Online Data Processing Consent Under EU Law: A Theoretical Framework and Empirical Evidence from the UK
International Journal of Law and Information Technology, Vol. 21, No. 2 (2013)
45 Pages Posted: 24 Nov 2013
Date Written: March 10, 2013
This article analyses the results of an empirical study on the 200 most popular UK-based websites in various sectors of e-commerce services. The study provides empirical evidence on unlawful processing of personal data; it comprises a survey on the methods used to seek and obtain consent to process personal data for direct marketing and advertisement, and a test on the frequency of unsolicited commercial emails (UCE) received by customers as a consequence of their registering and submitting personal information to websites. Part One of the article presents a conceptual and normative account of data protection, it discusses the ethical values on which data protection is grounded and outlines the elements that have to be in place to seek and obtain valid consent to process personal data under European Union law. Part Two discusses the outcomes of the empirical study, which unveils a significant departure between EU legal theory and practice in data protection. Although a wide majority of websites (69%) has in place a system to ask separate consent for engaging in marketing activities, it is only 16.2% of them that obtain a consent which is valid under the standards set by EU law. The test with UCE shows that only less than one out of three websites (30.5%) respects the will of the data subject not to receive commercial communications, and that, when submitting personal data in online transactions, there is a high probability (50%) of incurring in a website that will ignore the refusal of consent and will send UCE. The article concludes that there is either lack, or inappropriate standard, of implementation, information or supervision by the UK authorities, especially in light of the clarifications provided at EU level.
Keywords: data protection, e-privacy, e-commerce, consent, unsolicited commercial emails, EU law, UK law
Suggested Citation: Suggested Citation