Topic modelling for risk identification in Data Protection Act Judgements

Data protection legislation, such as the EU’s General Data Protection Regulation (GDPR), obliges data controllers to address risks to personal data. Risk assessment rules for data protection stipulate taking into account instances where the processing of personal data may affect other rights of the individual. It is acknowledged that engineering systems in order to address all risks is challenging and there is a need for prioritisation of risks. Previously decided decisions regarding personal data may provide insight to facilitate this. To this end, we ask: (i) in what context has data protection legislation been invoked in courts? and (ii) what other legal concerns were affected by these cases? To answer these questions, we use structural topic modelling (STM) to extract topics from the case judgements related to the United Kingdom’s Data Protection Act, incorporating covariate information related to the case outcomes, such as court type and year. The outputs of the model can be utilised to provide topics which relate to context; they can also examine how the other associated variables relate to the resultant topics. We demonstrate the utility of unsupervised text clustering for context and risk identification in legal texts. In our application, we find that STM provides clear topics and allows for the analysis of trends regarding the topics, clearly showing where data protection issues succeed and fail in courts.