar]
  29. Socher, R.; Perelygin, A.; Wu, J.; Chuang, J.; Manning, C.D.; Ng, A.Y.; Potts, C. Recursive Deep Models for Semantic Compositionality Over a Sentiment Treebank. In Proceedings of the EMNLP, Seattle, WA, USA, 18–21 October 2013; pp. 1631–1642. [Google Scholar]
  30. OpenAI. OpenAI Data Usage and Privacy Policy. 2023. Available online: https://openai.com/policies/privacy-policy (accessed on 4 March 2025).
  31. Bourtoule, L.; Chandrasekaran, V.; Choquette-Choo, C.A.; Jia, H.; Travers, A.; Zhang, B.; Lie, D.; Papernot, N. Machine Unlearning. In Proceedings of the 42nd IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 24–27 May 2021; pp. 141–159. [Google Scholar] [CrossRef]
  32. Google. Data Protection White Paper for Language Models. 2023. Available online: https://transparencyreport.google.com/eu-privacy/overview (accessed on 4 March 2025).
  33. Singhal, K.; Azizi, S.; Tu, T.; Mahdavi, S.S.; Wei, J.; Chung, H.W.; Scales, N.; Tanwani, A.; Cole-Lewis, H.; Pfohl, S.; et al. Large Language Models Encode Clinical Knowledge. arXiv 2022, arXiv:2212.13138. [Google Scholar] [CrossRef]
  34. Ashtiani, M.N.; Raahemi, B. Intelligent Fraud Detection in Financial Statements Using Machine Learning and Data Mining: A Systematic Literature Review. IEEE Access 2022, 10, 72504–72525. [Google Scholar] [CrossRef]
  35. Kasneci, E.; Sessler, K.; Küchemann, S.; Bannert, M.; Dementieva, D.; Fischer, F.; Gasser, U.; Groh, G.; Günnemann, S.; Hüllermeier, E.; et al. ChatGPT for Good? On Opportunities and Challenges of Large Language Models for Education. arXiv 2023, arXiv:2301.13067. [Google Scholar] [CrossRef]
  36. Adamopoulou, E.; Moussiades, L. An Overview of Chatbot Technology. In Proceedings of the IFIP International Conference on Artificial Intelligence Applications and Innovations, Neos Marmaras, Greece, 5–7 June 2020; pp. 373–383. [Google Scholar]
  37. Carlini, N.; Tramer, F.; Wallace, E.; Jagielski, M.; Herbert-Voss, A.; Lee, K.; Roberts, A.; Brown, T.; Song, D.; Erlingsson, Ú.; et al. Extracting Training Data from Large Language Models. In Proceedings of the USENIX Security Symposium, Online, 11–13 August 2021; pp. 2633–2650. [Google Scholar]
  38. Feretzakis, G.; Verykios, V.S. Trustworthy AI: Securing Sensitive Data in Large Language Models. AI 2024, 5, 2773–2800. [Google Scholar] [CrossRef]
  39. Bender, E.M.; Gebru, T.; McMillan-Major, A.; Shmitchell, S. On the Dangers of Stochastic Parrots: Can Language Models Be Too Big? In Proceedings of the FAccT, Virtual, 3–10 March 2021; pp. 610–623. [Google Scholar]
  40. Rudin, C. Stop Explaining Black Box Machine Learning Models for High Stakes Decisions and Use Interpretable Models Instead. Nat. Mach. Intell. 2019, 1, 206–215. [Google Scholar] [CrossRef] [PubMed]
  41. Freiberger, V.; Buchmann, E. Legally Binding but Unfair? Towards Assessing Fairness of Privacy Policies. In Proceedings of the 10th ACM International Workshop on Security and Privacy Analytics, Porto, Portugal, 21 June 2024; Association for Computing Machinery: New York, NY, USA, 2024. ISBN 9798400705564. [Google Scholar] [CrossRef]
  42. Azeem, M.I.; Abualhaija, S. A Multi-solution Study on GDPR AI-enabled Completeness Checking of DPAs. Empir. Softw. Eng. 2024, 29, 96. [Google Scholar] [CrossRef]
