Harmonizing Data Protection with Cutting-Edge Technologies: A Cross-Examination of AI and Cybersecurity Regulations
Keywords:
Data Protection, AI Technologies, Cross-Examination, Cybersecurity Regulations, Personal DataAbstract
The blistering development of the latest technologies, including artificial intelligence (AI), has fundamentally changed the manner in which personal data is gathered, processed, analysed, and used, bringing forth tensions never seen before with traditional data protection regimes. There must be a fine balance between promoting innovation, providing a strong cybersecurity, and preserving basic privacy rights to harmonise data protection with these frontier technologies. The main areas of cross-examination of AI and cybersecurity regulations are presented and compared with other major jurisdictions such as the
European Union (EU) and its General Data Protection Regulation (GDPR) and the United States and its sectoral and state strategies and India under the Digital Personal Data Protection Act, 2023 (DPDP Act). These frameworks are examples of divergent philosophies that include rights-based and prescriptive in the EU, innovation driven and disjointed in the US, and consent-based with developmental goals in India. The inherent nature of AI as a massive data processing model trainer, opaque algorithmic decision-maker, inferred automated decisions, and increased cybersecurity risks in the form of data poisoning attacks, model inversion attacks, or adversarial inputs that infer weaknesses in privacy is the fundamental dilemma of privacy principles such as consent, transparency, data minimisation, purpose limitation, and accountability to be reconciled with the nature of AI.
References
Batlle, A., & van Waeyenberge, A. (2024). Reflections on the data protection compliance of AI systems under the EU AI Act. Cogent Social Sciences. Advance online publication.
https://doi.org/10.1080/23311886.2025.2560654
European Data Protection Board. (2025). AI privacy risks & mitigations – Large language models (LLMs). https://www.edpb.europa.eu/system/files/2025-04/ai-privacy-risks-and-mitigations-in-
llms.pdf
Maham, E., & Küspert, S. (2023). General-purpose AI risks and governance (Report). Stiftung Neue Verantwortung. (Referenced in multiple analyses of EU AI Act and privacy intersections).
Mantelero, A. (2022). AI and fundamental rights: A comparative perspective. In M. Veale & F. Z. Borgesius (Eds.), The Cambridge handbook of artificial intelligence and the law (pp. 83–105). Cambridge University Press.
Casarosa, F. (2024). Dual-use risks in general-purpose AI: Cybersecurity implications under the EU AI Act. Internet Policy Review, 13(3). https://doi.org/10.14763/2024.3.1790 (Adapted from related analysis).
European Parliament. (2024). Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal of the European Union.
Krook, J., Winter, P., Downer, J., & Blockx, J. (2024). A systematic literature review of artificial intelligence (AI) transparency laws in the European Union (EU) and United Kingdom (UK): A socio-legal approach to AI transparency governance. SSRN Electronic Journal.
https://doi.org/10.2139/ssrn.4976215
Laksito, J., & Pratiwi, B. (2025). Harmonizing data privacy frameworks in artificial intelligence: Comparative insights from Asia and Europe. PERKARA – Jurnal Ilmu Hukum dan Politik, 2(4), 579–588.
Calzada, I. (2025). Trustworthy AI for whom? GenAI detection techniques of trust through decentralized Web3 ecosystems. Big Data and Cognitive Computing, 9(3), Article 62.
https://doi.org/10.3390/bdcc9030062
Gesley, J. (2024). Netherlands: Face-recognition company Clearview AI fined for violating EU’s General Data Protection Regulation. Library of Congress Global Legal Monitor.
Leenes, R. (2018). The General Data Protection Regulation: Challenges for patients' rights in AI-driven healthcare. Common Market Law Review. (Updated context in 2025 comparative studies).
Brown, R. D., Harmon, A., & Yaacoub, S. (2025). Enhancing the EU AI Act with CSR: The role of corporate social responsibility in AI regulation. TalTech Journal of European Studies.
World Bank or similar institutional report. (2024). Harmonizing AI guidance: Analysis of frameworks on AI safety, cybersecurity, privacy, and risk management. Center for Security and Emerging Technology (CSET), Georgetown University. https://cset.georgetown.edu/wp-content/uploads/CSET-Harmonizing-AI-Guidance.pdf
Olarinde, O. (2022). Assessing frameworks for eliciting privacy & security requirements fromlaws and regulations. ResearchGate Publication. (Extended to AI in 2024–2025 contexts).
Feng, S., et al. (2023). Bias in large language models: Implications for privacy and cybersecurity.(Referenced in EU AI Act analyses).
Veale, M., & Zuiderveen Borgesius, F. (2021). AI and the right to explanation under GDPR: Harmonization challenges. International Data Privacy Law, 11(2), 112–130. (Updated in post-AI
Act literature).
Europol. (2023). Cybersecurity threats from general-purpose AI systems. Europol Report.
NIST. (Various dates, e.g., 2023–2025). AI risk management framework (Incorporating privacy and cybersecurity harmonization).
DLA Piper. (2025). Data protection laws in the United Kingdom (Post-Brexit comparative with EU AI Act). https://www.dlapiperdataprotection.com/?c=GB
IBM. (2025). What is AI governance? (Comparative overview of GDPR and EU AI Act).
https://www.ibm.com/think/topics/ai-governance
Al-Karaki, J. N. (2025). Data privacy and security standards in AI-powered scientific research. In Ensuring secure and ethical STM research in the AI era. IGI Global.
Munroe, J. (2025). Strengthening healthcare cybersecurity through multi-cloud and AI. (APA-formatted student paper example with references).
European Union. (2022). NIS 2 Directive (Cybersecurity harmonization with AI and data protection).
U.S. Department of Justice. (2025). Preventing access to U.S. sensitive personal data and government-related data by countries of concern. Federal Register, 90(5).
