Privacy Law Update: August 30, 2021
In June, the European Commission adopted a pair of adequacy decisions for the U.K., and now the British government has laid out a new slate of initiatives to clarify the picture even further. The U.K. plans to strike independent data adequacy decisions with its international partners, with the goal of delivering alternative data transfer mechanisms and to remove barriers for international data flows.
Remember the mail-order compact discs popular in the ’90s that automatically turned into a monthly subscription, when all you wanted to do was listen to a few favorite songs? Ways to manipulate or sway consumers in a certain direction are nothing new; they’ve been around for years. Known today as “dark patterns,” such practices continue to advance in the digital age and are catching the attention of companies, regulators and consumers.
The Information Accountability Foundation believes the EU General Data Protection Regulation should be amended to explicitly include knowledge creation and scientific research as legal bases to process personal data, providing a foundation for the responsible use of artificial intelligence. The IAF’s blog summarizing its comments on the European Commission’s proposed regulation on artificial intelligence suggested that the GDPR “should make possible technology applications such as AI” and that “there are unresolved tensions between the AI Regulation and the GDPR.” In particular, it is the IAF’s view the GDPR needs to be revised to accommodate knowledge creation. Data-driven knowledge creation and scientific research are increasingly the basis for progress. To encourage and effectively control these activities, data protection law must regulate them and set sensible boundaries but not inadvertently preclude them. The AI Regulation is just the latest example of why the GDPR needs to be changed to add both knowledge creation and scientific research as legal bases to process data pertaining to people. The current approach does not enable a clear legitimate way to process data for these purposes and applies the same approach and requirements to the risks associated with the application of knowledge.