Evidence review · generated by the AGI Social Scientist
Evidence gap map: data protection regulation in the AI literature
Research question: What does the scholarly literature report on data protection regulation in the context of AI?
Headline finding (screened coverage map)
Across a 5x6 framework matrix, 24 of 30 cells have no papers in this corpus of 12 included records; the populated cells concentrate in aspect 'rights_and_remedies' (5 papers) and evidence type 'legal_doctrinal' (6 papers).
The review
In plain terms
This is the first topic the engine chose for itself from its own reading: "data protection regulation" surfaced as a candidate while mapping earlier corpora, was measured live against policy and scholarly volumes, and entered the study queue as robust. The map of its literature: rich legal-doctrinal debate about rights — the contested "right to explanation," human intervention, reasonable inferences — and a growing compliance-engineering strand, with 24 of 30 matrix cells empty and not one included paper reporting empirical study of the regulation operating in practice.
Finding (screened coverage map): Across a 5x6 framework matrix, 24 of 30 cells have no papers in this corpus of 12 included records; the populated cells concentrate in aspect 'rights_and_remedies' (5 papers) and evidence type 'legal_doctrinal' (6 papers).
Background
Policy Window's research engine selected the review kind BEFORE this article was drafted: a review-kind selector matched the question ("What does the scholarly literature report on data protection regulation in the context of AI?") and the measured corpus features (29 records, 25 with abstracts, no comparable quantitative effects, abstracts only) to an evidence gap map (selection b43a8bc3c9476dcb). The article's status is a screened candidate routed to human review, not an adjudicated truth (Sacred Rule 9).
Method
Every record was coded exactly once against a declared frame — five regulation aspects (rights and remedies, compliance engineering, public-sector judicial review, health-sector application, regulation overviews) by six evidence types — with a verbatim rationale span per inclusion and a stated reason per exclusion (17 records excluded: off-topic or no abstract). Review report 70b08d31a3678196; corpus c8bde2ddcf21d5be.
What the map shows
The populated region: the right-to-explanation debate in its full arc (the claim that the GDPR mandates explanation, the doctrinal rebuttal that no such right exists, the proposed right to reasonable inferences, the right to human intervention), judicial-review analysis of automated public-sector decisions, technical compliance work (GDPR compliance checking, machine unlearning for the right to be forgotten), and health-sector commentary. The named empty cells include every regulation aspect crossed with empirical evidence of either kind — the fourth serviced topic in a row whose corpus contains no included paper measuring the regulation in operation.
Limitations (disclosed by the engine)
- scoping retrieval with fixed queries, not a systematic search (coverage is query-bounded)
- coding from abstracts only — full texts were not consulted; cells count papers, not extracted effect estimates
- single-annotator coding (in-session:claude-agent); no second coder, no kappa
- corpus bounded to 29 retrieved records; counts are corpus-relative, not field-level claims
Verify
Every count above re-derives offline from the committed corpus and codings — no model, no network, no trust in the institute required: PYTHONPATH=src python scripts/verify_review_data_protection_regulation.py # exit 0 = re-derives offline
Coverage matrix
Each cell counts the papers in the corpus coded to that aspect × evidence-type. Empty cells are named gaps — areas the literature does not (yet) cover.