  43. Anil, R.; Ghazi, B.; Gupta, V.; Kumar, R.; Manurangsi, P. Large-Scale Differentially Private BERT. In Proceedings of the Findings of the Association for Computational Linguistics: EMNLP 2022, Abu Dhabi, United Arab Emirates, 7–11 December 2022; pp. 6481–6491. [Google Scholar]
  44. McKenna, R.; Huang, Y.; Sinha, A.; Balle, B.; Charles, Z.; Choquette-Choo, C.A.; Ghazi, B.; Kaissis, G.; Kumar, R.; Liu, R.; et al. Scaling Laws for Differentially Private Language Models. arXiv 2025, arXiv:2501.18914. [Google Scholar]
  45. Qu, Y.; Ding, M.; Sun, N.; Thilakarathna, K.; Zhu, T.; Niyato, D. The Frontier of Data Erasure: Machine Unlearning for Large Language Models. arXiv 2024, arXiv:2403.15779. [Google Scholar] [CrossRef]
  46. Liu, Z.; Dou, G.; Tan, Z.; Tian, Y.; Jiang, M. Towards Safer Large Language Models through Machine Unlearning. In Proceedings of the Findings of the Association for Computational Linguistics: ACL 2024, Bangkok, Thailand, 11–16 August 2024; pp. 1817–1829. [Google Scholar]
  47. Zhuang, H.; Zhang, Y.; Guo, K.; Jia, J.; Liu, G.; Liu, S.; Zhang, X. UOE: Unlearning One Expert Is Enough For Mixture-of-Experts LLMs. arXiv 2024, arXiv:2411.18797. [Google Scholar]
  48. Shi, W.; Cui, A.; Li, E.; Jia, R.; Yu, Z. Selective Differential Privacy for Language Modeling. In Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (NAACL-HLT), Seattle, WA, USA, 10–15 July 2022; pp. 2848–2859. [Google Scholar] [CrossRef]
  49. Golatkar, A.; Achille, A.; Soatto, S. Eternal Sunshine of the Spotless Net: Selective Forgetting in Deep Networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, WA, USA, 13–19 June 2020; pp. 9304–9312. [Google Scholar] [CrossRef]
  50. Bartl, M.; Nissim, M.; Gatt, A. Unmasking Contextual Stereotypes: Measuring and Mitigating BERT’s Gender Bias. In Proceedings of the Second Workshop on Gender Bias in Natural Language Processing (GeBNLP@COLING), Barcelona, Spain, 13 December 2020; Association for Computational Linguistics: Stroudsburg, PA, USA, 2020; pp. 1–16. [Google Scholar]
  51. Kaneko, M.; Bollegala, D. Debiasing Pre-Trained Contextualised Embeddings. In Proceedings of the16th Conference of the European Chapter of the Association for Computational Linguistics (EACL), Online, 19–23 April 2021; Association for Computational Linguistics: Stroudsburg, PA, USA; pp. 1256–1266. [Google Scholar]
  52. Sweeney, L. k-anonymity: A model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 2002, 10, 557–570. [Google Scholar] [CrossRef]
  53. Feretzakis, G.; Papaspyridis, K.; Gkoulalas-Divanis, A.; Verykios, V.S. Privacy-Preserving Techniques in Generative AI and Large Language Models: A Narrative Review. Information 2024, 15, 697. [Google Scholar] [CrossRef]
  54. Abadi, M.; Chu, A.; Goodfellow, I.; McMahan, H.B.; Mironov, I.; Talwar, K.; Zhang, L. Deep Learning with Differential Privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016. [Google Scholar]
  55. McMahan, H.B.; Moore, E.; Ramage, D.; Hampson, S. Communication-Efficient Learning of Deep Networks from Decentralized Data. In Proceedings of the Artificial Intelligence and Statistics, Fort Lauderdale, FL, USA, 20–22 April 2017; pp. 1273–1282. [Google Scholar]
  56. Zhang, H.; Nakamura, T.; Isohara, T. A Review on Machine Unlearning. SN Comput. Sci. 2023, 4, 337. [Google Scholar] [CrossRef]
  57. Regulation (EU) 2016/679 of the European Parliament and of the Council. European Union Law, Article 30. 2016.
  58. Regulation (EU) 2024/1689 of the European Parliament and of the Council. European Union Law, 2024.
  59. Kalodanis, K.; Rizomiliotis, P.; Anagnostopoulos, D. European Artificial Intelligence Act: An AI security approach. Inf. Comput. Secur. 2024, 32, 265–281. [Google Scholar] [CrossRef]
  60. Thomaidou, A.; Limniotis, K. Navigating Through Human Rights in AI: Exploring the Interplay Between GDPR and Fundamental Rights Impact Assessment. J. Cybersecur. Priv. 2025, 5, 7. [Google Scholar] [CrossRef]
  61. European Data Protection Board and European Data Protection Supervisor. Joint Opinion 5/2021 on the Proposal for the AI Act, 2021. Available online: https://www.edpb.europa.eu/system/files/2021-06/edpb-edps_joint_opinion_ai_regulation_en.pdf (accessed on 4 March 2025).
  62. Board, E.D.P. Opinion 28/2024 on Personal Data in AI Models. 2024. Available online: https://www.edpb.europa.eu/system/files/2024-12/edpb_opinion_202428_ai-models_en.pdf (accessed on 4 March 2025).
  63. European Court of Justice. Google v. CNIL: EU Rules That Right to Be Forgotten Does Not Apply Globally. 2019. Available online: https://www.europarl.europa.eu/RegData/etudes/ATAG/2019/642273/EPRS_ATA(2019)642273_EN.pdf (accessed on 23 February 2025).
  64. Wu, S.; Woodruff, D.; Singh, A. DeltaGrad: Rapid retraining of machine learning models. In Proceedings of the International Conference on Machine Learning, Virtual, 13–18 July 2020; pp. 10355–10366. [Google Scholar]
  65. Strubell, E.; Ganesh, A.; McCallum, A. Energy and Policy Considerations for Deep Learning in NLP. In Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, Florence, Italy, 28 July–2 August 2019; pp. 3645–3650. [Google Scholar]
  66. European Data Protection Board. Overview on Resources Made Available by Member States to the Data Protection Authorities and on Enforcement Actions by the Data Protection Authorities. 2022. Available online: https://edpb.europa.eu/our-work-tools/our-documents/other/overview-resources-made-available-member-states-data_en (accessed on 23 February 2025).
  67. Fan, A.; Grave, E.; Joulin, A. Interpretability of Transformer-Based Models: A Survey. In Proceedings of the 2021 Conference of the North American Chapter of the Association for Computational Linguistics, Online, 6–11 June 2021; pp. 5434–5445. [Google Scholar]
  68. Clark, K.; Khandelwal, U.; Levy, O.; Manning, C.D. What Does BERT Look At? An Analysis of BERT’s Attention. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing, Hong Kong, China, 3–7 November 2019; pp. 743–753. [Google Scholar]
  69. Serrano, S.; Smith, N.A. Is Attention Interpretable? In Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, Florence, Italy, 28 July–2 August 2019; pp. 2931–2951. [Google Scholar]
  70. Wiegreffe, S.; Pinter, Y. Attention is Not Explanation. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing, Hong Kong, China, 3–7 November 2019; pp. 11–20. [Google Scholar]
  71. Greenleaf, G. Global Data Privacy Laws 2019: 132 National Laws & Many Bills. Priv. Laws Bus. Int. Rep. 2019, 157, 14–18. [Google Scholar]
  72. European Data Protection Board. Guidelines 1/2024 on Processing of Personal Data Based on Article 6(1)(f) GDPR; European Data Protection Board: Brussels, Belgium, 2024. [Google Scholar]
  73. European Data Protection Board. Guidelines on the Right to Data Portability. 2017. Available online: https://edpb.europa.eu/sites/default/files/files/document/edpb_guidelines_2017_data_portability_en.pdf (accessed on 23 February 2025).
  74. Chen, J.; Yang, D. Unlearn What You Want to Forget: Efficient Unlearning for LLMs. In Proceedings of the 2023 Conference on Empirical Methods in Natural Language Processing (EMNLP), Singapore, 6–10 December 2023; pp. 12041–12052. [Google Scholar] [CrossRef]
  75. Kairouz, P.; McMahan, H.B.; Avent, B.; Bellet, A.; Bennis, M.; Bhagoji, A.N.; Bonawitz, K.; Charles, Z.; Cormode, G.; Cummings, R.; et al. Advances and Open Problems in Federated Learning. Found. Trends Mach. Learn. 2021, 14, 1–210. [Google Scholar] [CrossRef]
  76. Polyzotis, N.; Roy, S.; Whang, S.E.; Zinkevich, M. Data Lifecycle Challenges in Production Machine Learning: A Survey. SIGMOD Rec. 2018, 47, 17–28. [Google Scholar] [CrossRef]
  77. Longpre, S.; Mahari, R.; Chen, A.; Pentland, A.S. A large-scale audit of dataset licensing and attribution in AI. Nat. Mach. Intell. 2024, 6, 975–987. [Google Scholar] [CrossRef]
  78. Sheng, E.; Chang, K.-W.; Natarajan, P.; Peng, N. The Woman Worked as a Babysitter: On Biases in Language Generation. In Proceedings of the EMNLP, Hong Kong, China, 3–7 November 2019; pp. 3407–3412. [Google Scholar]
  79. Wolf, M.J. We Need to Talk about Tay: Ethical AI and Psychological Security in the Digital Age. AI Matters 2017, 3, 17–21. [Google Scholar]
  80. Jobin, A.; Ienca, M.; Vayena, E. The Global Landscape of AI Ethics Guidelines. Nat. Mach. Intell. 2019, 1, 389–399. [Google Scholar] [CrossRef]
  81. Bagdasaryan, E.; Poursaeed, O.; Shmatikov, V. Differential Privacy Has Disparate Impact on Model Accuracy. In Proceedings of the Advances in Neural Information Processing Systems (NeurIPS), Vancouver, BC, Canada, 8–14 December 2019; Volume 32, pp. 15479–15488. [Google Scholar]
  82. Gupta, V.; Jung, C.; Neel, S.; Roth, A.; Sharifi-Malvajerdi, S.; Waites, C. Adaptive Machine Unlearning. In Proceedings of the Advances in Neural Information Processing Systems (NeurIPS), Online, 6–14 December 2021; Volume 34. [Google Scholar]
  83. Chen, M.; Gao, W.; Liu, G.; Peng, K.; Wang, C. Boundary Unlearning: Rapid Forgetting of Deep Networks via Shifting the Decision Boundary. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Vancouver, BC, Canada, 17–24 June 2023; pp. 7767–7776. [Google Scholar]
  84. Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI). Discussion Paper: Large Language Models and Personal Data. 2024. Available online: https://datenschutz-hamburg.de (accessed on 25 March 2025).
  85. Dentons Law Firm. To Be Scraped or Not to Be Scraped: The Garante’s Approach. Dentons Insights (Online). 2024. Available online: https://www.dentons.com/en/insights/articles/2024/june/18/to-be-scraped-or-not-to-be-scraped (accessed on 4 March 2025).
  86. Perspective: Why Data Subjects’ Rights to LLM Training Data Are Not Relevant. IAPP Privacy Perspectives. 2025. Available online: https://iapp.org/news/a/perspective-why-data-subjects-rights-to-llm-training-data-are-not-relevant (accessed on 4 March 2025).
  87. Nance, R.; Evans, M.; Gelmetti, F. The EDPB Opinion on Training AI Models Using Personal Data and Recent Garante Fine—Lawful Deployment of LLMs. Data Protection Report (Norton Rose Fulbright). 2025. Available online: https://www.dataprotectionreport.com/2025/01/the-edpb-opinion-on-training-ai-models-using-personal-data-and-recent-garante-fine-lawful-deployment-of-llms/ (accessed on 4 March 2025).
  88. Kalodanis, K.; Rizomiliotis, P.; Feretzakis, G.; Papapavlou, C.; Anagnostopoulos, D. High-Risk AI Systems—Lie Detection Application. Future Internet 2025, 17, 26. [Google Scholar] [CrossRef]
  89. Bu, Z.; Wang, Y.; Zha, S.; Karypis, G. Differentially Private Optimization on Large Model at Small Cost. In Proceedings of the 40th International Conference on Machine Learning (ICML), PMLR, Honolulu, HI, USA, 23–29 July 2023; pp. 3192–3218. [Google Scholar]
  90. European Data Protection Board. Opinion 28/2024 on Certain Data Protection Aspects Related to the Processing of Personal Data in the Context of AI Models; European Data Protection Board: Brussels, Belgium, 2024. [Google Scholar]
Figure 1. GDPR Principles vs. LLM Characteristics: Compliance Challenges.
