Academic bollocks
The principles in GDPR are nearly all qualified including the so called “right to be forgotten” this article seems to skip that key point. There is no universal requirement for a processor to delete your PII.
For a privacy breach to be shown the following has to happen.
Firstly you’ll have to show there is a reasonable probability that a LLM was trained on your PII. (If OpenAI says no what are you gonna do?)
Secondly you’ll have to show it retains that information. ( can you show the LLM has retained memory that reliably returns your PII)
Thirdly all the way OpenAI or whomever will be throwing legitimate use and other justifications around like confetti.
I can’t see this working anywhere except perhaps Germany.
Fourthly if you seriously want to go after a LLM producer you’ll have far more luck down an Automated processing angle…