How long does it take for ChatGPT to stop mentioning something after the source article is removed?

The timeline depends on which aspect of ChatGPT you are concerned about. For ChatGPT Browse, which retrieves live web content, the effect of removing and de-indexing a source article is relatively fast, typically within weeks of successful de-indexing, because the article is no longer accessible for retrieval. For ChatGPT's base model (non-Browse responses), the information encoded in model weights during training does not change when a web page is deleted. The model's knowledge of that content persists until the model is retrained or replaced. OpenAI releases updated models on an irregular schedule, and the training data cutoff for each model is not precisely public. The practical implication is that source removal is highly effective for retrieval-augmented AI and future training cycles, but has no immediate effect on responses generated from existing model weights.

ChatGPT Showing Negative Info? Right to Be Forgotten Guide

Q: Does GDPR's right to be forgotten apply to ChatGPT?

Not in the way most people expect. GDPR Article 17 (right to erasure) was designed for data controllers who actively process and store identifiable data about individuals, such as search engines indexing live web pages. ChatGPT's base model is a trained neural network whose parameters were set during a training run on a large dataset. Information is not stored as a discrete record that can be deleted; it is encoded diffusely across billions of model weights. The European Data Protection Board has acknowledged in 2023 guidance that full erasure from trained models is technically not feasible in the conventional sense, and that rectification or restriction of processing may be more appropriate remedies.

Q: What does OpenAI's privacy removal process actually cover?

OpenAI operates a privacy request portal at privacy.openai.com where EU and UK residents can submit requests under GDPR Article 17 and equivalent regulations. The scope of what OpenAI can act on is limited to personal data in the conventional sense: home addresses, private communications, financial account details, government identification numbers, and similar categories of personally identifiable information. Editorial content about a person, such as a news article describing a lawsuit, a business dispute, or a professional controversy, is generally not within the scope of what OpenAI's privacy process will remove. Factual information about public-facing conduct is treated differently from private personal data.

Q: Why is ChatGPT different from Google when it comes to the right to be forgotten?

Google Search is a retrieval system that continuously indexes live web pages and stores structured references to that content. When a Google de-indexing request succeeds, Google removes the reference from its index and the page disappears from search results. ChatGPT's base model does not retrieve live pages; it generates responses from statistical patterns learned during training on a fixed dataset with a knowledge cutoff. Deleting a web page after ChatGPT's training cutoff does not change the model's weights. The two systems process information in fundamentally different ways, so the mechanism that works for Google (de-indexing a URL) does not apply to a trained language model.

Q: What happened when Italy banned ChatGPT over GDPR concerns?

In March 2023, the Italian data protection authority (Garante per la Protezione dei Dati Personali) temporarily suspended ChatGPT's operation in Italy, citing GDPR concerns including the lack of a legal basis for processing personal data during training and insufficient age verification. OpenAI responded within weeks with new transparency measures, a privacy policy update, and tools allowing users to opt out of having their conversations used for training. Italy lifted the ban in late April 2023. Notably, OpenAI did not commit to removing specific individuals from its training data as part of that resolution. The Garante case remains the clearest regulatory precedent for how GDPR authorities approach AI training data disputes.

Diagram showing two paths for dealing with ChatGPT mentions: OpenAI Privacy Request (limited scope) and Source Removal (more effective), with a flow showing that removing an article at the source leads to removal from the web and less likelihood of appearing in future AI training.

Key Takeaways

GDPR's right to be forgotten does not directly apply to ChatGPT's trained model. The right was designed for search engines indexing live content, not for neural networks where information is encoded in model weights.
OpenAI's privacy process exists but has a narrow scope. It can address PII such as home addresses and private communications. It does not routinely remove editorial content about your public-facing conduct.
Retrieval-augmented AI systems respond quickly to source removal. Perplexity, Google AI Overviews, and ChatGPT Browse all pull from the live web. Remove the source article and these systems stop citing it.
The most practical path is removing the source article. This removes the content from the live web, stops retrieval-augmented AI citations, and reduces the chance the article enters future AI training datasets.

Section 01

The Question People Are Actually Asking

The scenario is increasingly common. Someone searches their own name and finds that ChatGPT, Perplexity, or Google's AI Overviews is summarizing an old news article, a court document, or a professional controversy. They know about GDPR's right to be forgotten because it made headlines when Google was forced to de-index search results in Europe. The logical next question is: can I use that same right to make ChatGPT stop mentioning me?

It is a reasonable question. The right to be forgotten, formally the right to erasure under Article 17 of the General Data Protection Regulation, is real, enforceable, and has forced some of the world's most powerful technology companies to change how they operate. If it works on Google, why wouldn't it work on OpenAI?

