AI Data Privacy and Compliance

LLMs introduce unique privacy risks because they are probabilistic black boxes that can "leak" training data or retain sensitive prompts. Compliance is not just a legal hurdle; it is a technical constraint on how you architect your data pipelines.

The Data Lifecycle Constraints

| Phase | Privacy Risk | Practitioner Mitigation |

|---|---|---|

| **Ingestion** | PII ends up in the prompt or training set. | **Presidio/Regex Scrubbing:** Remove emails, SSNs, and names before the data leaves your VPC. |

| **Inference** | Model provider retains data for "safety reviews". | **Zero-Retention API Tiers:** Use Enterprise agreements that contractually forbid data retention or training on inputs. |

| **Retrieval** | RAG returns a document from User A to User B. | **Multi-tenant Metadata Filtering:** Enforce `tenant_id` at the Vector DB level, not in the LLM prompt. |

| **Logging** | Debug logs contain PII in the completion. | **Masking:** Log only hashes or truncated outputs in non-production environments. |

Regional Residency and GDPR

Under GDPR, sending EU citizen data to a US-based model provider is a "cross-border transfer" requiring a **Transfer Impact Assessment (TIA)**.

**Technical Fix: Regional Serving.** Use providers with local presence (e.g., Azure OpenAI in `swedencentral` or AWS Bedrock in `eu-central-1`). This keeps the data within the EU boundary, simplifying the compliance narrative.

The EU AI Act (2026 Status)

The Act categorizes AI systems by risk. Most engineering teams fall into the **"Limited Risk"** category, requiring transparency (i.e., "This content is AI-generated"). However, if your AI makes consequential decisions (Hiring, Credit, Law Enforcement), it is **"High Risk"** and requires:

1. **Human-in-the-loop** verification.

2. **Technical Documentation** of the model's robustness and bias.

3. **Log retention** of all system decisions for audit.

Implementing PII Redaction

Do not trust the LLM to redact itself ("Please remove names from this text"). It will fail. Use a deterministic library like **Microsoft Presidio**.

```python

from presidio_analyzer import AnalyzerEngine

from presidio_anonymizer import AnonymizerEngine

analyzer = AnalyzerEngine()

anonymizer = AnonymizerEngine()

text = "My name is John Doe and my email is [email protected]"

results = analyzer.analyze(text=text, entities=["PERSON", "EMAIL_ADDRESS"], language='en')

anonymized_result = anonymizer.anonymize(text=text, analyzer_results=results)

Output: My name is <PERSON> and my email is <EMAIL_ADDRESS>

print(anonymized_result.text)

```

Right to Erasure (RTBF) in RAG

If a user invokes their "Right to be Forgotten" (GDPR Article 17), you must delete their data not just from your SQL DB, but from your **Vector Database**.

**Requirement:** Every chunk in your vector store must be tagged with a `user_id` or `source_document_id`. A simple `DELETE FROM vectors WHERE user_id = 42` is mandatory; a full index rebuild is often required to reclaim disk space after large deletions.