Decoding EU-GDPR

Decoding EU-GDPR

 

Nazli Choucri

Professor
Political Science Department
Massachusetts Institute of Technology

 

 

Enforced as of May 25, 2018, General Data Protection Regulation (GDPR) is a binding privacy and security regulation with the possibility of adjustment by individual European Union (EU) states. Among its many provisions is that entities that control personal data must implement the principles of data protection.

The document consists of 11 Chapters and 99 Articles. Of key importance is the identification of the authority base covering reasons for the inclusion of articles.

Challenge:

As a legal document, it is in text form—word after word and page after page—and as such remains fundamentally linear in content representation and overall structure. While its application is to the EU, it also covers individuals, actors, and entities whose activities bear upon, intersect, impact, or are impacted by the provisions of GDPR.

The research challenge is to generate the structure of the text and determine the salience of articles and connections among them.  As we drill below the surface of the GDPR text form we are able to  better understand the relationships and operational implications of its articles.

When the analysis is completed, we would be able to trace and understand the full power and leverage of GDPR—as well as its limitations, if any—and the relative salience of individual articles and interconnections among them.

Network View:  Example

A particular network view of GDPR is shown in the figure below. The color code signals individual Chapters. Nodes  refer to individual Articles. Node size reflects eigenvalue centrality score. Even at this basic representation we can identify some overall features. Note for example the isolated notes at the bottom.    

 

 

Chart Description automatically generated

Initial network view of “General Data Protection Regulation (GDPR).”

 

References:

Choucri, N., & Agarwal, G. (2022). Analysis of “EU—General Data Protection Regulation” [Unpublished manuscript]. MIT Political Science.

European Parliament and of the Council. (2016). Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (REGULATION (EU) 2016/679). Official Journal of the European Union. http://data.europa.eu/eli/reg/2016/679/2016-05-04

Submitted by Anonymous on