Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Less is more? On the Data Minimization in AI-based Personal Data Processing: Navigating Divides, Shaping Tomorrow in the Era of GDPR

Gran, Ryan LU (2024) JAEM01 20232
Department of Law
Faculty of Law
Abstract
This thesis is written in five Chapters. Chapter One starts with an introduction, then it focuses on the research questions and the limitations. Chapter two, describes data processing, especially AI-based personal data processing, and focuses on the possible risks of it. Chapter three explores the principle of data minimization in the GDPR, its application, techniques, and measures to perform it, and challenges. Chapter four is about the gaps in the GDPR regarding data minimization in AI-based personal data processing and discusses possible future challenges. The final Chapter summarizes the thesis and suggests recommendations.

The key questions this thesis aims to answer are: To what extent is the GDPR sufficient and effective for AI... (More)
This thesis is written in five Chapters. Chapter One starts with an introduction, then it focuses on the research questions and the limitations. Chapter two, describes data processing, especially AI-based personal data processing, and focuses on the possible risks of it. Chapter three explores the principle of data minimization in the GDPR, its application, techniques, and measures to perform it, and challenges. Chapter four is about the gaps in the GDPR regarding data minimization in AI-based personal data processing and discusses possible future challenges. The final Chapter summarizes the thesis and suggests recommendations.

The key questions this thesis aims to answer are: To what extent is the GDPR sufficient and effective for AI technologies regarding data minimization? While AI models require vast amounts of data for training and proper functioning, how can a balance be struck between the rapid growth of AI technologies and their conformity with the principle of data minimization under the GDPR? What are the current gaps in the GDPR? What are the future concerns?

This thesis discusses that while GDPR has taken long steps towards data protection, it falls short when it comes to data minimization in AI-based personal data processing. There are several challenges, such as technical and legal issues. Technical issues such as the large amounts of data that AI models need, and legal issues such as the lack of clear guidance in the GDPR regarding data minimization and AI. There are several concerns for the future as well, such as the rapid development of AI technologies, the increasing demand for personal data for AI purposes, and the conflicting interests of different stakeholders.

Finally, this thesis provides a comprehensive examination of data minimization in AI-based personal data processing, evaluates the effectiveness of the GDPR in this context, specifies gaps and challenges, and introduces future concerns. It emphasizes the need for effective enforcement mechanisms, adequate safeguards for data subjects, ongoing reassessment of data minimization, and consideration of ethical standards in data minimization. This study concludes with an emphasis on the need for harmonization of data protection regulations, promotion of industry best practices, and public awareness and education about data minimization. (Less)
Popular Abstract
This study delves into the world of AI and data protection, focusing on the principle of data minimization under the GDPR. It asks important questions about how we can balance the need for large amounts of data in AI with the GDPR’s principle of data minimization. The study finds that while the GDPR has made significant strides in data protection, it falls short in addressing data minimization in AI-based personal data processing. This shortfall is due to several challenges, including the technical need for large amounts of data in AI and the lack of clear guidance in the GDPR. The study also highlights future concerns, such as the rapid advancement of AI technologies and the increasing demand for personal data. It concludes by emphasizing... (More)
This study delves into the world of AI and data protection, focusing on the principle of data minimization under the GDPR. It asks important questions about how we can balance the need for large amounts of data in AI with the GDPR’s principle of data minimization. The study finds that while the GDPR has made significant strides in data protection, it falls short in addressing data minimization in AI-based personal data processing. This shortfall is due to several challenges, including the technical need for large amounts of data in AI and the lack of clear guidance in the GDPR. The study also highlights future concerns, such as the rapid advancement of AI technologies and the increasing demand for personal data. It concludes by emphasizing the need for effective enforcement, adequate safeguards for individuals, ongoing reassessment of data minimization, and the consideration of ethical standards. The study also calls for harmonized data protection regulations, promotion of best practices in the industry, and increased public awareness and education about data minimization. (Less)
Please use this url to cite or link to this publication:
author
Gran, Ryan LU
supervisor
organization
course
JAEM01 20232
year
type
H1 - Master's Degree (One Year)
subject
language
English
id
9148258
date added to LUP
2024-03-11 09:33:59
date last changed
2024-03-11 09:33:59
@misc{9148258,
  abstract     = {{This thesis is written in five Chapters. Chapter One starts with an introduction, then it focuses on the research questions and the limitations. Chapter two, describes data processing, especially AI-based personal data processing, and focuses on the possible risks of it. Chapter three explores the principle of data minimization in the GDPR, its application, techniques, and measures to perform it, and challenges. Chapter four is about the gaps in the GDPR regarding data minimization in AI-based personal data processing and discusses possible future challenges. The final Chapter summarizes the thesis and suggests recommendations. 

The key questions this thesis aims to answer are: To what extent is the GDPR sufficient and effective for AI technologies regarding data minimization? While AI models require vast amounts of data for training and proper functioning, how can a balance be struck between the rapid growth of AI technologies and their conformity with the principle of data minimization under the GDPR? What are the current gaps in the GDPR? What are the future concerns? 

This thesis discusses that while GDPR has taken long steps towards data protection, it falls short when it comes to data minimization in AI-based personal data processing. There are several challenges, such as technical and legal issues. Technical issues such as the large amounts of data that AI models need, and legal issues such as the lack of clear guidance in the GDPR regarding data minimization and AI. There are several concerns for the future as well, such as the rapid development of AI technologies, the increasing demand for personal data for AI purposes, and the conflicting interests of different stakeholders. 

Finally, this thesis provides a comprehensive examination of data minimization in AI-based personal data processing, evaluates the effectiveness of the GDPR in this context, specifies gaps and challenges, and introduces future concerns. It emphasizes the need for effective enforcement mechanisms, adequate safeguards for data subjects, ongoing reassessment of data minimization, and consideration of ethical standards in data minimization. This study concludes with an emphasis on the need for harmonization of data protection regulations, promotion of industry best practices, and public awareness and education about data minimization.}},
  author       = {{Gran, Ryan}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Less is more? On the Data Minimization in AI-based Personal Data Processing: Navigating Divides, Shaping Tomorrow in the Era of GDPR}},
  year         = {{2024}},
}