Technology
What could the next four years look like for GDPR?
By Rob Masson, CEO, The DPO Centre
The European Union General Data Protection Regulation (GDPR) is four years. During the past 1461 days, we have seen a dramatic shift in how data protection is viewed by organisations as well as ordinary consumers. How personal data of employees and customers is processed is now front of mind across every department in a business.
In the latter half of this period, the COVID-19 pandemic triggered a further transformation in how organisations handled personal data whilst their workforce pivoted to a full or flexi work from home model.
Clearly there have been huge changes over the last four years, and at The DPO Centre we believe that the next four will be no different in this respect, largely down to the vast array of new technologies that are becoming commonplace across all industries, truly transforming personal data processing and regulation needs to therefore try to keep up.
The two new technologies that we believe are at the forefront of innovation and will become a hot topic in data protection circles over the next four years is Artificial Intelligence (AI) and Blockchain.
Looking first at AI as the new emerging technology being adapted into many businesses-models across the globe. Personal data processing powered by AI is, to a degree, already regulated by the data protection laws that are already in existence. However, it is quickly becoming apparent that the capabilities of AI mean that it does need further regulation or, at least, further clarification around how existing laws apply to it. Therefore, in the next four years we fully expect to see Data Protection Authorities issuing working-guidance on how to ensure AI systems are fully compliant with both the EU and UK GDPR. This will likely cover data anonymisation, data sharing, explainability and accountability, and respecting data subject rights, particularly Article 22.
Aside from existing legislation, we expect to see a raft of additional legislation being proposed and entering into force over the next four years in relation to AI. There is currently a global push to regulate AI technologies with different countries offering different solutions to the problem. It is likely that this ‘AI push’ will see the development and implementation of required ‘Explainability Frameworks’ and further assessments, like Algorithm Impact Assessments, to ensure that AI systems are not discriminatory in nature and can meet the accountability and explainability principles data subject in the EU and UK especially have come to expect.
The European Commission has published a proposal for a Regulation on Artificial Intelligence. The AI Regulation contains extensive regulatory compliance implications for organisations across a wide range of sectors and whilst we are still waiting the final regulatory framework for AI. Stating that the goal is to make “Europe fit for the digital age and turning the next ten years into the Digital Decade”.
The UK set out its National AI Strategy for becoming a global AI superpower, which includes plans to revolutionise the governance of AI technology. We believe that the EU and UK are leading the way for AI regulation and, like with other areas of data protection regulation, the rest of the world will in time follow suit by creating AI regulations of their own.
Blockchain and digital distribution ledgers
At The DPO Centre we also believe Blockchain could also provide data protection benefits given that it is designed to enable data-sharing without the need for a central trusted middleman. It also offers transparency to those who have access to the block. Block-sharing can help automate data sharing, which in turn could help influence the push for economic policies and incentives behind data-sharing. If the potential inconsistences between the use of blockchain technologies at data protection law can be ironed out in the next few years, in order to see the full benefits of blockchain technology. This is something the European Parliament has suggested, implying that we could see a huge change to data transfers if blockchain becomes a serious consideration to legislative bodies.
Whilst Blockchain is best known as the technology that facilitates crypto currencies like Bitcoin. It has mainly been used as a way of enabling and recording transactions in a way where the ledger itself could not be altered. This allows for an accurate record to be kept of transactions. But blockchain technology has the potential to be used in far more different ways, and with its increased use it is likely that it will raise data protection concerns which will attract additional regulation of something that is de-centralised by its design.
Crypto-currencies are already the focus of ongoing regulation efforts by the world’s financial institutions. In the EU, the draft Market in Crypto-Assets (MiCA) rules are in the process of being created, and it is anticipated that other countries will soon follow suit. However, how blockchain in general will impact data protection is an area that is at the moment fairly unexplored.
Blockchain, on the face of it, is likely to cause some conflicts with current data protection laws and so we anticipate that there will likely be some legislative developments in this area, or at the very least, guidance issued by authorities on how the two interact. Because blockchain is de-centralised in its nature, there are conflicts with the accountability requirement set out in data protection legislation and the need to be able to identify the data controllers and processors within a processing relationship. Similarly, data protection rights such as the right to be forgotten and the right to rectification, are too at odds with the core nature of blockchain technology.
With the ever-changing nature of technology and the continued advancements being made, governments and regulators will need to start to embrace these new technologies in order to issue accurate guidance and legislation on these matters. Without support and guidance from these bodies, organisations conscious about compliance are likely to be hesitant to utilise these new technologies to their full potential given the uncertainty that currently reigns. We therefore believe that the next four years will see a real push to make sure that the right regulation and knowhow is in place to ensure that organisations and member states are ready for this new digital age and can make best use of these technologies.
-
Business4 days ago
The Future of Global Trade Will Be Green or Not at All
-
Banking4 days ago
The Future of Banking will be Personalized and Open
-
Technology4 days ago
Web2 vs Web3 – Why Integration is the Future of the Internet
-
Investing4 days ago
Private Equity Firms Embrace AI for Their Portfolio Companies