<p>Large language models are transforming artificial intelligence across industries, but training on massive web-scraped datasets creates unprecedented data protection challenges that traditional privacy frameworks cannot adequately address. This systematic review examines data protection challenges, technical solutions, and research opportunities across the full LLM lifecycle. We analyzed peer-reviewed publications from 2018 to 2025 sourced from major academic databases. Three research questions guided our investigation: what unique risks LLMs introduce, how effective current countermeasures are, and what critical gaps remain. We develop a three-phase lifecycle taxonomy of data protection challenges spanning training, deployment, and regulatory compliance, and provide the first systematic mapping of each challenge to specific GDPR articles, implementation difficulty ratings, and current mitigation status. Training phase challenges include memorization of sensitive information, the practical impossibility of obtaining retroactive consent, and fundamental conflicts between data minimization law and the scaling laws that drive model capability. Deployment phase risks are organized into three categories: information leakage through extraction, membership inference, model inversion, and attribute inference attacks; user interaction risks through inadvertent data transmission and cross-user leakage; and automated decision-making risks arising from the opacity and bias of deployed models. Regulatory compliance proves structurally unachievable across multiple GDPR provisions simultaneously with current technical capabilities. Technical solutions evaluated include differential privacy, data sanitization, federated learning, retrieval-augmented generation, machine unlearning, and system-level guardrails. No single approach and no currently available combination comprehensively addresses all applicable requirements. Critical research gaps include verifiable unlearning, efficient privacy-preserving pre-training at frontier scale, standardized privacy metrics for generative models, federated LLM training, and data provenance systems. We analyze the privacy-preserving software ecosystem, conduct comparative analysis of regional AI regulatory frameworks with particular attention to AI-specific instruments, and propose a prioritized research roadmap organized by scientific impact, regulatory necessity, and implementation feasibility. This paper guides researchers, practitioners, and policymakers advancing privacy-preserving LLM development.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Data protection in the era of large language models: challenges and opportunities

  • Zvinodashe Revesai,
  • Colletor Tendeukai Chipfumbu

摘要

Large language models are transforming artificial intelligence across industries, but training on massive web-scraped datasets creates unprecedented data protection challenges that traditional privacy frameworks cannot adequately address. This systematic review examines data protection challenges, technical solutions, and research opportunities across the full LLM lifecycle. We analyzed peer-reviewed publications from 2018 to 2025 sourced from major academic databases. Three research questions guided our investigation: what unique risks LLMs introduce, how effective current countermeasures are, and what critical gaps remain. We develop a three-phase lifecycle taxonomy of data protection challenges spanning training, deployment, and regulatory compliance, and provide the first systematic mapping of each challenge to specific GDPR articles, implementation difficulty ratings, and current mitigation status. Training phase challenges include memorization of sensitive information, the practical impossibility of obtaining retroactive consent, and fundamental conflicts between data minimization law and the scaling laws that drive model capability. Deployment phase risks are organized into three categories: information leakage through extraction, membership inference, model inversion, and attribute inference attacks; user interaction risks through inadvertent data transmission and cross-user leakage; and automated decision-making risks arising from the opacity and bias of deployed models. Regulatory compliance proves structurally unachievable across multiple GDPR provisions simultaneously with current technical capabilities. Technical solutions evaluated include differential privacy, data sanitization, federated learning, retrieval-augmented generation, machine unlearning, and system-level guardrails. No single approach and no currently available combination comprehensively addresses all applicable requirements. Critical research gaps include verifiable unlearning, efficient privacy-preserving pre-training at frontier scale, standardized privacy metrics for generative models, federated LLM training, and data provenance systems. We analyze the privacy-preserving software ecosystem, conduct comparative analysis of regional AI regulatory frameworks with particular attention to AI-specific instruments, and propose a prioritized research roadmap organized by scientific impact, regulatory necessity, and implementation feasibility. This paper guides researchers, practitioners, and policymakers advancing privacy-preserving LLM development.