Event Contact


Time Speaker Description
12.00 - 13.30 Mireille Hildebrandt


This is an internal event, where all partners need to prepare themselves, based a small library of presentations that:

      1. introduce the tutorial and
      2. provide a small set of concepts (and legal norms) core to the GDPR. The presentations consist of slides with audio, explaining the text. The library can be found at the internal webserver of the HAI-NET

The library also provides access to the Textbook Law for Computer Scientists and Other Folk that contains relevant literature, notably in chapters 5 and 10.


 The Open Access Textbook:

      • Law for Computer Scientists and Other Folk (OUP 2020, available in Open Access)
      • See dedicated sections below

A series of Slide-sets with Audio:

      • A 45-minute slide-set with audio: Main Introduction to the Tutorial
        Check out the introduction, the glossary and study chapter 5 of the Textbook
      • A set of eight short slide-sets with audio that introduce
        core GDPR requirements
        1. What is the legal status of developers, users and end-users?
          Controllers and processors (art. 4 GDPR)
          Section and of the Textbook
        2. On what ground can you process personal data?
          Legal basis (art. 6 GDPR)
          Section 5.2.5 of the Textbook
        3. What rules inform lawful development and use of data-driven AI?
          Principles (art. 5 GDPR)
          Section 5.2.6 of the Textbook
        4. What counts as valid consent?
          Consent (art. 7 GDPR)
          Section 5.2.7 of the Textbook
        5. What information must be provided to whom and how?
          Transparency (art. 12-15 GDPR)
          Section 5.4.1 GDPR of the Textbook (though at generic level)
        6. What kind of automated decisions are prohibited by default?
          Automated decisions (art. 22 GDPR)
          Section 3.3.3 of the Textbook (in relation to e.g. DLTs)
        7. How to embed legal norms in systems, architectures and applications?
          Data protection by design and default (DPbDD) (art. 25 GDPR)
          Section 5.2.9 and of the Textbook
        8. When and how to assess the impact of data-driven AI applications?
          Data protection impact assessment (DPIA) (art. 35 GDPR)
          Section 5.2.10 and of the Textbook