The answer comes down to a fundamental difference in how these systems work. Google Search is a retrieval and indexing system. ChatGPT's base model is a trained statistical system. The legal instrument that fits one does not straightforwardly fit the other, and being honest about that distinction is the starting point for deciding what to actually do.

Key Distinction

There are currently two meaningfully different ways AI systems surface information about you. Retrieval-augmented systems (Perplexity, Google AI Overviews, ChatGPT Browse) fetch live web content in real time when answering a query. Base model responses (standard ChatGPT without Browse) are generated from statistical patterns encoded during a training run on a historical dataset. These two mechanisms have very different relationships to the right to be forgotten, and the practical remedies for each differ substantially. See our dedicated guide on removing content from ChatGPT and AI search for a deeper look at the technical differences.

Section 02

What the Right to Be Forgotten Actually Does (and Where It Applies)

The right to be forgotten became widely known after the 2014 Google Spain ruling by the Court of Justice of the European Union. In that case, the court held that search engines are data controllers under European data protection law and that individuals have the right to request de-indexing of search results that are "inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed." The ruling forced Google to create a formal process for European residents to request that specific URLs be removed from name-based search results.

GDPR, which came into force in 2018, codified and extended this right as Article 17. It gives data subjects in EU member states (and, through UK GDPR post-Brexit, in the United Kingdom) the right to request that data controllers erase their personal data. The right is not absolute. It does not apply where the data is still necessary for the original purpose, where processing is required for legal compliance, or where the data is being processed for public interest reasons including journalism.

The geographic scope matters. GDPR applies to EU residents and to organizations that process EU residents' data regardless of where those organizations are based. UK GDPR applies similarly within the United Kingdom following Brexit. Neither framework applies to residents of the United States or other countries that lack equivalent legislation. A US resident whose name appears in ChatGPT's output has no equivalent federal right to demand erasure from an AI system.

The right has been most clearly and successfully invoked against search engines because search engines fit the regulatory definition of a data controller in a way that is relatively straightforward: they collect, index, store, and display personal data about individuals. The legal basis for processing that data, and the mechanism for de-indexing URLs from search results, is well-established after more than a decade of enforcement.

Understanding these limitations is equally important for people who want to use GDPR strategically against search engines. Our guide on GDPR and news article removal covers the de-indexing process in detail, including what categories of content European residents can realistically target and what the success rates look like. The broader overview at our complete right to be forgotten guide brings together the full picture across search engines, social platforms, and AI systems.

Section 03

Why ChatGPT Is Fundamentally Different from a Search Engine

To understand why the right to be forgotten does not translate cleanly to ChatGPT's base model, you need to understand the difference between how Google stores information and how a language model stores information.

Google Search maintains an index: a structured database of URLs, page content, and associated metadata. When Google indexes a page about you, that page exists as a discrete entry in a database. When a de-indexing request is honored, Google removes that entry from its index. The information still exists at the original URL, and Google may still have it cached, but it no longer surfaces in name-based searches. The mechanism is conceptually similar to removing a card from a card catalog. The book still exists, but it cannot be found through the catalog.

ChatGPT's base model works differently. It was trained on a large corpus of text data up to a specific knowledge cutoff date. During training, the model's parameters (billions of numerical weights) were adjusted through a mathematical optimization process to capture statistical patterns in that text. Information from that training corpus is not stored as retrievable records. It is encoded diffusely across the model's parameters in a way that cannot be directly traced back to a specific source document or extracted and deleted in the way a database record can be.

When ChatGPT generates a response mentioning a person, it is not looking up a record about them. It is generating text based on statistical patterns learned during training. The distinction between "ChatGPT knows this because it read article X" and "ChatGPT generates this because of patterns across thousands of training documents" is real and matters enormously for any erasure request.

The Technical Barrier to Erasure

The European Data Protection Board acknowledged in its 2023 guidance on generative AI that full erasure of specific data from trained models is technically not feasible in the conventional sense. Once a model has been trained on data, the influence of that data on the model's parameters cannot be precisely isolated and removed without retraining the entire model from scratch. The EDPB noted that "rectification" or "restriction of processing" may be more legally appropriate concepts than "erasure" when dealing with trained AI systems, but these alternatives are also technically complex and not yet the subject of settled regulatory practice.

This technical reality does not mean that data protection authorities have given up on applying GDPR to AI systems. It means that the specific mechanism of Article 17 erasure, which works relatively cleanly for databases and search indexes, runs into genuine technical constraints when applied to trained neural network weights. Regulators are actively working through these questions, but the law is evolving faster than the technical solutions for implementing it.

