Reviving Purpose Limitation and Data Minimisation in Data-Driven Systems
It addresses data protection challenges for AI development in the EU, offering practical guidance for stakeholders, but is incremental in its analysis of existing legal principles.
This paper investigates whether data minimisation and purpose limitation principles can be effectively implemented in data-driven systems, finding that systems could technically use much less data than they currently do, and it identifies obstacles and trade-offs in applying data protection law in practice.
This paper determines whether the two core data protection principles of data minimisation and purpose limitation can be meaningfully implemented in data-driven systems. While contemporary data processing practices appear to stand at odds with these principles, we demonstrate that systems could technically use much less data than they currently do. This observation is a starting point for our detailed techno-legal analysis uncovering obstacles that stand in the way of meaningful implementation and compliance as well as exemplifying unexpected trade-offs which emerge where data protection law is applied in practice. Our analysis seeks to inform debates about the impact of data protection on the development of artificial intelligence in the European Union, offering practical action points for data controllers, regulators, and researchers.