Is AI Scraping Legal? Future of Privacy Forum CEO On LLM Training And GDPR

Jules Polonetsky is the CEO of the Future of Privacy Forum (FPF), a nonprofit that convenes industry, civil society, academics, and regulators around emerging data protection and privacy questions. A former Chief Privacy Officer at AOL and DoubleClick, with earlier government experience, he has spent decades working at the intersection of technology, business practice, and regulation. Today, FPF operates with teams in Washington, Brussels, and Singapore, with additional coverage across Africa and Latin America, and focuses on mapping how different jurisdictions approach privacy and AI, and on helping policymakers and regulators understand the real-world consequences of their choices.

In this section of the interview, Medianama editor-in-chief, Nikhil Pahwa speaks with Jules Polonetsky about one of the most contested issues in AI governance — the right to erasure. If personal information posted on social media or available on the public web is scraped without consent, does that amount to a privacy violation? And if it does, what are regulators obligated to do about it?

The discussion examined whether existing data protection laws — particularly the General Data Protection Regulation (GDPR) –render current Large Language Model (LLM) training practices unlawful, the technical feasibility of deleting personal data from trained models, and whether “suppression” of outputs is an adequate substitute for erasure. It also explores the political reality facing regulators where they must balance strict legal compliance against the perceived economic and social benefits of AI development.

As Europe reinterprets its data protection framework, the United States moves toward sector-specific AI regulation, and countries like India struggle with foundational questions of privacy enforcement, this exchange lays bare a central tension in global AI policy — whether the law must bend to accommodate AI, or whether AI must adapt to the law.

This section of the interview has been lightly edited for clarity and brevity. The full excerpts of the interview will be published soon.

—————————————————————————————————————-

On right to erasure, privacy and scraping of public data

Nikhil Pahwa: So how does AI change the right to say no? How does AI change the right to erasure? Erasure is foundational to data protection frameworks, but they can’t retrain, spend millions of dollars retraining frontier models every single time someone wants to withdraw their data because they’ve also scraped the data from the open web, which contains personal information.

Jules Polonetsky: So again, we have choices to make here. Erasure has never been an absolute right, right? Sometimes companies need to keep data for tax purposes … If I’m a pharmacy lab, for instance, and I’m doing tests, I get accredited that my testing systems are right. I have obligations to keep…