Section 04

OpenAI's Privacy Process: What It Covers and What It Does Not

OpenAI does operate a privacy request process. EU and UK residents can submit requests at privacy.openai.com under GDPR Article 17 and equivalent regulations. OpenAI acknowledges these requests and processes them within the timeframes required by applicable law. For people hoping to invoke the right to be forgotten against ChatGPT, this is the formal channel.

The scope of what OpenAI can and will act on is limited. The privacy process is designed to address personal data in the conventional regulatory sense: home addresses, phone numbers, private communications, government identification numbers, financial account details, and similar categories of information that are clearly personal and clearly private. If ChatGPT's outputs or OpenAI's systems are processing this type of information about you without a valid legal basis, the privacy request process is the appropriate route.

What the process does not cover, in practice, is editorial content about your public-facing conduct. A news article describing a lawsuit you were involved in, a regulatory action taken against your business, a professional controversy that attracted media coverage, or a public statement you made and later regretted falls outside the scope of what OpenAI's privacy team is designed to address. Factual information about things that happened in your professional or public life, even information you find embarrassing or damaging, is treated differently from private personal data under data protection law.

This distinction mirrors how GDPR itself distinguishes between personal data and public information. The right to erasure is not a right to revise history or to remove accurate information from public discourse. It is a right to prevent the ongoing processing of personal data when that processing lacks a legitimate legal basis or when the original purpose has been fulfilled and continued processing is unnecessary.

EU Residents: Your Options Through Official Channels

If you are an EU resident and you believe ChatGPT is outputting genuinely private personal data about you without a valid legal basis, the formal path is: (1) file a privacy request with OpenAI at privacy.openai.com, (2) if OpenAI does not respond adequately within 30 days, file a complaint with your national data protection authority (DPA). In Germany that is the BfDI or a state DPA; in France, the CNIL; in Ireland, the DPC (which has lead supervisory authority over OpenAI in the EU). This is a legitimate but slow and uncertain process. The regulatory framework for AI training data disputes is still developing, and outcomes are not guaranteed.

Section 05

The Garante Case: Italy, ChatGPT, and What Actually Happened

The most significant regulatory confrontation between a European data protection authority and ChatGPT to date occurred in Italy in 2023. In March of that year, the Garante per la Protezione dei Dati Personali, Italy's data protection regulator, temporarily suspended ChatGPT's operation in Italy. The Garante cited several GDPR concerns: the lack of a clear legal basis for processing personal data during model training, the absence of age verification mechanisms, and the failure to notify Italian users adequately about how their data was being used.

OpenAI responded within approximately four weeks with new transparency measures: an updated privacy policy, a page explaining how ChatGPT processes data, a form allowing Italian users to request correction or deletion of inaccurate personal data in ChatGPT's outputs, and a mechanism for users to opt out of having their conversations used to train future models. Italy lifted the ban in late April 2023 after OpenAI implemented these measures.

The outcome of the Garante case is instructive because of what OpenAI did and did not commit to. The new mechanisms addressed the regulatory concerns about transparency and consent. OpenAI did not commit to removing specific individuals from its existing training data, because doing so would have required the technical impossibility of selectively retraining the model. The opt-out mechanism OpenAI introduced applied to future training data from user conversations, not to the historical training corpus that informed the current model's parameters.

The Garante case also demonstrated that European regulators are serious about applying GDPR to AI systems. It is not a theoretical legal exercise. Companies that operate consumer-facing AI products in Europe are subject to regulatory action. But the resolution of that case also showed the gap between what regulators can demand in principle and what is technically achievable in practice.

Section 06

Retrieval-Augmented AI vs. Training Data: A Critical Distinction

Not all AI systems that mention you are doing so in the same way. The distinction between retrieval-augmented generation and base model generation is the most practically important concept for anyone trying to reduce their AI exposure.

Retrieval-augmented systems work by fetching content from the live web when a query is made, then using that content to inform the response. Perplexity AI is the clearest example of this architecture. When you ask Perplexity about a person, it runs a live search, retrieves current web pages, reads them, and synthesizes a response. Google's AI Overviews function similarly, pulling from Google's current index. ChatGPT Browse, when enabled, fetches live URLs before generating a response.

For retrieval-augmented systems, source removal is highly effective. When the original article is removed from its publisher and de-indexed from Google, retrieval-augmented systems stop finding it. Within days or weeks of successful de-indexing, queries that previously surfaced that article in AI-generated summaries start returning different results. The mechanism is the same one that makes Google de-indexing effective: the content is no longer available for retrieval.

