Introduction
The past few years have seen the rapid emergence of agentic Artificial Intelligence (AI) Systems. These are a new class of tools that can act independently to accomplish specific goals without continuous human supervision.[1] Unlike traditional software or narrow AI models which operate within already defined constraints and require human supervision, agentic systems plan, act and adapt independently. They can call APIs, search the web, transact, and retain memories across tasks Their autonomous behaviour offers significant productivity gains but also introduces complex privacy and accountability risks.
This article uses the term “agentic privacy gap” to describe the mismatch between existing data-protection regimes and the ways in which agentic systems collect, infer and share personal data. Because these agents can autonomously chain together disparate data sources and update their goals in real time, individuals cannot anticipate or meaningfully consent to each processing step. The gap widens when agents generate sensitive inferences, transfer data across borders or interact with unvetted third-party services, creating new obligations under instruments such as the EU General Data Protection Regulation (GDPR), Nigeria’s Data Protection Act (NDPA) and the California Consumer Privacy Act (CCPA). It then examines from a comparative legal perspective whether existing data‑protection frameworks, built on notions of notice and choice and allocations of controller/processor allocations are adequate for autonomous agents, assesses liability and accountability frameworks and proposes consent and governance reforms that better reflect the realities of agentic AI.
1.1 The United States Notice‑And‑Choice Tradition
American privacy law has historically relied on the notion that Companies provide users with privacy policies and individuals can protect themselves by simply reading and choosing whether to consent or not using the available opt-out mechanism. This model assumes people read privacy policies and protect themselves by opting out. In reality, policies are unreadable, time‑consuming and overwhelming. Users click “I agree” to proceed, not because they understand the implications. This has long been criticised, but agentic AI makes the model even less workable. [2] This criticism has prompted calls to shift responsibility away from individuals toward organisations and regulators.
1.2 Consent under the General Data Protection Regulation (GDPR) and Nigeria Data Protection Act (NDPA)
Under the GDPR, consent must be freely given, specific, informed and unambiguous. It requires a clear affirmative action and cannot be inferred from silence or pre‑ticked boxes.[3] The Regulation also defines a Data Controller as the natural or legal person that determines the purposes and means of processing[4]. Processing of special‑category data (e.g., health information) has been prohibited[5] unless a specific exemption applies.
The NDPA adopts similar standards. Consent must be freely given, specific, informed and unambiguous. The Act explicitly prohibits relying on implied consent, inactivity or pre‑checked boxes. It also imposes strict restrictions on cross‑border transfers: personal data may only be transferred to countries providing adequate protection or under enumerated exceptions such as explicit consent or contractual necessity.[6]
1.3 Agentic AI and the Illusion of Consent
Agentic AI exposes a major weakness in the notice‑and‑choice model. These systems can independently call third‑party services, update their goals, and combine data in ways users cannot predict. Because their behaviour evolves continuously, individuals cannot realistically anticipate or consent to each specific processing activity.
Consider a simple instruction like “schedule a doctor’s appointment.” A digital assistant may scan messages and calendar entries to find suitable times, notice recurring mentions of headaches, infer a possible neurological issue, and then share that information with a specialist’s booking platform, potentially in another country. In doing so, the agent processes special‑category health data and triggers a cross‑border transfer, both of which normally require explicit consent and strict safeguards under the GDPR and NDPA. What began as a narrow task expands into a complex chain of processing involving new purposes, sensitive data, and unvetted third parties. Because the agent’s decisions unfold autonomously and in real time, traditional privacy mechanisms like static notices or one‑off consent forms cannot keep pace. The user’s initial request effectively becomes an open‑ended mandate, while the agent generates data flows the user never agreed to.
This disconnect is known as the “illusion of consent”: the user consents to one action, but the agent performs many more.
