The Limits of the GDPR in the Personalisation Context

Finck, Michèle

The Limits of the GDPR in the Personalisation Context

Forthcoming in: U. Kohl, J. Eisler (eds), Data-Driven Personalisation in Markets, Politics and Law, Cambridge: Cambridge University Press, 2021

Max Planck Institute for Innovation & Competition Research Paper No. 21-11

15 Pages Posted: 21 Apr 2021

See all articles by Michèle Finck

Michèle Finck

Eberhard-Karls University Tübingen

Date Written: May 1, 2020

Abstract

Personalisation is both driven by, and can produce, personal data, and thus it falls within the scope of the General Data Protection Regulation ('GDPR'). As a consequence, the European data protection framework applies to data-driven personalisation. Yet, whereas there appears to be a general perception that data protection is suitable to function as a general legal framework for AI, it is important to remain realistic regarding both its opportunities and limitations. This chapter examines the application of certain elements of the GDPR to data-driven personalisation. There are hopes that the GPDR can serve as a general legal framework to govern the normative concerns that have emerged in relation to AI. It is, however, fundamentally inadequate to serve as a 'general AI law'. Whereas the Regulation indeed applies to the processing of personal data, it would be erroneous to frame it as a general 'AI law' capable of addressing all normative concerns around personalisation.

Keywords: Artificial intelligence, GDPR, data protection, consent, right to be forgotten, right to modification

Suggested Citation: Suggested Citation

Finck, Michèle, The Limits of the GDPR in the Personalisation Context (May 1, 2020). Forthcoming in: U. Kohl, J. Eisler (eds), Data-Driven Personalisation in Markets, Politics and Law, Cambridge: Cambridge University Press, 2021, Max Planck Institute for Innovation & Competition Research Paper No. 21-11, Available at SSRN: https://ssrn.com/abstract=3830304