Reviving Purpose Limitation and Data Minimisation in Data-Driven Systems

  • Michele Finck Max Planck Institute for Innovation and Competition
  • Asia Biega Max Planck Institute for Security and Privacy
Keywords: GDPR, data minimisation, purpose limitation, computer science, law, profiling, recommender algorithms, personalisation

Abstract

This paper determines whether the two core data protection principles of data minimi- sation and purpose limitation can be meaningfully implemented in data-driven systems. While contemporary data processing practices appear to stand at odds with these prin- ciples, we demonstrate that systems could technically use much less data than they currently do. This observation is a starting point for our detailed techno-legal analysis uncovering obstacles that stand in the way of meaningful implementation and compliance as well as exemplifying unexpected trade-offs which emerge where data protection law is applied in practice. Our analysis seeks to inform debates about the impact of data protec- tion on the development of artificial intelligence in the European Union, offering practical action points for data controllers, regulators, and researchers.

Author Biographies

Michele Finck, Max Planck Institute for Innovation and Competition

Michèle Finck is Professor of Law and Artificial Intelligence, University of Tübingen. This research was carried out while I was a Senior Research Fellow at the Max Planck Institute of Innovation and Competition, where I remain an Affiliated Fellow.

Asia Biega , Max Planck Institute for Security and Privacy

Asia Biega is a tenure-track faculty member and head of the Responsible Computing group, Max Planck Institute for Security and Privacy

Published
2021-08-18
How to Cite
Finck, Michele, and Asia J. Biega. 2021. “Reviving Purpose Limitation and Data Minimisation in Data-Driven Systems”. Technology and Regulation 2021 (August), 44-61. https://techreg.org/index.php/techreg/article/view/63.
Section
Articles