Diver to speak at CPDP 2023 on legal protection (25 May 2023)

COHUBICOL Postdoctoral researcher Laurence Diver will take part in the Computers, Privacy & Data Protection Conference (CPDP), held on 24-26 May 2023 in Brussels.

On Thursday 25 May at 11:45 (M-Village Grande) Diver will participate in a roundtable event organised by the ERC INFO-LEG project (Utrecht University) and moderated by Nadya Purtova and Raphaël Gellert. Alongside other speakers, Hielke Hijmans of the Belgian DPA and Michael Veale of UCL, Diver will discuss the need for rethinking the regulatory focus on personal data as the approach to legal protection.

The description of the panel reads:

“Personal data” has not performed well as a trigger of legal protection against risks of the information society. Its broad interpretation in theory makes the GDPR “the law of everything” digital. Yet, in practice, many information practices fall through the GDPR cracks: controllers construe “personal data” narrowly and do not apply the GDPR where they should; PETs obfuscate the boundary between identifiable and anonymous; the GDPR is not designed to tackle group information harms. Experts from the law practice and academia will discuss if the regulatory focus on personal data as a trigger of legal protection obscures the problems we want to solve, and if focusing on different regulatory targets will do the job better. If it’s time for a redesign of the legal protection against harms of the digital society, how should it look like?

  • Are all the risks of the digital society that the GDPR aims to address contingent on a certain type of information processed, specifically, “personal data”, or do some of the problems materialise regardless of the meaning of information used?
  • Should the broad scope of personal data be narrowed down and problematic digital practices (automated decision-making, algorithmic discrimination, or platform exploitation) be regulated instead? What would those practices be?
  • Should design and use of software with impact on people be regulated among those practices?
  • Could the general principles of data protection serve as a blueprint for the general principles of design and use of algorithms? What added value would this approach have compared to the AI Act?
  • Will a narrower scope of the GDPR in combination with the general principles of design and use of software make a positive difference in terms of compliance, enforcement and quality of legal protection compared to the status quo?

See the full program here, with the workshop on p. 43.