Base model responses in ChatGPT (without Browse) do not fetch live web pages. They generate text based on patterns encoded during training. A query about you returns a response shaped by whatever appeared in ChatGPT's training data before its knowledge cutoff. Removing a web page after the training cutoff does not change those responses, because the model's parameters were fixed during training and do not update when web content changes.

This distinction means that a source removal strategy addresses the retrieval-augmented problem immediately and the base model problem over a longer arc. As OpenAI and other AI companies train new model versions, they will train on updated web snapshots. If the article no longer exists at training time, it will not be incorporated into the new model's parameters. The timeline for this benefit is measured in model generations rather than weeks, but it is real. For a more detailed look at AI search specifically, our article on removing negative news from ChatGPT covers the mechanics in depth. For the Google AI Overviews angle, see our guide on removing content from Google AI Overviews.

Content showing up in AI search results? Our specialists have helped 1,000+ clients remove the source articles that fuel AI mentions. The assessment is free and confidential.

Get a Free Assessment

Section 07

Situation-by-Situation Risk Assessment

The applicability of GDPR's right to be forgotten to ChatGPT, and the best strategy for each situation, varies significantly based on where you live, what type of information is involved, and which aspect of ChatGPT is surfacing it. The table below maps the six most common scenarios.

Situation	RTBF Applies to ChatGPT?	OpenAI Privacy Process	Best Strategy
EU resident seeking ChatGPT removal	Partially	Available; limited to PII, not editorial content	File OpenAI privacy request for PII; pursue source article removal for editorial content; escalate to national DPA if no response
UK resident seeking ChatGPT removal	Partially	Available under UK GDPR; same limited scope	Same approach as EU residents; UK ICO is the relevant supervisory authority for escalation
US resident seeking ChatGPT removal	No	No equivalent statutory right; voluntary process only	Focus entirely on source article removal and Google de-indexing; CCPA has limited and unsettled application to AI training data
Content with PII in ChatGPT output (any jurisdiction)	Strongest case	Most actionable category; file at privacy.openai.com	File OpenAI privacy request with specific examples of PII in outputs; this is the scenario the process was designed for
Content from before ChatGPT training cutoff (base model)	Very limited	OpenAI cannot selectively remove from existing model weights	Remove source article from publisher; de-index from Google to prevent future training data inclusion; accept that existing model responses may persist until next model version
Content in ChatGPT Browse (live retrieval)	Yes, via source	Not the right tool; source-level removal is more effective	Remove and de-index source article; ChatGPT Browse stops citing it quickly once the URL is gone from Google's index

Section 08

The Practical Path Forward: What Actually Works

Given the legal and technical landscape described above, here is the ordered approach that produces the best outcomes for the largest number of people dealing with unwanted AI mentions.

1

Identify the source content. Before taking any action, establish exactly what AI systems are saying about you, where that information appears to originate, and which AI systems are surfacing it. A response from ChatGPT Browse or Perplexity almost always traces to a specific URL. A base model response traces to training data that may include multiple articles. Knowing which situation you are in determines which remedies are most relevant.
2

Pursue editorial removal from the publisher. If the content originates in a specific news article or online publication, the highest-impact action you can take is requesting removal from that publisher. A published article that no longer exists cannot be retrieved by Perplexity or ChatGPT Browse. It cannot be included in future AI training datasets. And it cannot be indexed by Google. Editorial removal addresses the problem at its source. Specialist firms with publisher relationships and an understanding of editorial policies significantly outperform self-directed removal attempts.
3

Pursue Google de-indexing in parallel. Even if full editorial removal is not immediately achievable, a successful Google de-indexing request removes the article from Google's search index. This stops Google AI Overviews from citing it, since Google's AI relies on its own index. For EU and UK residents, a valid GDPR de-indexing request is the appropriate mechanism. The article remains on the publisher's server but becomes effectively invisible to search-based discovery and retrieval-augmented AI. See our analysis of removing content from Google AI Overviews for the specific process.
4

File an OpenAI privacy request if the content involves PII. If ChatGPT is outputting genuinely private personal data, home addresses, private financial information, private communications, or other clearly personal information, the formal request at privacy.openai.com is the appropriate route. Provide specific examples of the outputs that contain your personal data. EU and UK residents have a statutory basis for this request under GDPR and UK GDPR respectively.
5

Escalate to your national DPA if OpenAI does not respond adequately. EU residents whose privacy requests to OpenAI receive an inadequate response or no response within 30 days have the right to file a complaint with their national data protection authority. The DPA can investigate, impose conditions, and in serious cases levy fines. This process is slow and outcomes are uncertain, but it is a legitimate escalation path and the regulatory pressure it creates is real.
6

Build positive indexed content to address base model responses. For ChatGPT base model responses that reflect old training data, the most practical near-term intervention is ensuring that when the model's parameters are updated through retraining, the new training data contains accurate, positive, or neutral information about you that provides context alongside any negative content. This means publishing accurate professional profiles, earned media coverage, and authoritative third-party content that can become part of future training datasets. It is a longer arc but it is the primary tool available for base model influence.

