With the adoption of the GDPR, data subjects gained more power in tracking their data, while for entities processing personal data that means higher responsibilities and burden, particularly because demonstrating compliance with GDPR principles is not that easy. A solution that is gaining popularity, is the use of certain legal technologies which claim to offer automation of GDPR compliance. But their use comes with certain costs. Discussion in this panel will revolve around issues of GDPR automation, whether certain GDPR provisions lend themselves to automation, and whether automation actually contributes to GDPR compliance. The panel follows the form of a debate, to allow for a better exchange of views from the panelists composed of different stakeholders.
• Do particular provisions of the GDPR push towards automation?
• Does automation actually contribute to GDPR compliance? If yes, to what extent? What problems does automation solve and what new problems does it cause?
• Who would be held liable if things go wrong in an automated GDPR compliance situation (the developer, the controller, the processor, or all of them)? Under what conditions?
• Is automation a form of or a means for GDPR compliance? What normative implications arise when automating GDPR compliance?