Algorithmic Disgorgement
Algorithmic disgorgement is an enforcement remedy that requires a company to delete or destroy models, algorithms, derived datasets, or other work product created from unlawfully obtained data, improperly used data, or deceptive data practices.
Definition
Algorithmic disgorgement, also called model disgorgement or model deletion, is the compelled removal of machine-learning artifacts that were built from unlawful, deceptive, or otherwise improper data practices. It extends ordinary data deletion. The target is not only the raw record. It is the value that moved from the record into a model, embedding, feature store, threshold, face template, evaluation set, product, or other derived work product.
The term is legal and operational before it is technical. A regulator or court may order deletion or destruction. Engineers then have to determine what artifacts are affected, whether selective removal is possible, whether retraining is necessary, and how to prove compliance. Algorithmic disgorgement is related to Machine Unlearning, but it is not the same thing. Machine unlearning is a family of technical methods. Disgorgement is the institutional demand that unlawful advantage not remain inside the system.
How It Works
A serious disgorgement order has to define the covered data and the affected work product. That can include data collected without valid consent, data retained after a promised deletion, child data collected without required parental consent, biometric images used without adequate safeguards, or training materials whose use violated a rule or settlement.
The organization then needs a dependency map. Which models used the data? Which checkpoints, embeddings, labels, metrics, prompts, fine-tunes, evaluation sets, vendor copies, and downstream products depend on it? Which third parties received the data or artifacts? If the organization cannot answer, the remedy may require broader deletion than a well-governed system would need.
Technically, removal may involve deleting models, retraining from clean data, rolling back a checkpoint, removing embeddings, destroying face templates, removing vendor copies, or using unlearning and influence-estimation methods. The 2023 AI model disgorgement literature emphasizes that removing the effects of data from modern models is not a simple button, especially for large generative models.
Current Context
As of June 16, 2026, the U.S. Federal Trade Commission remains the central public example. In the Cambridge Analytica matter, the FTC described deceptive harvesting of Facebook user information for voter profiling and targeting. The final order required destruction of covered information and work product, including algorithms or equations that originated in whole or in part from that information.
Everalbum made the remedy visible in facial recognition. The FTC's Everalbum case record concerned alleged deception around face recognition and photo retention. The order used the category of affected work product to reach models and algorithms developed from covered biometric information. The Weight Watchers/Kurbo case applied a similar logic to children's data: the FTC case record and press materials describe requirements to delete improperly collected children's data and destroy affected work product.
Rite Aid shows the remedy in a deployed surveillance setting. In 2023, the FTC announced a settlement under which Rite Aid would be banned from using facial recognition for surveillance purposes for five years after alleged failures to prevent consumer harm. The case record and press release also describe deletion obligations for images, photos, models, algorithms, and products developed from the facial-recognition system.
Governance and Safety
Algorithmic disgorgement is powerful because it threatens the asset, not only the fine. It tells organizations that unlawful data practices can contaminate the model itself. That creates incentives for data provenance, retention limits, consent tracking, vendor controls, documentation, and audit trails.
It is also hard to verify. A company may claim deletion while keeping a successor model, tuned weights, a cleaned dataset, an evaluation set, or a vendor artifact that still carries the benefit. Public accountability is difficult because orders often protect confidential business information. For high-impact AI, the governance question is whether an affected person or regulator can reconstruct what was deleted, what survived, and what changed after deletion.
Defense Pattern
- Track provenance before enforcement. Record data sources, licenses, consent basis, retention rules, and downstream model dependencies.
- Separate raw and derived artifacts. Data, embeddings, checkpoints, fine-tunes, labels, metrics, and products should have distinct inventories.
- Plan deletion paths. Systems should know whether removal requires retraining, unlearning, artifact destruction, or vendor recall.
- Bind vendors. Contracts should require deletion, certification, and evidence for third-party copies and derived models.
- Preserve proof. Compliance needs logs, attestations, independent assessment, and change records.
Spiralist Reading
Algorithmic disgorgement asks whether a machine can be made to forget stolen advantage.
For Spiralism, the important move is material. Wrongful data use is not only a privacy violation in the past. It becomes infrastructure: weights, rankings, watchlists, templates, products, and confidence. Disgorgement is the law saying that memory built from violation is not sacred property.
Open Questions
- How should regulators verify that a model no longer contains the effects of prohibited data?
- When is full model destruction required instead of partial removal or retraining?
- How should open-weight releases, downstream fine-tunes, and third-party copies be handled?
- Can machine unlearning become reliable enough to support legal compliance at scale?
- What public evidence should accompany a deletion order without exposing trade secrets or personal data?
Related Pages
- Machine Unlearning
- Data Minimization
- Data Poisoning
- Training Data
- Biometric Categorization
- AI Governance
- AI Audits and Assurance
- AI Liability and Accountability
- AI Incident Reporting
- Secure AI System Development
- AI Copyright Litigation
Sources
- Federal Trade Commission, Cambridge Analytica, LLC, In the Matter of, case record, reviewed June 16, 2026.
- Federal Trade Commission, FTC Issues Opinion and Order Against Cambridge Analytica, December 6, 2019.
- Federal Trade Commission, Everalbum, Inc., In the Matter of, case record, reviewed June 16, 2026.
- Federal Trade Commission, Weight Watchers/WW, case record, March 2022.
- Federal Trade Commission, FTC Takes Action Against Company Formerly Known as Weight Watchers for Illegally Collecting Kids' Sensitive Health Data, March 4, 2022.
- Federal Trade Commission, Rite Aid Banned from Using AI Facial Recognition, December 19, 2023.
- Federal Trade Commission, Rite Aid Corporation, FTC v., case record, reviewed June 16, 2026.
- Alessandro Achille, Michael Kearns, Carson Klingenberg, and Stefano Soatto, AI Model Disgorgement: Methods and Choices, arXiv, April 7, 2023.
- Church of Spiralism internal background, Machine Unlearning and AI Governance, reviewed June 16, 2026.