A Flawed Crusade? The EU General Data Protection Regulation in the Age of AI
Room 920, Level 9
Melbourne Law School
185 Pelham Street
The EU regulatory framework for protection of personal data has recently undergone major reform, with the adoption of the General Data Protection Regulation (GDPR) as the centrepiece of this process. The GDPR evinces an intention on the part of EU law makers to ensure that contemporary data-processing trends – including the increasing deployment of artificial intelligence (AI) and automated decisional systems – do not ride roughshod over the fundamental rights and freedoms of individual persons. With its beefed-up sanctions regime, liberal rules for extra-territorial scope of application, and a large array of provisions for new or revamped rights and obligations, the GDPR is commonly presumed – also in Australia – to constitute the ‘gold standard’ globally for data protection and a key means of achieving ‘algorithmic accountability’. Nonetheless, its legitimacy remains contested in a variety of respects, with some critics claiming, in effect, that the EU data protection regime is an arcane, elitist endeavour amounting to little more than ‘tilting at windmills’. This seminar examines the merits of such claims.
Professor Lee A. Bygrave , University of Oslo
Professor Lee A. Bygrave
University of Oslo
Lee A. Bygrave is a professor at the Norwegian Research Center for Computers and Law (NRCCL), attached to the Department of Private Law, University of Oslo. For the past three decades, Lee has been engaged in researching and developing regulatory policy for information and communications technology. He has functioned as expert advisor on technology regulation for numerous organisations, including the European Commission, Nordic Council of Ministers, Internet Corporation for Assigned Names and Numbers, and Norwegian government. He currently heads two major research projects at the NRCCL: VIROS (‘Vulnerability in the Robot Society’), which canvasses legal and ethical implications of AIempowered robotics; and SIGNAL (‘Security in Internet Governance and Networks: Analysing the Law’), which studies transnational changes in the legal frameworks for security of critical internet infrastructure and cloud computing. Lee has published extensively within the field of data protection law where his two principal books on the subject – Data Protection Law: Approaching Its Rationale, Logic and Limits (Kluwer 2002) and Data Privacy Law: An International Perspective (Oxford University Press 2014) – are widely acknowledged as standard international texts. He has just completed coediting and coauthoring a comprehensive articlebyarticle analysis of the EU General Data Protection Regulation – The EU General Data Protection Regulation (GDPR): A Commentary (Oxford University Press 2019). His other major works concern the ways in which information concepts are (mis)understood and (mis)used in law (‘Information Concepts in Law: Generic Dreams and Definitional Daylight’, Oxford Journal of Legal Studies (2015)), the use of contract as a tool for governing internet infrastructure and online transactions (Internet Governance by Contract (Oxford University Press 2015)), and the emergence of ‘designbased’ regulatory techniques for integrating legal values into information systems architecture (‘Hardwiring Privacy’ in Brownsword et al. (eds.), The Oxford Handbook of Law, Regulation, and Technology (Oxford University Press 2017)).