The Limits of the GDPR in the Personalisation Context
Forthcoming in: U. Kohl, J. Eisler (eds), Data-Driven Personalisation in Markets, Politics and Law, Cambridge: Cambridge University Press, 2021
15 Pages Posted: 21 Apr 2021
Date Written: May 1, 2020
Personalisation is both driven by, and can produce, personal data, and thus it falls within the scope of the General Data Protection Regulation ('GDPR'). As a consequence, the European data protection framework applies to data-driven personalisation. Yet, whereas there appears to be a general perception that data protection is suitable to function as a general legal framework for AI, it is important to remain realistic regarding both its opportunities and limitations. This chapter examines the application of certain elements of the GDPR to data-driven personalisation. There are hopes that the GPDR can serve as a general legal framework to govern the normative concerns that have emerged in relation to AI. It is, however, fundamentally inadequate to serve as a 'general AI law'. Whereas the Regulation indeed applies to the processing of personal data, it would be erroneous to frame it as a general 'AI law' capable of addressing all normative concerns around personalisation.
Keywords: Artificial intelligence, GDPR, data protection, consent, right to be forgotten, right to modification
Suggested Citation: Suggested Citation