2.1 Who Is Responsible When Agents Cause Harm?
When an agentic system makes a mistake such as exposing personal data, engaging in discriminatory actions, or entering an unfavourable contract, the question of who bears liability becomes significantly more complex. Traditional data‑protection regimes place responsibility on the data controller, the party that decides the purposes and means of processing. But agentic AI blurs this role. These systems rely on third‑party tools, make autonomous decisions, and often behave in ways that neither developers nor users fully anticipate. As a result, the clear lines of responsibility assumed by existing frameworks begin to break down.
Assigning responsibility in agentic AI systems is challenging because harm often results from the combined actions of developers, deploying organisations and end users. Without clear lines of accountability, affected individuals may struggle to obtain redress.[7] Contract reviews show that many AI deployments still rely on outdated agreements that disclaim most responsibility: suppliers provide software “as is,” exclude consequential losses and shift compliance duties onto customers.[8] Standard indemnities typically exclude third‑party claims arising from an agent’s behaviour, leaving customers exposed when unexpected or emergent actions cause harm. At the same time, customers often lack contractual rights to audit or control how an agent makes decisions, yet they remain fully liable to regulators for the outcomes.
2.2 Regulatory Guidance On Accountability
Several regulators have begun addressing this accountability gap. The UK Information Commissioner’s Office (ICO) has stressed that existing data‑protection law continues to apply to agentic AI systems and has warned that accountability can become unclear within complex supply chains.[9] The Spanish Data Protection Authority (AEPD) similarly emphasises that the controller remains responsible regardless of the technology used. It requires organisations to determine controller and processor roles on a case‑by‑case basis, document data flows, and ensure ongoing compliance. The AEPD also expects controllers to assess cross‑border transfers and, where necessary, redesign agents to prevent unlawful data exports. Nigeria’s NDPA reflects the same principles: it requires explicit consent for cross‑border transfers and imposes strict limits on data export.[10]
2.3 Liability For Emergent Behaviours And Contract Limitations
Agentic systems can behave in unpredictable ways. They may “game” their objectives by taking shortcuts, misunderstand user intent, or even coordinate with other agents in unintended ways. Because these systems operate probabilistically, researchers emphasise the need for behavioural‑safety checks and continuous runtime monitoring. Some propose treating agents as Non‑Human Identities (NHIs), subject to structured onboarding, performance reviews and oversight mechanisms. [11] Others note that agentic AI increases the risks of goal misalignment, unauthorised actions and cascading system failures, making a precautionary, multi‑layered governance approach essential. Without such safeguards, the combination of unstable behaviours and outdated contractual terms can leave all parties exposed.[12]
3.1 Controller Vs Processor In Agentic Systems
Under current law, a controller is the party that determines the purposes and means of processing. Some argue that developers of agentic AI should also be treated as controllers because they design the system’s architecture, set reward functions and pre‑configure the data flows that shape an agent’s behaviour. Others contend that users whether individuals or organisations deploying the agent define the overall purpose and therefore remain the controllers. The AEPD takes a case‑by‑case approach: if a service simply carries out a task on the user’s behalf, it is likely a processor; but if it begins to determine its own purposes, it becomes a joint controller. In more complex ecosystems, this can result in joint‑controllership or chains of controllers and processors, making clear contractual arrangements and detailed role mapping essential.[13]
3.2 Arguments For Expanding The Definition
Proponents of reform argue that the definition of a Controller should expand to include AI developers, as they exert significant influence over an agent’s behaviour. Developers design the reward systems, training data and underlying architecture that shape how the agent makes decisions. They also often retain the ability to issue software updates and monitor outputs, giving them ongoing influence over processing activities. Others propose a data‑stewardship model, where multiple actors such as developers, deployers and platform operators collectively manage data in the user’s interest. This shared‑responsibility approach aligns with calls for differential privacy and other technical safeguards that minimise data exposure while preserving utility.[14]
3.3 Counter‑Arguments For Expanding The Defintion
Opponents warn against expanding the controller definition too broadly. They argue that designating developers as controllers could stifle innovation and impose disproportionate liability on start‑ups. In their view, users ultimately choose to deploy an agent and issue instructions, so they should remain the controllers. Some go further and suggest giving agents their own legal standing as non‑human participants. While certain schools of thought propose treating agents as NHIs with dedicated governance processes, current law does not recognise such a status.[15]
4.1 Recognising the limits of current consent and compliance frameworks, scholars and regulators have begun proposing new models tailored to the realities of agentic AI. These approaches aim to introduce more dynamic, granular and operationally grounded safeguards.
