Four years of GDPR: New tech testing data privacy law's longevity?

Data protection authorities (DPAs) broadly believe the regulation's underlying principles of lawfulness, fairness, and transparency make it "future-proof" to cover developments in artificial intelligence (AI), machine learning, cloud computing, and data in a way its predecessor, the 1995 EU Data Protection Directive, failed to do. Many legal experts also believe the GDPR is flexible enough to cope with emerging technologies. Will Richmond-Coggan, director and a specialist in data protection and new technology at law firm Freeths, said, "Although it is often presented as a conflict, the reality is there is very little which technology might make possible that the (U.K. or EU) GDPR would outright prohibit." James Castro-Edwards, privacy and cyber counsel at law firm Arnold & Porter, said, "While the GDPR may not have been drafted with these new technologies specifically in mind, the broad principles of lawfulness, fairness, and transparency still apply, along with a number of additional requirements for higher risk processing." "When data protection rules are difficult to apply in practice, organizations can fall into the trap of believing that avoiding them is a pragmatic approach."