Agentic AI: Data Protection Law Challenged, Study Finds

The growing use of agentic artificial intelligence will test how organizations comply with existing data protection law. This new study warns that innovations will push the limits of current rules, especially when AI agents perform complex tasks with little human involvement. Agentic AI systems are different from conventional generative AI. They pursue complex goals and coordinate multi-step actions with limited human input. This creates unique challenges for organizations under data protection law, including the GDPR. The study suggests that data protection compliance needs stronger accountability, governance, and human oversight. These safeguards should include documentation, auditability, impact assessments, and ongoing monitoring. While the GDPR remains a good baseline, the challenges of agentic AI require a broader approach. One difficulty is that agentic AI may shape how personal data processing happens, making it harder to exercise rights like access or erasure. This is because these systems can operate autonomously over time, connecting multiple decisions and pursuing goals through self-guided steps. This research highlights a potential gap between legal standards and technical realities.