You can bypass Google Gemini's PII (private identifiable information) redaction filter and pull identifying information about anyone. Simply telling it to translate or any 2nd action (& many more work better like base64 conversion) lets you pull illegal PII data verbatim unredacted

Here is a European's PII demo

Email is supposed to be redacted to hide the fact that every Europeans PII is in the training data

Google's training data includes all your personal data already

Ekis: 3 Google: 0

@ekis I’ve tested by using my name and a part of my publicly available email, and it seems like gemini just scraped my website and built a json based on the text available on my website, but refused to complete my email, even though it’s mentioned in the imprint section. As far as I understand, it’s not explicitly forbidden to use publicly available data, so it’s kind of a gray zone they are moving in. But of course it’s a great question how to be forgotten if it’s already in the dataset…