INFO-LEG Panel at TILTing2021

Session 13C: Open Track: Panel ‘Escaping “the law of everything”. Should we separate ADM regulation from data protection?’


Friday 21 May, 2021



The central question the panel aims to answer is if in the EU it makes sense to regulate automated decision-making outside of the GDPR, ie not as a part of data protection, and not anchored in or conditioned upon the processing of personal data.


The background to this is the following: In data protection law the desire to include automated decision-making within the scope of data protection is stretching the concept of personal data (determining the GDPR’s material scope) and consequently the scope of the GDPR to the extent that makes everything personal data and the GDPR the law of everything digital. This raises concerns as to the actual ability of the GDPR to resolve all the digital problems. At the same time, the protections that the GDPR provides regarding automated decision-making only concern individual decision-making (when the ADM is based on personal data AND is directed at an individualized / distinguished from a group natural person). The GDPR does not provide any safeguards if a decision is directed towards a group, i.e. more than just one person. In addition, one can argue that providing safeguards in automated decision-making is a distinct rationale of the data protection law, which is different from traditional ‘privacy’ rationales such as creating anonymous space for expression, self-development etc. or preserving a private intimate sphere. So, to fix the problem of regulatory overstretch, should we perhaps just have a separate legal regime that regulates individual and non-individual automated decision-making across public and private sectors?

The panel will be conducted in the form of a round table.

Experts from the fields of data protection and regulation of ADM, administrative, antidiscrimination and consumer protection law will be asked to reflect on the possibility and implications of separating data protection from regulation of ADM in terms of the need, possibility, gains and challenges.



  • Nadya Purtova


  • Sofia Ranchordas (administrative law perspective)
  • Catalina Goanta (EU consumer law perspective)
  • Sandra Wachter (ADM, non-discrimination)
  • Mireille Hildebrandt
  • Anton Ekker




  • Do we need an umbrella regulation of ADM which is not anchored in the concept of personal data and is outside of the GDPR?
  • How does practice cope with application of the GDPR to ADM?
  • Are the current non-GDPR legal regimes such as consumer protection, administrative and equality & non-discrimination law relevant for ADM sufficient?
  • Would the draft EU AI Regulation, if adopted, fix any gaps?
  • How could we envisage a regulatory framework for automated decision-making outside of the GDPR?



  • 90 min in total
  • 10 min: introduction of the topic and speakers
  • 60 min: for the panel questions and reflections
  • 20 min: Q&A with the audience