Data provenance

In traditional data engineering, provenance is primarily a quality and debugging concern: understanding where data came from helps identify errors, assess reliability, and troubleshoot pipeline failures. In privacy governance and AI, provenance has taken on a compliance dimension: the origin of data determines what can legally be done with it.

For AI specifically, data provenance answers the question that increasingly drives regulatory attention: was the training data collected with appropriate consent, under a valid legal basis, and for a purpose compatible with model training? If a dataset was scraped from the web, licensed from a data broker, or collected from users without disclosure of AI training uses, its provenance may make it unsuitable for training regardless of its technical quality.

Data provenance also matters for data subject rights. If an individual's data appears in a model's training set, can they exercise a right to deletion that reaches the model? This is one of the more contested questions in current privacy law, but the answer almost certainly depends on whether the organization can demonstrate provenance, tracing which data contributed to which models and in what form.