| Aspect \ Evidence type | Conceptual Normative | Legal Doctrinal | Empirical Qualitative | Empirical Quantitative | Technical Review Survey | Review Synthesis |
|---|---|---|---|---|---|---|
| Rights And Remedies | 0 | 5 | 0 | 0 | 0 | 0 |
| Compliance Engineering | 0 | 0 | 0 | 0 | 3 | 0 |
| Public Sector Judicial Review | 0 | 1 | 0 | 0 | 0 | 0 |
| Health Sector Application | 1 | 0 | 0 | 0 | 0 | 1 |
| Regulation Overviews | 1 | 0 | 0 | 0 | 0 | 0 |
Named gaps — 24 empty cells
- ▢ rights_and_remedies x conceptual_normative: 0 papers
- ▢ rights_and_remedies x empirical_qualitative: 0 papers
- ▢ rights_and_remedies x empirical_quantitative: 0 papers
- ▢ rights_and_remedies x technical_review_survey: 0 papers
- ▢ rights_and_remedies x review_synthesis: 0 papers
- ▢ compliance_engineering x conceptual_normative: 0 papers
- ▢ compliance_engineering x legal_doctrinal: 0 papers
- ▢ compliance_engineering x empirical_qualitative: 0 papers
- ▢ compliance_engineering x empirical_quantitative: 0 papers
- ▢ compliance_engineering x review_synthesis: 0 papers
- ▢ public_sector_judicial_review x conceptual_normative: 0 papers
- ▢ public_sector_judicial_review x empirical_qualitative: 0 papers
- ▢ public_sector_judicial_review x empirical_quantitative: 0 papers
- ▢ public_sector_judicial_review x technical_review_survey: 0 papers
- ▢ public_sector_judicial_review x review_synthesis: 0 papers
- ▢ health_sector_application x legal_doctrinal: 0 papers
- ▢ health_sector_application x empirical_qualitative: 0 papers
- ▢ health_sector_application x empirical_quantitative: 0 papers
- ▢ health_sector_application x technical_review_survey: 0 papers
- ▢ regulation_overviews x legal_doctrinal: 0 papers
- ▢ regulation_overviews x empirical_qualitative: 0 papers
- ▢ regulation_overviews x empirical_quantitative: 0 papers
- ▢ regulation_overviews x technical_review_survey: 0 papers
- ▢ regulation_overviews x review_synthesis: 0 papers
Disclosed fragilities
The engine discloses the limits of its own method. This is a screened candidate routed for review, not adjudicated truth.
- • scoping retrieval with fixed queries, not a systematic search (coverage is query-bounded)
- • coding from abstracts only — full texts were not consulted; cells count papers, not extracted effect estimates
- • single-annotator coding (in-session:claude-agent); no second coder, no kappa
- • corpus bounded to 29 retrieved records; counts are corpus-relative, not field-level claims
Codings — 12 included, with verbatim evidence
Every inclusion carries a verbatim rationale spanfrom the paper’s abstract (AGISS constraint P1: no claim without a quoted source excerpt).
| Paper | Aspect | Evidence type | Verbatim rationale |
|---|---|---|---|
| EU regulations on algorithmic decision-making and a "right to explanation".arXiv (Cornell University) · 2016 | Rights And Remedies | Legal Doctrinal | “We summarize the potential impact that the European Union's new General Data Protection Regulation will have on the routine use of machine learning algorithms” |
| European Union Regulations on Algorithmic Decision Making and a “Right to Explanation”AI Magazine · 2017 | Rights And Remedies | Legal Doctrinal | “place restrictions on automated individual decision making” |
| The General Data Protection Regulation · 2018 | Regulation Overviews | Conceptual Normative | “Awareness of the responsibility is emerging as a key concern for the HCI community” |
| A Right to Reasonable Inferences: Re-Thinking Data Protection Law in the Age of Big Data and AI · 2018 | Rights And Remedies | Legal Doctrinal | “Big Data analytics and artificial intelligence (AI) draw non-intuitive and unverifiable inferences and predictions about the behaviors, preferences, and private lives of individuals” |
| Human intervention in automated decision-making · 2019 | Rights And Remedies | Legal Doctrinal | “a right to human intervention on decision-making supported by artificial intelligence” |
| Administrative law and the machines of government: judicial review of automated public-sector decision-makingLegal Studies · 2019 | Public Sector Judicial Review | Legal Doctrinal | “there is no clear understanding of how English administrative law will apply to this kind of decision-making” |
| Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection RegulationInternational Data Privacy Law · 2017 | Rights And Remedies | Legal Doctrinal | “there are several reasons to doubt both the legal existence and the feasibility of such a right” |
