International Journal of Scientific Research

The use of artificial intelligence (AI) in business models necessitates rigorous legal consideration of the European Union's General Data Protection Regulation (GDPR). This article reframes GDPR as a minimum legal norm that structures ethical AI development, where adherence is framed as a vital strategic imperative. Through doctrinal analysis of GDPR provisions, case law, and regulatory guidance, we explore four basic legal tensions: (1) between transparency of automated decision-making (Articles 13–15, Recital 71) and the inherent opacity of AI; (2) data minimization (Article 5(1)(c)) and AI's consumption of large datasets; (3) purpose limitation (Article 5(1)(b)) and AI's adaptive reuse of data; and (4) the prohibition of entirely automated decision-making under Article 22. Case studies of Meta, Clearview AI, and Microsoft illustrate how GDPR's extraterritoriality, consent requirements, and accountability principles function on AI systems. We propose a PbD-based legal-operational framework, aligned with the EU AI Act's risk-based approach, for innovation-compliance balance. Policy recommendations are regulatory harmonization, SME-specific legal guidance, and AI sandboxes for testing compliance under supervisory oversight. Based on GDPR legal text and court interpretations, this article provides a roadmap for businesses to ensure compliance with algorithmic governance whisle minimizing liability.

- Andrew, J., & Baker, M. (2021). The general data protection regulation in the age of surveillance capitalism. Journal of Business Ethics, 168(3), 565–578.

- Asadollahi, A., Jahanshahi, A. A., and Nawaser, K. (2011). A Comparative Study to Customer’s Satisfaction from after Sales Services in the Automotive Industries. Asian Journal of Business Management Studies, 2(3), 124–134.

- Bayamlıoğlu, E. (2022). The right to contest automated decisions under the General Data Protection Regulation: Beyond the so‐called “right to explanation”. Regulation & Governance, 16(3), 885–905.

- Brey, P., & Dainow, B. (2024). Ethics by design for artificial intelligence. AI and Ethics, 4(4).

- Chanda, R. C., Vafaei-Zadeh, A., Ahmed, T., & Nawaser, K. (2024). Investigating the factors influencing e-banking service adoption during COVID-19 pandemic. International Journal of Productivity and Quality Management, 41(2), 197-235.

- Nawaser, K. (2015). Electronic commerce investment under condition of high uncertainty: a real options approach. In Academy of Management Proceedings (Vol. 2015, No. 1, p. 13682). Briarcliff Manor, NY 10510: Academy of Management.

- Khaksar, S. M. S., Maghsoudi, T., Soleimani, M., Nawaser, K., Saki, A., & Jahani, H. (2025). (Un) Intended Consequences of Social Robot Adoption in Aged Care: A Hybrid Literature Review. International Journal of Social Robotics, 1-27.

- Nawaser, K., Hakkak, M., Aeiny, M. A., Vafaei-Zadeh, A., & Hanifah, H. (2023). The effect of green innovation on sustainable performance in SMEs: the mediating role of strategic learning. International Journal of Productivity and Quality Management, 39(4), 490-511.

- Nawaser, K., Jafarkhani, F., Khamoushi, S., Yazdi, A., Mohsenifard, H., & Gharleghi, B. (2024). The dark side of digitalization: A visual journey of research through digital game addiction and mental health. IEEE Engineering Management Review. Pp. 1 - 27 doi: 10.1109/EMR.2024.3462740.

- Veale, M., Binns, R., & Edwards, L. (2022). Algorithms that remember: Model inversion attacks and data protection law. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 380(2226)

- Court of Justice of the European Union. (2014). Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, Case C-131/12, ECLI:EU:C:2014:317.

- Yazdi, A., Nawaser, K., Pezeshgi, S., Mohsenifard, H., & Golamian, E. (2024). Artificial intelligence in social sustainability: A bibliometric and content analysis-based review. Multidisciplinary Reviews, (Accepted Articles).

- Jafarkhani, F., Barani, F., Nawaser, K., Rashidi, H., & Gharleghi, B. (2024). Factors affecting the aesthetic experiences in educational games: A qualitative investigation. Journal of Economy and Technology, 2, 200-207.

- Yaghoubi, N. Khaksar, S.M.S. Banihashemi, S.A. Jahanshahi, A.A. Nawaser, K. (2011). The Impact of Knowledge Management on Customer Relationship Management European Journal of Economics, Finance and Administrative Sciences, (34), 76-86

- Gomes, S. M. P. J. (2024). EU personal data protection standards beyond its borders: An analysis of the european external governance through GDPR on Data Protection Laws in the ASEAN region (Master's thesis). https://repositorio.iscte-iul.pt/handle/10071/32736

- Wijesundara, T., Warren, M., & Arachchilage, N. (2025). GDPRShield: AI-Powered GDPR Support for Software Developers in Small and Medium-Sized Enterprises. arXiv preprint arXiv:2505.12640.

- Hakkak, M., Nawaser, K., Jalali, M., Ghahremani, S., Vafaei-Zadeh, A., & Hanifah, H. (2023). Determining a model for eliminating organisational lying: a grounded theory approach. International Journal of Information and Decision Sciences, 15(4), 345-365.

- Sepehr Ghazinoory, Meysam Narimani, Faezeh Khamoushi & Hamid Kazemi (2017) Extracting the innovation policies for Iran based on the approximation of policy implications for comparative economic doctrines, Economic Research-Ekonomska Istraživanja, 30:1, 1257-1276

- Hacker, P., Cordes, J., & Rochon, J. (2022). Regulating Gatekeeper AI and Data: Transparency, Access, and Fairness under the DMA, the GDPR, and beyond. arXiv preprint arXiv:2212.04997.

- Basirat, Sepideh, Raoufi, Sadaf, Bazmandeh, Danial, Khamoushi, Sayeh and Entezami, Mahmoudreza (2025) Ranking of AI-Based Criteria in Health Tourism Using Fuzzy SWARA Method. Computer and Decision Making: An International Journal, 2 . pp. 530-545. ISSN 3008-1416

- Miadzvetskaya, Y. (2023). Data Governance Act: On International Transfers of Non-Personal Data and GDPR Mimesis.

- Salih, A. M., Raisi‐Estabragh, Z., Galazzo, I. B., Radeva, P., Petersen, S. E., Lekadir, K., & Menegaz, G. (2025). A perspective on explainable artificial intelligence methods: SHAP and LIME. Advanced Intelligent Systems, 7(1), 2400304. Voigt, P., & Von dem Bussche, A. (2017). The eu general data protection regulation (gdpr). A practical guide, 1st ed., Cham: Springer International Publishing, 10(3152676), 10-5555.

- Seifi, N., Ghoodjani, E., Majd, S. S., Maleki, A., & Khamoushi, S. (2025). Evaluation and prioritization of artificial intelligence integrated block chain factors in healthcare supply chain: A hybrid Decision Making Approach. Computer and Decision Making: An International Journal, 2, 374–405.