Intense recent discussions have focused on how to provide individuals with
control over when their data can and cannot be used --- the EU's Right To Be
Forgotten regulation is an example of this effort. In this paper we initiate a
framework studying what to do when it is no longer permissible to deploy models
derivative from specific user data. In particular