Enforced as of May 25, 2018, General Data Protection Regulation (GDPR) is a binding regulation with the possibility of adjustment by individual EU states. Among its many provisions is that entities that control personal data must implement the principles of data protection. The document consists of 11 Chapters and 99 Articles. Also important is the identification of the authority base covering reasons for the inclusion of articles.
As a legal document it is in text form—word after word and page after page—and as such remains fundamentally linear in content representation and overall structure. While its application is to the European Union and its states, it also covers individuals, actors, and entities whose activities bear upon, intersect, impact, or are impacted by the provisions of GDPR.
The research challenge is to generate the structure of the text, determine the salience of the articles and connections among them. A related challenge is to drill below the surface of the GDPR text form in order to better understand the relationships and operational implications of its articles.
Here we show only the basic network view of GDPR, in the Figure below. This Figure is devoid of any statistical properties. It depicts all nodes and edges in similar size and salience. The color code signals the individual chapters.
More detailed investigations are needed to trace and understand the full system and structure of GDPR—as well as well as the relative salience of individual articles and interconnections among them. Yet even this basic representation points to distinctive features note, for example, the isolated nodes at the bottom of the Figure.
Source: Choucri, N., & Agarwal, G. (2022). New exploratory project on AI-policy [Unpublished manuscript]. MIT Political Science.
Note: Nodes represent the Articles. Node color code signals the individual Chapters
These are illustrations of the results. A more detailed understanding of the power and leverage of GDPR—and its limitations, if any—requires a review of the relative salience of individual articles and interconnections among them.
Reference:
- Choucri, N., & Agarwal, G. (2022). Analysis of “EU—General Data Protection Regulation” [Unpublished manuscript]. MIT Political Science.
- European Parliament and of the Council. (2016). Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (REGULATION (EU) 2016/679). Official Journal of the European Union. http://data.europa.eu/eli/reg/2016/679/2016-05-04