Related papers: The European Union general data protection regulation: what it is and what it means

The European Union general data protection regulation: what it is and what it means

URL: http://arxiv.org/abs/2510.02861v1
Date: Fri, 03 Oct 2025 09:54:30 GMT
Title: The European Union general data protection regulation: what it is and what it means
Authors: Chris Jay Hoofnagle, Bart van der Sloot, Frederik Zuiderveen Borgesius,
Abstract summary: paper introduces strategic approach regulating data and the normative foundations' of European Union's General Data Protection Regulation ('General Data Regulation')<n>Paper explains genesis, as best understood an extension and complicate existing requirements imposed by 1995 Protection Directive; describe Data Data approach; make predictions about provisions; highlight U.S. privacy law implications.
Score: 0.17041248235270653
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: This paper introduces the strategic approach to regulating personal data and the normative foundations of the European Union's General Data Protection Regulation ('GDPR'). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR's approach and provisions; and make predictions about the GDPR's implications. We also highlight where the GDPR takes a different approach than U.S. privacy law. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed regulatory regime, that will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.

Related papers

SoK: Data Minimization in Machine Learning [49.60064304454055]
Data minimization (DM) describes the principle of collecting only the data strictly necessary for a given task.<n>The relevance of data minimization is particularly pronounced in machine learning (ML) applications.<n>Existing work on other ML privacy and security topics often addresses concerns relevant to DMML without explicitly acknowledging the connection.<n>This work introduces a comprehensive framework for DMML, including a unified data pipeline, adversaries, and points of minimization.
arXiv Detail & Related papers (2025-08-14T17:00:13Z)
GDPRShield: AI-Powered GDPR Support for Software Developers in Small and Medium-Sized Enterprises [0.0]
This paper introduces a novel AI-powered framework called "ShieldShield" specifically designed to enhance awareness of SME software developers.<n>"ShieldShield" boosts developers motivation to comply with data violations from early stages of software development.
arXiv Detail & Related papers (2025-05-19T02:47:44Z)
Demystifying Legalese: An Automated Approach for Summarizing and Analyzing Overlaps in Privacy Policies and Terms of Service [0.6240153531166704]
Our work seeks to alleviate this issue by developing language models that provide automated, accessible summaries and scores for such documents. We compared transformer-based and conventional models during training on our dataset, and RoBERTa performed better overall with a remarkable 0.74 F1-score.
arXiv Detail & Related papers (2024-04-17T19:53:59Z)
Towards an Enforceable GDPR Specification [49.1574468325115]
Privacy by Design (PbD) is prescribed by modern privacy regulations such as the EU's. One emerging technique to realize PbD is enforcement (RE) We present a set of requirements and an iterative methodology for creating formal specifications of legal provisions.
arXiv Detail & Related papers (2024-02-27T09:38:51Z)
Federated Learning Empowered by Generative Content [55.576885852501775]
Federated learning (FL) enables leveraging distributed private data for model training in a privacy-preserving way. We propose a novel FL framework termed FedGC, designed to mitigate data heterogeneity issues by diversifying private data with generative content. We conduct a systematic empirical study on FedGC, covering diverse baselines, datasets, scenarios, and modalities.
arXiv Detail & Related papers (2023-12-10T07:38:56Z)
SoK: The Gap Between Data Rights Ideals and Reality [42.769107967436945]
Do rights-based privacy laws effectively empower individuals over their data?<n>This paper scrutinizes these approaches by reviewing empirical studies, news articles, and blog posts.
arXiv Detail & Related papers (2023-12-03T21:52:51Z)
Mutual Information Regularized Offline Reinforcement Learning [76.05299071490913]
We propose a novel MISA framework to approach offline RL from the perspective of Mutual Information between States and Actions in the dataset. We show that optimizing this lower bound is equivalent to maximizing the likelihood of a one-step improved policy on the offline dataset. We introduce 3 different variants of MISA, and empirically demonstrate that tighter mutual information lower bound gives better offline RL performance.
arXiv Detail & Related papers (2022-10-14T03:22:43Z)
NL2GDPR: Automatically Develop GDPR Compliant Android Application Features from Natural Language [28.51179772165298]
NL2 is an information extraction tool developed by Baidu Cognitive Computing Lab. It generates privacycentric information and generating privacy policies. It can achieve 92.9% identification of policies related to personal storage process, data process, and types respectively.
arXiv Detail & Related papers (2022-08-29T04:16:50Z)
Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
arXiv Detail & Related papers (2021-12-21T08:44:05Z)
"It may be a pain in the backside but..." Insights into the impact of GDPR on business after three years [2.5567566997688043]
General Data Protection Regulation ( Ireland) came into effect in May. Aim of study is to investigate if is all pain and no gain for business. We find threat threat fines has focused corporate mind and made business more privacy aware. Many implementation challenges remain. New business development and intra-company communication is more constrained.
arXiv Detail & Related papers (2021-10-22T16:44:21Z)
Building a Foundation for Data-Driven, Interpretable, and Robust Policy Design using the AI Economist [67.08543240320756]
We show that the AI Economist framework enables effective, flexible, and interpretable policy design using two-level reinforcement learning and data-driven simulations. We find that log-linear policies trained using RL significantly improve social welfare, based on both public health and economic outcomes, compared to past outcomes.
arXiv Detail & Related papers (2021-08-06T01:30:41Z)
Towards a Semantic Model of the GDPR Register of Processing Activities [0.3441021278275805]
We present a consolidated data model based on common concepts and relationships across analysed templates. We show that the DPV currently does not provide sufficient concepts to represent the ROPA data model. This will enable creation of a pan-EU information management framework for interoperability between organisations and regulators for compliance.
arXiv Detail & Related papers (2020-08-03T13:54:47Z)
GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
arXiv Detail & Related papers (2020-05-04T22:01:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.