Reviving Purpose Limitation and Data Minimisation in Personalisation, Profiling and Decision-Making Systems

Posted: 11 Jan 2021 Last revised: 6 Nov 2021

See all articles by Michèle Finck

Michèle Finck

Eberhard-Karls University Tübingen

Asia Biega

Max Planck Institute for Security and Privacy

Date Written: January 11, 2021

Abstract

This paper determines, through an interdisciplinary law and computer science lens, whether data minimisation and purpose limitation can be meaningfully implemented in data-driven algorithmic systems, including personalisation, profiling and decision-making systems. Our analysis reveals that the two legal principles continue to play an important role in mitigating the risks of personal data processing, allowing us to rebut claims that they have become obsolete. The paper goes beyond this finding, however. We highlight that even though these principles are important safeguards in the systems under consideration, there are important limits to their practical implementation, namely, (i) the difficulties of measuring law and the resulting open computational research questions as well as a lack of concrete guidelines for practitioners; (ii) the unacknowledged trade-offs between various GDPR principles, notably between data minimisation on the one hand and accuracy or fairness on the other; (iii) the lack of practical means of removing personal data from trained models in order to ensure legal compliance; and (iv) the insufficient enforcement of data protection law.

Keywords: GDPR, data minimisation, purpose limitation, right to access, enforcement, recommendation algorithms

Suggested Citation

Finck, Michèle and Biega, Asia, Reviving Purpose Limitation and Data Minimisation in Personalisation, Profiling and Decision-Making Systems (January 11, 2021). In: Technology and Regulation, 2021, Max Planck Institute for Innovation & Competition Research Paper No. 21-04, Available at SSRN: https://ssrn.com/abstract=3749078 or http://dx.doi.org/10.2139/ssrn.3749078

Michèle Finck (Contact Author)

Eberhard-Karls University Tübingen ( email )

Tübingen
Germany

Asia Biega

Max Planck Institute for Security and Privacy ( email )

Germany

HOME PAGE: http://asiabiega.github.io/

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
2,899
PlumX Metrics