INFO-LEG Roundtable at CPDP2023

INFO-LEG will host a Roundtable It’s not about the personal data, stupid! Is it time to focus legal protection against risks of the digital society on something else?“at CPDP2023.

Time / Place:

25 May, 11:45-13:00, M-Village Grande.

Chair: Nadya Purtova

“Personal data” has not performed well as a trigger of legal protection against risks of the information society. Its broad interpretation in theory makes the GDPR “the law of everything” digital. Yet, in practice, many information practices fall through the GDPR cracks: controllers construe “personal data” narrowly and do not apply the GDPR where they should; PETs obfuscate the boundary between identifiable and anonymous; the GDPR is not designed to tackle group information harms.

Nadya Purtova will briefly speak about the necessity to separate regulation of semantic and syntactic dimensions of information and ask the roundtable participants to reflect on the potential of this idea to inform data protection reform. Experts from the law practice and academia will discuss if the regulatory focus on personal data as a trigger of legal protection obscures the problems we want to solve, and if focusing on different regulatory targets will do the job better. If it’s time for a redesign of the legal protection against harms of the digital society, how should it look like?

  • Are all the risks of the digital society that the GDPR aims to address contingent on a certain type of information processed, specifically, “personal data”, or do some of the problems materialize regardless of the meaning of information used?
  • Should the broad scope of personal data be narrowed down and problematic digital practices (automated decision-making, algorithmic discrimination, or platform exploitation) be regulated instead? What would those practices be?
  • Should the design and use of software with impact on people be regulated among those practices?
  • Could the general principles of data protection serve as a blueprint for the general principles of design and use of algorithms? What added value would this approach have compared to the AI Act?
  • Will a narrower scope of the GDPR in combination with the general principles of design and use of software make a positive difference in terms of compliance, enforcement and quality of legal protection compared to the status quo?

Workshop facilitator: Nadya Purtova & Raphaël Gellert (moderator, RU, NL)


  1. Laurence Diver (VUB, BE)
  2. Michael Veale (UCL, UK)
  3. Sjoera Nas (Privacy Company, NL)
  4. Raphaël Gellert (moderator, RU, NL)

UPD: The recording of the roundtable is available here.