Close Sidebar
COPYRIGHT © PROFESSIONAL EVALUATION AND CERTIFICATION BOARD 2021 ALL RIGHTS RESERVED
Now Reading
Balancing Privacy and Innovation: How Digital Law Is Shaping the Future of AI and Cybersecurity
Search for content, post, videos
Search for content, post, videos

Balancing Privacy and Innovation: How Digital Law Is Shaping the Future of AI and Cybersecurity

April 21, 2025

In the fast-moving digital age, the tension between privacy and innovation has become one of the most pressing issues in technology law. As artificial intelligence (AI) and cybersecurity technologies advance at an unprecedented pace, there is a growing need for robust frameworks to address the delicate balance between fostering innovation and ensuring that fundamental rights to privacy and data protection are upheld. Digital law – the legal framework surrounding technology, privacy, data protection, and cybersecurity – is at the forefront of shaping the future of these industries.

This article explores how digital law is influencing the development of AI and cybersecurity, addresses the challenges of balancing privacy concerns with the drive for innovation, and analyses how regulatory measures are evolving to meet the needs of both industries.

The Rapid Evolution of AI and Cybersecurity

Artificial intelligence and cybersecurity are two areas of technology that are rapidly changing the way people live, work, and interact with the world around them. AI has permeated almost every aspect of society, from semi-autonomous vehicles and healthcare diagnostics to personalized marketing and natural language processing systems, such as ChatGPT or Perplexity.

It’s hard to think of anyone who doesn’t come into contact with AI or some form of it every day (at work, in services, or in business). While advanced AI can help streamline subtasks, it’s important to also consider its potential drawbacks to achieve greater efficiency in specific areas. AI and its capabilities can, and increasingly are, being exploited for various fraudulent activities.

Cybersecurity, in contrast, focuses on safeguarding individuals, organizations, and governments from digital threats, such as hacking, data breaches, and cyber-attacks. With the global rise in cybercrime and an increasingly connected world, cybersecurity has become essential in protecting sensitive data, maintaining public trust, and ensuring the integrity of digital infrastructure.

As AI and cybersecurity technologies advance, they increasingly intersect in key areas. For instance, AI-powered cybersecurity tools are being leveraged to predict, detect, and respond to security threats in real-time. However, the malicious use of these technologies has led to a surge in attacks, not only in terms of frequency but also in the sophistication of the methods employed as technology continues to evolve. Moreover, these advancements introduce new risks, particularly in relation to privacy. The operation of AI raises significant concerns around data usage, algorithmic bias, and accountability.

AI’s ability to collect vast amounts of personal data, combined with cybersecurity practices that may involve intrusive surveillance to detect potential threats, further complicates the balance between security and privacy.

The Role of Privacy in the Digital Age

Privacy has always been a central concern for individuals, especially in the context of technology. In the digital era, privacy means more than just protecting personal information. It also encompasses the control individuals have over how their data is collected, stored, and used. Privacy concerns are particularly heightened when it comes to AI and cybersecurity because these technologies often rely on large datasets that can include sensitive personal information.

AI systems, particularly those built on machine learning, thrive on data. The more data they have, the better they can predict, learn, and improve their outputs. However, the collection and use of this data often raises significant privacy concerns. For example, AI-driven systems such as facial recognition and social media algorithms can compromise individuals’ privacy by collecting personal data without explicit consent. Moreover, the potential for data misuse, identity theft, and surveillance further amplify concerns over privacy.

Cybersecurity technologies, while primarily designed to protect data, also raise privacy issues. To protect against cyber-attacks, organizations must implement comprehensive monitoring systems that track network traffic, user behavior, and other data streams. While these systems can be highly effective in preventing breaches, they also pose risks to individual privacy, especially if they result in unnecessary surveillance or the collection of excessive amounts of personal data.

Legal Frameworks Shaping the Digital Landscape

In response to these concerns, digital law is evolving to create a framework that addresses both privacy and innovation. Governments and regulatory bodies around the world are increasingly recognizing the need for robust laws to protect individuals’ privacy while still allowing technological progress. Several key legal frameworks are already shaping the future of AI and cybersecurity.

General Data Protection Regulation (GDPR)

One of the most significant pieces of digital legislation in recent years is the European Union’s General Data Protection Regulation (GDPR). The GDPR, which came into force in 2018, sets out strict rules on how personal data can be collected, stored, and processed. It aims to give individuals greater control over their personal data, while also ensuring that organizations handling that data adhere to high standards of security and accountability.

The GDPR applies to any organization that processes personal data of EU citizens, regardless of where the organization is based. Among its many provisions, the GDPR includes requirements for obtaining explicit consent before collecting personal data, ensuring that data is stored securely, and allowing individuals the right to access, correct, or delete their data. The GDPR also mandates that organizations implement privacy by design, meaning that privacy considerations should be integrated into the development of new technologies, including AI systems.

The GDPR has had a significant impact on AI and cybersecurity industries, forcing companies to reassess how they collect, store, and process data. While the regulation has undoubtedly increased the compliance burden for businesses, it has also set a global standard for data privacy and has inspired similar laws in other regions, such as California’s Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (LGPD).

Complementing well-known GDPR, the ePrivacy Directive, also known as the Directive 2002/58/EC, is a piece of the European Union legislation that primarily focuses on the protection of privacy and personal data in the electronic communications sector. It was originally adopted in 2002 and has undergone several updates and amendments over the years. Directive covers a broad range of electronic communication services, including internet communications (such as VoIP services, messaging apps, etc.) and covers, among other issues, the regulation of the use of cookies and direct marketing.

