What Should LLMs Forget? Quantifying Personal Data in LLMs for Right-to-Be-Forgotten Requests

TL;DR

This paper introduces a dataset and metric to identify and quantify personal data memorized by LLMs, facilitating compliance with GDPR's Right to Be Forgotten at the individual level.

Contribution

It presents WikiMem, a new dataset, and a model-agnostic metric for detecting personal data in LLMs, enabling targeted unlearning and privacy compliance.

Findings

Memorization correlates with web presence and model size.

The metric effectively ranks factual associations in LLMs.

Evaluation across multiple models demonstrates practical applicability.

Abstract

Large Language Models (LLMs) can memorize and reveal personal information, raising concerns regarding compliance with the EU's GDPR, particularly the Right to Be Forgotten (RTBF). Existing machine unlearning methods assume the data to forget is already known but do not address how to identify which individual-fact associations are stored in the model. Privacy auditing techniques typically operate at the population level or target a small set of identifiers, limiting applicability to individual-level data inquiries. We introduce WikiMem, a dataset of over 5,000 natural language canaries covering 243 human-related properties from Wikidata, and a model-agnostic metric to quantify human-fact associations in LLMs. Our approach ranks ground-truth values against counterfactuals using calibrated negative log-likelihood across paraphrased prompts. We evaluate 200 individuals across 15 LLMs (410M-70B parameters), showing that memorization correlates with subject web presence and model scale. We provide a foundation for identifying memorized personal data in LLMs at the individual level, enabling the dynamic construction of forget sets for machine unlearning and RTBF requests.