A behavioral knowledge graph stores facts about a person derived from their interactions. GDPR gives that person the right to erasure. But deleting a fact from a graph without deleting the facts derived from it is not erasure — it is redaction.
Key Analysis
GDPR erasure of a knowledge graph node requires cascading deletion of all derived facts and their embeddings.
Provenance tracking — valuable for audit — creates a discoverable map of what must be deleted.
Embedding deletion is not the same as embedding overwrite. Overwritten vectors may still allow partial recovery.
Risk Signals
GDPR erasure responses that delete only the top-level record without cascade deletion.
Knowledge graph provenance chains that are not mapped to deletion workflows.
Action Items
Map every knowledge graph fact to its provenance chain at design time.
Build and test a cascade deletion workflow before deployment — not after a deletion request arrives.
Verify embedding deletion with membership inference testing.