Reviving Purpose Limitation and Data Minimisation in Personalisation, Profiling and Decision-Making Systems

40 Pages Posted: 11 Jan 2021

See all articles by Michèle Finck

Michèle Finck

Max Planck Institute for Innovation and Competition; University of Oxford

Asia Biega

Max Planck Institute for Security and Privacy

Date Written: January 11, 2021

Abstract

This paper determines, through an interdisciplinary law and computer science lens, whether data minimisation and purpose limitation can be meaningfully implemented in data-driven algorithmic systems, including personalisation, profiling and decision-making systems. Our analysis reveals that the two legal principles continue to play an important role in mitigating the risks of personal data processing, allowing us to rebut claims that they have become obsolete. The paper goes beyond this finding, however. We highlight that even though these principles are important safeguards in the systems under consideration, there are important limits to their practical implementation, namely, (i) the difficulties of measuring law and the resulting open computational research questions as well as a lack of concrete guidelines for practitioners; (ii) the unacknowledged trade-offs between various GDPR principles, notably between data minimisation on the one hand and accuracy or fairness on the other; (iii) the lack of practical means of removing personal data from trained models in order to ensure legal compliance; and (iv) the insufficient enforcement of data protection law.

Keywords: GDPR, data minimisation, purpose limitation, right to access, enforcement, recommendation algorithms

Suggested Citation

Finck, Michèle and Biega, Asia, Reviving Purpose Limitation and Data Minimisation in Personalisation, Profiling and Decision-Making Systems (January 11, 2021). Max Planck Institute for Innovation & Competition Research Paper No. 21-04, Available at SSRN: https://ssrn.com/abstract=3749078 or http://dx.doi.org/10.2139/ssrn.3749078

Michèle Finck (Contact Author)

Max Planck Institute for Innovation and Competition ( email )

Marstallplatz 1
Munich, Bayern 80539
Germany

HOME PAGE: http://https://michelefinck.eu/

University of Oxford ( email )

Mansfield Road
Oxford, Oxfordshire OX1 4AU
United Kingdom

Asia Biega

Max Planck Institute for Security and Privacy ( email )

Germany

HOME PAGE: http://asiabiega.github.io/

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
384
Abstract Views
1,560
rank
95,099
PlumX Metrics