| Amnesiac Machine Learning · 2021 | Compliance Engineering | Technical Review Survey | “It gives EU residents the ability to request deletion of their personal data, including training records used to train machine learning models” |
| A combined rule-based and machine learning approach for automated GDPR compliance checking · 2021 | Compliance Engineering | Technical Review Survey | “The General Data Protection Regulation (GDPR) requires data controllers to implement end-to-end compliance” |
| Privacy and artificial intelligence: challenges for protecting health information in a new eraBMC Medical Ethics · 2021 | Health Sector Application | Review Synthesis | “Advances in healthcare artificial intelligence (AI) are occurring rapidly and there is a growing discussion about managing its development” |
| Legal and Ethical Consideration in Artificial Intelligence in Healthcare: Who Takes Responsibility?Frontiers in Surgery · 2022 | Health Sector Application | Conceptual Normative | “The legal and ethical issues that confront society due to Artificial Intelligence (AI) include privacy and surveillance, bias or discrimination” |
| Secure Data Backup Strategies for Machine Learning: Compliance and Risk Mitigation Regulatory requirements (GDPR, HIPAA, etc.)International Journal of Emerging Trends in Computer Science and Information Technology · 2020 | Compliance Engineering | Technical Review Survey | “organizations find it more difficult to ensure data confidentiality, integrity, and compliance with strict criteria” |
17 excluded records, with reasons
- Use (and abuse) of expert elicitation in support of decision making for public policy — off-topic: expert elicitation methodology; not AI data protection
- Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation — no abstract available for coding (abstracts-only protocol)
- Machine learning in medicine: Addressing ethical challenges — off-topic: ethics commentary on ML in medicine; data protection regulation not the subject
- Administrative Law and the Machines of Government: Judicial Review of Automated Public-Sector Decision-Making — no abstract available for coding (abstracts-only protocol)
- Edge Intelligence: Paving the Last Mile of Artificial Intelligence With Edge Computing — off-topic: edge computing architectures
- Artificial Intelligence (AI): Multidisciplinary perspectives on emerging challenges, opportunities, and agenda for research, practice and policy — off-topic: broad AI overview
- How artificial intelligence will change the future of marketing — off-topic: AI in marketing
- Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI — no abstract available for coding (abstracts-only protocol)
- Key challenges for delivering clinical impact with artificial intelligence — off-topic: clinical AI deployment challenges
- In AI we trust? Perceptions about automated decision-making by artificial intelligence — no abstract available for coding (abstracts-only protocol)
- Explainable Machine Learning in Credit Risk Management — off-topic: explainable credit-risk model
- The role of artificial intelligence in achieving the Sustainable Development Goals — off-topic: AI effects on SDGs
- The future of digital health with federated learning — off-topic: federated learning methods; regulation not the subject
- Challenges in Deploying Machine Learning: A Survey of Case Studies — off-topic: ML deployment survey
- Membership Inference Attacks on Machine Learning: A Survey — off-topic: membership-inference attack survey; regulation not the subject
- Revolutionizing healthcare: the role of artificial intelligence in clinical practice — off-topic: AI-in-clinical-practice review
- Interpretable machine learning — off-topic: interpretable ML methods
Why this review kind
Review-kind selection for 'What does the scholarly literature report on data protection regulation in the context of AI?': SELECTED evidence_gap_map; 0 kind(s) rejected with their failed requirements recorded. A methodological screen (Sacred Rule 9): the selection is disclosed on the article and the selected kind's own discipline still applies at conduct time.
Selector: review_selector_v1 · selected kind: Evidence Gap Map · selection hash b43a8bc3c9476dcb.
Verdict
evidence_gap_map conducted over 29 records (12 included, 17 excluded with reasons): a coverage map with 24 named empty cells. Counts only — no importance adjudication (Sacred Rule 9); the report re-derives offline from corpus + codings.
Verify it yourself
Every count above re-derives offline from the committed corpus and codings — no model, no network, no trust in the institute required:
PYTHONPATH=src python scripts/verify_review_data_protection_regulation.py # exit 0 = re-derives offline