Does data protection only protect individuals?

Posted on 5 April 20235 April 2023 by Ian Brown

Reuben Binns tweeted in response to a tremendous court victory by the App Drivers and Couriers Union and Worker Info Exchange in Amsterdam:

People often criticise data protection as just an 'individualistic' remedy, that facilitates platform capitalism, gets in the way of labour organising, and can't meaningfully resist harmful tech. All critiques have some truth, but I find them unhelpful and defeatist … ?
— Reuben Binns @RDBinns (@RDBinns) April 5, 2023

This is often a critique of data protection as a mechanism for AI regulation. But especially when combined with human rights and specific anti-discrimination law, how much of a gap does that leave? ? (Of course, *effective* enforcement is always and everywhere a big question.)

Non-personal data is excluded, obviously, although given the GDPR’s expansive definition that is a shrinking area, and harms relating to profiling individuals will always be in scope. Group discrimination would come under human rights and equality law (if written effectively). Safety (eg cars) is a separate regulatory regime.

Within GDPR there are certainly specific issues which @lilianedwards @mikarv @RDBinns @jennifercobbe and others are writing about. How far they can be addressed without reopening the legislative text?

General Purpose/generative AI (like ChatGPT) might need specific regulation (it’s fascinating the evolution of the EU’s AI Act has gone in the other direction — only adding this later — although this was mainly due to the timing of the emergence of ChatGPT and several text-to-image generators like DALL-E.)

I have a report coming out (very) soon which partly addresses this issue, but I’m still interested in other views!

Leave a Reply Cancel reply

Pages

Most viewed posts

Recent Posts

Recent Comments

Archives

Categories

Meta