Stanford Law Warns: AI Can't 'Forget' Genomic Data, Raising Privacy Stakes

Stanford Law reports AI is rendering the right to be forgotten unenforceable for genomic data.

The 'right to be forgotten' (RTBF) gives individuals the ability to request removal of personal data—an intent enshrined in the GDPR and similar privacy laws. But as Stanford Law details, applying this right to genomic data used in artificial intelligence systems is nearly impossible in practice.

• Genomic data is uniquely identifying. As noted, 99.98% of Americans can be re-identified from as few as 15 demographic attributes, making true anonymization difficult.
• AI systems don't just store data—they learn from it, encoding traits into their internal workings. After training, it's exceedingly difficult to trace and remove a given individual's genomic data without affecting the entire model, according to industry analysis.
• Even advanced approaches, like "machine unlearning," are still experimental and often degrade AI performance.

Current US laws offer limited recourse: HIPAA focuses on confidentiality and GINA bars discrimination, but neither provides a mechanism for data subjects to demand deletion. This gap leaves organizations exposed, as patient trust—and regulatory scrutiny—mounts alongside AI adoption in health law.

Stanford Law affirms: “The right to be forgotten is becoming increasingly difficult to enforce in practice for genomic data trained on Artificial Intelligence (AI) models.”

Legal, privacy, and compliance teams must confront this challenge as the European Commission's AI Act and evolving domestic regulations bring data governance to the forefront.

Yes, but: Machine unlearning promises targeted data removal—but it remains technically immature and risks lowering model quality.

What's next: Growing AI adoption in healthcare will increase regulatory focus on genomic data privacy and potential legislative updates.