--- title: Guillermo Lazcoz type: entity tags: [researcher, law, gdpr, ai-act, ai-bioethics] affiliation: University of the Basque Country (UPV/EHU) — Faculty of Law; Centro de Investigación Biomédica en Red (CIBERER — ISCIII) sources: ["[[sources/2023-lazcoz-dehert-humans-in-gdpr-and-aia-governance]]"] created: 2026-04-27 updated: 2026-04-27 --- # Guillermo Lazcoz Researcher at the **University of the Basque Country (UPV/EHU)**, Faculty of Law (Leioa, Spain), with affiliation also at **Centro de Investigación Biomédica en Red (CIBERER — ISCIII)** in Madrid. Works on EU data-protection law, AI governance, and the intersection of biomedical/AI research with fundamental rights. Stays at LSTS / VUB Brussels collaborating with [[entities/paul-de-hert]] (research stay first half of 2021 funded by the Spanish Ministry of Universities — EST19/00674 mobility programme). ## Contributions in this wiki - [[sources/2023-lazcoz-dehert-humans-in-gdpr-and-aia-governance]] — Doctrinal analysis of human intervention under GDPR Art. 22 and the AI Act (Computer Law & Security Review 50, 2023). Co-authored with [[entities/paul-de-hert]]. ## External work referenced (not in this wiki) - *"When GDPR-principles blind each other. Accountability, not transparency, at the heart of algorithmic governance"* (with de Hert), 8 *European Data Protection Law Review* 31 (2022). - *"Radical rewriting of Article 22 GDPR on machine decisions in the AI era"* (with de Hert), European Law Blog, 13 Oct 2021. ## Significance Co-author of the legal-risk cluster's anchor paper. The 2023 article argues for reframing Art. 22 GDPR as a *procedural* right anchored in GDPR's accountability principle — a substantive contribution to the doctrinal debate about why mandatory human intervention has historically been unenforceable and how the AI Act provides a new operational route via DPIAs. ## Related Co-author: [[entities/paul-de-hert]]. Topical neighbours: [[concepts/gdpr-article-22]] · [[concepts/eu-ai-act]] · [[concepts/dpia]] · [[concepts/human-oversight]].