Operationalizing legal and societal constraints in information systems
Data protection laws define requirements for respectful processing of user data. However, the lack of technical interpretations of many of those requirements has inhibited their adoption. In this talk, I will discuss our recent efforts to operationalize several data protection principles from GDPR—including the data minimization principle and the right to be forgotten—in the context of automated profiling and decision-making systems. We propose new models that enable the adoption of those principles and evaluate the outcomes in the domain of recommendation and search systems. Our results demonstrate remaining practical challenges and some of the impacts the implementation of the legal principles might have on the digital ecosystem.