Emerging Privacy and Security Laws

The current hot topic is the legislation contained in the Directive on measures to ensure a high common level of cybersecurity (NIS 2). With effect from 17 October, 2025, the new regulation has expanded the scope of obligated entities, which are subject to various cybersecurity obligations, such as the obligation to (i) identify and properly comply with the notification obligation; (ii) put in place appropriate, proportionate technical and organizational measures to manage cyber risks (while increasing the personal liability of the board of directors); or (iii) control supply chains and contractual relationships.

Following on from NIS 2, Regulation (EU) 2024/2847 is another important piece of legislation which will apply from next year, 2026. The main objectives of Regulation (EU) 2024/2847, the Cyber Resilience Act (CRA), are to ensure that hardware and software products are placed on the market with fewer vulnerabilities and that manufacturers prioritize security throughout the product’s life cycle. The CRA also aims to create conditions for users to consider cybersecurity when selecting and using products with digital elements.

Another tempting regulation is the DORA Regulation (Digital Operational Resilience Act) as a piece of the European Union legislation aimed at enhancing the operational resilience of the financial sector in the face of increasing digital threats and disruptions. It was adopted as part of the EU’s digital finance strategy and focuses on ensuring that financial entities can maintain business continuity and recover quickly from any IT disruptions, cyber-attacks, or operational failures. One approach to achieving this is to place greater emphasis on supply chain security through the introduction of contractual obligations that financial firms must enforce. In practice, this means formally embedding responsibility for security not only within the regulated organization itself, but also with its suppliers whose services are used by the entity. These suppliers, who were previously outside the scope of regulatory oversight due to the lack of prior regulation, would now be covered by these security requirements through contractual measures. Temptation arises especially because of its effectiveness and direct applicability from 17 January, 2025.

Last but not least, the European legislation has been enhanced by the regulation of artificial intelligence in AI Act. The AI Act takes a risk-based approach to the regulation of AI systems, applying different rules based on the risk they pose. The goal of the AI Act is to foster trustworthy AI in Europe while addressing the risks associated with AI systems.

On 2 February, 2025, Chapters I and II of the AI Act entered into force. The effective part of the AI Act stipulates the obligation to take measures to ensure AI literacy among employees as well as prohibited practices in the use of AI. Examples of effective prohibited practices covered by the AI Act include (i) purposefully manipulative and deceptive techniques; (ii) exploitation of vulnerabilities; (iii) biometric identification; (iv) emotion detection; or (v) assessment and classification.

While the rest of the regulation is yet to be effective, there’s no need to be complacent; it’s important to begin preparing for the application of specific obligations for developers and users of AI systems.

On the European level, the new Digital Services Act (DSA) and Digital Markets Act (DMA), both of which aim to regulate digital platforms and online services, were adopted. These laws are designed to address concerns about the monopoly power of tech giants, as well as the need to ensure the protection of users’ privacy and data security.

The Digital Services Act (DSA) requires online platforms to ensure transparency in content moderation, swiftly remove illegal content, and conduct regular risk assessments, especially for very large platforms. It mandates additional protections for minors and stronger accountability for online marketplaces to prevent the sale of illegal products. Platforms must allow users to appeal content decisions and provide transparency on targeted advertising. Non-compliance with the DSA can result in significant fines, and enforcement is carried out by national authorities and the European Commission.

Striking the Balance Between Privacy and Innovation

Balancing privacy and innovation is not an easy task. On one hand, businesses and researchers must have the freedom to innovate, develop new technologies, and explore new business models. On the other hand, the protection of privacy and personal data is a fundamental right that must not be compromised in the name of progress.

One of the key challenges lies in finding ways to protect privacy without stifling innovation. The more restrictions there are on the use of data, the more difficult it becomes for AI systems to function effectively. At the same time, lax privacy protections can lead to serious ethical issues, including misuse of personal data, discrimination, and violations of fundamental rights.

To achieve the right balance, digital law must evolve in tandem with technological advancements. Laws must be flexible enough to allow for innovation, while also providing clear guidelines for data protection and privacy. This calls for continuous dialogue between lawmakers, tech companies, privacy advocates, and the public to ensure that legal frameworks align with societal values. Without this collaboration, the European Union could risk losing its position as a leading regulator by inadvertently creating artificial barriers to development.

The Future of AI, Cybersecurity, and Digital Law

As AI and cybersecurity continue to play a larger role in everyday life, the legal landscape will undoubtedly evolve to address new challenges. The future of digital law lies in creating a framework that not only promotes innovation but also protects individuals’ rights to privacy and security. To achieve this, lawmakers must strike a balance that encourages responsible development and deployment of emerging technologies.

In conclusion, the tension between privacy and innovation is an ongoing challenge that will continue to shape the future of AI and cybersecurity. Through thoughtful digital law, it is possible to strike a balance that fosters technological progress while safeguarding the rights and freedoms of individuals. As AI and cybersecurity technologies continue to evolve, the law will play a crucial role in ensuring that these innovations benefit society while minimizing risks to privacy and security.

 

Miriam Podskubova

Attorney at Law, Transaction Specialist, Start-up Advisor, ESOP and Cybersecurity Enthusiast Miriam is a seasoned legal professional with over a decade's experience. Specializing in commercial and labor law, she has a strong focus on data privacy and digital law. She earned her law degree from Comenius University, Bratislava, and an LL.M. from Prague Business Institute. A qualified advocate in the Slovak Bar Association, she also interned in Edinburgh through the European Lawyers' Association. Her expertise is further enhanced by roles at Ernst and Young and Accace, making her a respected figure in the legal field.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts