Refining Data Protection: Anonymisation and Scope of GDPR

This paper explores the #uncertainty around when #data is considered “#personaldata” under #dataprotection #laws. The authors propose that by focusing on the specific #risks to #fundamentalrights that are caused by #dataprocessing, the question of whether data falls under the scope of the #gdpr becomes clearer. Lire

From Transparency to Justification: Toward Ex Ante Accountability for AI

“The EU’s GDPR and proposed AI Act tend toward a sustainable environment of AI systems. However, they are still too lenient and the sanction in case of non-conformity with the Regulation is a monetary sanction, not a prohibition. This paper proposes a pre-approval model in which some AI developers, before launching their systems into the […]

The GDPR and Unstructured Data: Is Anonymization Possible?

“This article examines the two contrasting approaches for determining identifiability that are prevalent today: (i) the risk-based approach and (ii) the strict approach in the Article 29 Working Party’s Opinion on Anonymization Techniques (WP 216). Through two case studies, we illustrate the challenges encountered when trying to anonymize unstructured datasets. We show that, while the risk-based approach […]

Brexit, Data Adequacy, and the EU Law Enforcement Directive

“The analysis discusses the overall negotiations process underpinning Brexit and examines the key resulting regimes, including the Trade and Cooperation Agreement (TCA) and the EU-UK data adequacy agreements granted under the GDPR and the LED.”    Lire

Personal Data and Consumer Insurance: A Freedom to Share or Duty to Disclose?

“Contributing to the discussion on the interpretation and use of the right to data portability this paper looks specifically at the role for Article 20 of the General Data Protection Directive to help insurers gain access to personal data they would otherwise not have access to. As proposed in this paper there is potential for […]

The Effects of Data Localization on Cybersecurity

“The discussion includes both de jure and de facto effects, including China’s explicit laws, recent enforcement actions in the European Union, and proposed privacy legislation in India. The focus is on effects on cybersecurity defense, rather than offensive cyber measures” Lire

Data Privacy, Human Rights, and Algorithmic Opacity

“… in a world where algorithmic opacity has become a strategic tool for firms to escape accountability, regulators in the EU, the US, and elsewhere should adopt a human-rights-based approach to impose a social transparency duty on firms deploying high-risk AI techniques.” Lire