The most important framing is this: the right to be forgotten, as designed, is a tool for search engines. The practical analog for AI is source removal combined with de-indexing, because those actions address the mechanisms by which most AI systems actually surface information about you. Our comprehensive article on removing negative news from ChatGPT goes deeper on the specific steps for each major AI platform.

Frequently Asked Questions

Common Questions About ChatGPT and the Right to Be Forgotten

Does GDPR's right to be forgotten apply to ChatGPT?

Not in the way most people expect. GDPR Article 17 was designed for data controllers who actively process and store identifiable data, such as search engines indexing live web pages. ChatGPT's base model is a trained neural network whose parameters were set during a training run. Information is not stored as a discrete record that can be deleted; it is encoded diffusely across billions of model weights. The European Data Protection Board acknowledged in 2023 that full erasure from trained models is technically not feasible in the conventional sense, and that rectification or restriction of processing may be more appropriate than erasure. EU residents can still file privacy requests with OpenAI, but the outcomes for editorial content are limited.

What does OpenAI's privacy removal process actually cover?

OpenAI's privacy request portal at privacy.openai.com accepts requests under GDPR Article 17 and equivalent regulations. The scope of what OpenAI can act on is limited to personal data in the conventional sense: home addresses, private communications, financial account details, government identification numbers, and similar categories of personally identifiable information. Editorial content about a person, such as a news article describing a lawsuit or a professional controversy, is generally not within the scope of what the process will remove. Factual information about public-facing conduct is treated differently from private personal data under data protection law.

Why is ChatGPT different from Google when it comes to the right to be forgotten?

Google Search is a retrieval system that indexes live web pages and stores structured references to content. When a de-indexing request succeeds, Google removes the reference and the page disappears from search results. ChatGPT's base model does not retrieve live pages; it generates responses from statistical patterns learned during training on a fixed historical dataset. Deleting a web page after ChatGPT's training cutoff does not change the model's parameters. The two systems process information in fundamentally different ways, so the mechanism that works for Google de-indexing does not apply to a trained language model.

What happened when Italy banned ChatGPT over GDPR concerns?

In March 2023, Italy's data protection authority (the Garante) temporarily suspended ChatGPT's operation in Italy, citing GDPR concerns including the lack of a legal basis for processing personal data during training and insufficient age verification. OpenAI responded with new transparency measures and tools allowing users to opt out of having their conversations used for training. Italy lifted the ban in late April 2023. Notably, OpenAI did not commit to removing specific individuals from its training data as part of that resolution. The Garante case remains the clearest regulatory precedent for how European data protection authorities approach AI training data disputes.

Is removing the source article really more effective than filing a privacy request with OpenAI?

For most situations, yes. When a news article is removed from its publisher and de-indexed from Google, it disappears from the live web. Retrieval-augmented AI systems like Perplexity, Google AI Overviews, and ChatGPT Browse all pull from live web content, so they stop citing the article relatively quickly after successful removal. The article is also excluded from future AI training datasets, reducing long-term exposure. An OpenAI privacy request has limited scope, a slow response timeline, and no guarantee of action on editorial content. The practical calculus strongly favors source removal as the primary strategy for most people.

What can US residents do if ChatGPT is mentioning negative information about them?

US residents do not have access to GDPR's right to erasure. There is no equivalent federal US privacy law providing a general right to demand removal of information from AI systems as of 2026. Some state laws, including the California Consumer Privacy Act and its successor CPRA, provide limited rights regarding personal data, but their application to AI training data is unsettled. The most practical path for US residents is to pursue removal of the underlying source content from the publisher and de-indexing from Google, which reduces the information's presence in live retrieval-augmented AI systems and limits its role in future training datasets.

ChatGPT Mentioning You? We Can Help.

Our team has helped 1,000+ people remove the source articles that fuel unwanted AI mentions. Free, confidential assessment with no obligation.

5,000+

Clients Helped

Since 2013

Industry Experience

No Fix, No Fee

Pay-for-Results Model

Get a Free Consultation Have Our Team Handle It - Only Pay if We Remove the Article

Free assessment. Confidential. No obligation.

ChatGPT and the Right to Be Forgotten: What It Covers, What It Doesn't