GDPR AUTOMATION: MIGHT THE LAW (UNINTENTIONALLY) PUSH TOWARDS AUTOMATION?
CPDP 2023 - DAY 2
AREA 42 PETITE - SESSION 6
Organised by LSTS, Vrije Universiteit Brussel (VUB) (BE)
Moderator Desara Dushi, LSTS, VUB (BE)
Speakers Thomas Zerdick, European Data Protection Supervisor
(EU); Aurelia Tamò-Larrieux, Maastricht University (NL); Asia Biega,
Max Planck Institute for Security and Privacy (MPI-SP) (DE); Gianmarco Gori, LSTS, Vrije Universiteit Brussel (BE); Mikołaj Otmianowski, DAPR (PL)
With the adoption of the GDPR, data subjects gained more power in
tracking their data, while for entities processing personal data that means
higher responsibilities and burden, particularly because demonstrating
compliance with GDPR principles is not that easy. A solution that is gaining popularity, is the use of certain legal technologies which claim to offer
automation of GDPR compliance. But their use comes with certain costs.
Discussion in this panel will revolve around issues of GDPR automation,
whether certain GDPR provisions lend themselves to automation, and
whether automation actually contributes to GDPR compliance. The panel follows the form of a debate, to allow for a better exchange of views
from the panelists composed of different stakeholders.
• Do particular provisions of the GDPR push towards automation?
• Does automation actually contribute to GDPR compliance? If yes, to
what extent? What problems does automation solve and what new
problems does it cause?
• Who would be held liable if things go wrong in an automated GDPR
compliance situation (the developer, the controller, the processor, or
all of them)? Under what conditions?
• Is automation a form of or a means for GDPR compliance? What normative implications arise when automating GDPR compliance?