4.2 Dynamic And Granular Consent Mechanisms
4.3 Technical Safeguards And Privacy‑By‑Design
4.4 Governance Structures And Oversight
Conclusion
Agentic AI systems challenge the foundations of modern data‑protection regimes. They blur the boundaries between controllers and processors, weaken static consent models and introduce new forms of liability. The resulting agentic privacy gap reflects a simple reality: today’s frameworks were built for discrete processing activities and human‑directed decision‑making, not autonomous systems that plan and act on their own. As agents become more capable, dynamic consent, runtime compliance tools and adaptive governance are no longer optional they are essential. Regulators such as the AEPD, EDPS and ICO have begun to offer guidance, but significant gaps remain around role allocation, accountability and technical safeguards.
By adopting precautionary risk‑management practices, implementing dynamic consent mechanisms and embracing data‑stewardship models, lawmakers and practitioners can build protections fit for an era in which AI systems increasingly act on behalf of individuals.
Reference
[1] https://www.ibm.com/think/topics/agentic-ai
[2] https://www.gsulawreview.org/blog/the-illusion-of-consent-rethinking-privacy-online/#:~:text=Think%20of%20the%20last%20time,choice.%E2%80%9D1
[3] Article 4(11) of the GDPR
[4] Article 4(7) of the GDPR
[5] Article 9 of the GDPR
[6] Section 42 of the NDPA
[7] https://www.edps.europa.eu/data-protection/technology-monitoring/techsonar/agentic-ai_en#:~:text=interactions%20%28in%20particular%2C%20without%20step,while%20simultaneously%20coordinating%20multiple%20activities
[8] https://www.cliffordchance.com/insights/resources/blogs/talking-tech/en/articles/2026/02/agentic-ai-and-the-liability-gap-your-contracts-may-not-cover.html#:~:text=written%20for%20passive%2C%20predictable%20software,legal%2C%20reputational%20and%20operational%20consequences
[9] https://www.howespercival.com/articles/ico-sounds-note-of-caution-on-agentic-ai/#:~:text=Privacy%20%26%20Protection%20at%20the,Forefront
[10] https://fpf.org/blog/nigerias-new-data-protection-act-explained/#:~:text=The%20Act%20establishes%20as%20a,for%20the%20performance%20of%20a
[11] https://aisera.com/blog/agentic-ai-compliance/#:~:text=We%20have%20reached%20a%20turning,code%20without%20direct%20human%20supervision
[12] https://cltc.berkeley.edu/wp-content/uploads/2026/02/Agentic-AI-Risk-Management-Standards-Profile.pdf#:~:text=liability.%20Additionally%2C%20many%20risk,safety%2C%20security%2C%20or%20public%20trust
[13] https://www.aepd.es/en/guides/agentic-artificial-intelligence.pdf#:~:text=DETERMINING%20PROCESSING%20RESPONSIBILITIES%20Data%20Controller,use%20of%20agentic%20AI%20systems
[14] https://iapp.org/news/a/the-case-for-differential-privacy-in-the-age-of-agentic-ai
[15] Ibid
[16] https://iapp.org/news/a/engineering-gdpr-compliance-in-the-age-of-agentic-ai
[17] Ibid
[18] Ibid
[19] Differential privacy is a state-of-the-art definition of privacy used when analyzing large data sets. It guarantees that adversaries cannot discover an individual within the protected data set by comparing the data with other data sets
[20] Article 25 GDPR
[21] https://techinsights.linklaters.com/post/102mk6z/agentic-ai-and-data-protection-guidance-from-the-spanish-aepd#:~:text=The%20Spanish%20Data%20Protection%20Agency,autonomously%20across%20tools%20and%20environments
[22] Ibid
[23] Ibid