RETHINKING CODE AS PERSONAL DATA: A HOLISTIC LEGAL PERSPECTIVE Scrutinizing Implications of Code is Personal Data Argument for Data Protection Law and Regulation of Algorithms

The first chapter of this book sets the stage for the central inquiry by providing essential context and framing including background, formulation of the main research questions and sub-questions, a literature review and methodological approach. In the second chapter, the foundational elements of the argument for treating code as personal data are examined. The building blocks of the definition of personal data including (i) information, (ii) relating to (a natural person), (iii) who is identified or identifiable, directly or indirectly are applied to code. This study substantiates that code can qualify as personal data in certain cases through its design, purpose, or impact.

Qualifying code as personal data requires the application of the GDPR to the entire lifecycle of ADM systems, which results in certain implications concerning data protection and the regulation of algorithms. In the third chapter, the implications identified by the authors are evaluated. It is argued that certain rights- such as obtaining a copy of data- and certain principles- including purpose limitation and data minimization- provide relatively straightforward frameworks for ensuring compliance under the code is personal data argument. However, it is suggested that the implementation and interpretation of the principles of fairness, transparency, and lawfulness present more nuanced and complex challenges for ADM systems. In the fourth chapter, the authors’ explanations regarding these principles are expanded and analyzed in greater depth. The extent to which this may address information-induced harms, particularly within the context of algorithmic bureaucracy, is explored. This study examines whether the approach offers an adequate mechanism, or whether the issue is better addressed through alternative formulations-legislative or technology-specific.