Figure 1. GDPR Principles vs. LLM Characteristics: Compliance Challenges.
Futureinternet 17 00151 g001
Figure 2. Privacy-Preserving LLM Development Pipeline with Integrated GDPR Compliance Measures. This diagram illustrates the end-to-end process of LLM development, embedding privacy-preserving techniques and GDPR compliance—from data collection and privacy assessment to model training, evaluation, documentation, deployment, and continuous monitoring.
Figure 2. Privacy-Preserving LLM Development Pipeline with Integrated GDPR Compliance Measures. This diagram illustrates the end-to-end process of LLM development, embedding privacy-preserving techniques and GDPR compliance—from data collection and privacy assessment to model training, evaluation, documentation, deployment, and continuous monitoring.
Futureinternet 17 00151 g002
Figure 3. GDPR Data Subject Rights: LLM Implementation Challenges. This diagram presents the key challenges and potential solutions for operationalizing the Right to Erasure (Article 17) [8], Right of Access (Article 15) [6], Right to Rectification (Article 16) [7], and restrictions on Automated Decision-Making (Article 22) [12] in LLM systems. It highlights issues such as data-parameter entanglement, non-transparent processing, and the inherent opacity of LLMs, and suggests solutions like machine unlearning, model auditing, targeted fine-tuning, and explainable AI techniques.
Figure 3. GDPR Data Subject Rights: LLM Implementation Challenges. This diagram presents the key challenges and potential solutions for operationalizing the Right to Erasure (Article 17) [8], Right of Access (Article 15) [6], Right to Rectification (Article 16) [7], and restrictions on Automated Decision-Making (Article 22) [12] in LLM systems. It highlights issues such as data-parameter entanglement, non-transparent processing, and the inherent opacity of LLMs, and suggests solutions like machine unlearning, model auditing, targeted fine-tuning, and explainable AI techniques.
Futureinternet 17 00151 g003
Figure 4. Four-Layer GDPR-Aligned LLM Governance Framework. The diagram illustrates four primary layers: (1) Data Governance and Consent Management, (2) Technical Privacy Enhancements, (3) Continuous Compliance Monitoring, and (4) Explainability and Oversight. Each layer builds upon the previous one to create a robust, end-to-end compliance strategy for Large Language Models (LLMs) under GDPR requirements, ensuring lawful data processing, privacy-preserving techniques, proactive monitoring, and transparent decision-making.
Figure 4. Four-Layer GDPR-Aligned LLM Governance Framework. The diagram illustrates four primary layers: (1) Data Governance and Consent Management, (2) Technical Privacy Enhancements, (3) Continuous Compliance Monitoring, and (4) Explainability and Oversight. Each layer builds upon the previous one to create a robust, end-to-end compliance strategy for Large Language Models (LLMs) under GDPR requirements, ensuring lawful data processing, privacy-preserving techniques, proactive monitoring, and transparent decision-making.
Futureinternet 17 00151 g004
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Feretzakis, G.; Vagena, E.; Kalodanis, K.; Peristera, P.; Kalles, D.; Anastasiou, A. GDPR and Large Language Models: Technical and Legal Obstacles. Future Internet 2025, 17, 151. https://doi.org/10.3390/fi17040151

AMA Style

Feretzakis G, Vagena E, Kalodanis K, Peristera P, Kalles D, Anastasiou A. GDPR and Large Language Models: Technical and Legal Obstacles. Future Internet. 2025; 17(4):151. https://doi.org/10.3390/fi17040151

Chicago/Turabian Style

Feretzakis, Georgios, Evangelia Vagena, Konstantinos Kalodanis, Paraskevi Peristera, Dimitris Kalles, and Athanasios Anastasiou. 2025. "GDPR and Large Language Models: Technical and Legal Obstacles" Future Internet 17, no. 4: 151. https://doi.org/10.3390/fi17040151

APA Style

Feretzakis, G., Vagena, E., Kalodanis, K., Peristera, P., Kalles, D., & Anastasiou, A. (2025). GDPR and Large Language Models: Technical and Legal Obstacles. Future Internet, 17(4), 151. https://doi.org/10.3390/fi17040151

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop