CPDP 2025: Plattform Privatheit-Panel on fundamental rights and risks

Platform Privacy Panel at the CPDP 2025 <The World is watching> on 22 May 2025 in Brussels:

"Fundamental rights and the myriad ways of risk in EU law and policy"

The panel organised by Plattform Privatheit looked at the different concepts of risk in the texts of the General Data Protection Regulation (GDPR), the Digital Services Act (DS-A) and the AI Act (AI-A) and showed how their interpretation has a practical impact. For example, the framing of migration as a "risk" impairs human rights.

It was also discussed how risk-based approaches can serve a deregulation agenda in political narratives. Internal risk categorisations can obscure the broader issues of risks to a fundamental rights-based legal and political order for the EU in a changing geopolitical situation.

The panel discussed the following questions:

• How is risk regulated and what role does standardization play?
• How does risk affect securitisation trends in migration policies, the development and deployment of tech used in border and does this overshadow the systemic risks faced by vulnerable populations?
• How do risk assessment and profiling in predictive policing contexts affect individuals?
• What does a shift towards 'risk' based language mean for fundamental rights in EU data law and what risks are posed by current geo-political circumstances?

Isabel Barberá, co-founder of Rhite, showed that risk evaluation depends heavily on skill and willingness of those responsible. In order to evaluate risks holistically, various kinds of expertise are necessary, not the least empathy in order to fully understand the damage that could occur for others.

Dr. Irmak Erdoğan Peter, post doctoral researcher at KU Leuven argued that in the area of law enforcement was quite different from other risk assessments. In law enforcement, rather than protecting people from risks, people were considered risks. This led to massive surveillance of individuals, which could have negative effects for society as whole, when intrusive mass-surveillance technology were introduced.

Aljosa Ajanovic, a lawyer working for EDRi, observed a weaponization of risk against migrants and people on the move. Migrants were framed as risks to those in the EU in order to test invasive surveillance technologies, which would ultimately also be used within the EU in different contexts.

Dr. Katie Nolan, lecturer at Technical University Dublin, cautioned that on the EU level there currently is a feeling on having to catch up in an AI race. This construct served as justification to concentrate power at the Commission and pursue an agenda of deregulation that risks rolling back existing fundamental rights protections.

Dr. Felix Bieker, researcher at ULD a regional German data protection authority, who moderated the panel, concluded that while the notion of risk in the current EU data law could be used effectively to counter-act risks to individuals, those responsible to carry them out, were at times more interested in profits than in the protection of rights. Also, members of stigmatized groups, such as migrants, could not rely on these rights, leaving them without effective protections. However, with the current deregulation push from the European Commission to advance AI by emulating the approach of the current US administration, resistance would be required, to ensure that technology serves and protects fundamental rights.

Click here for the video recording of the panel.

For more information: https://www.cpdpconferences.org/panels/risking-fundamental-rights-the-myriad-ways-of-risk-in-eu-law-and-policy