Online Data Processing Consent Under EU Law: A Theoretical Framework and Empirical Evidence from the UK

International Journal of Law and Information Technology, Vol. 21, No. 2 (2013)

45 Pages Posted: 24 Nov 2013

See all articles by Maurizio Borghi

Maurizio Borghi

Centre for Intellectual Property Policy & Management (CIPPM)

Federico Ferretti

Brunel University London - Brunel Law School

Stavroula Karapapa

University of Reading; Centre for Commercial Law and Financial Regulation

Date Written: March 10, 2013

Abstract

This article analyses the results of an empirical study on the 200 most popular UK-based websites in various sectors of e-commerce services. The study provides empirical evidence on unlawful processing of personal data; it comprises a survey on the methods used to seek and obtain consent to process personal data for direct marketing and advertisement, and a test on the frequency of unsolicited commercial emails (UCE) received by customers as a consequence of their registering and submitting personal information to websites. Part One of the article presents a conceptual and normative account of data protection, it discusses the ethical values on which data protection is grounded and outlines the elements that have to be in place to seek and obtain valid consent to process personal data under European Union law. Part Two discusses the outcomes of the empirical study, which unveils a significant departure between EU legal theory and practice in data protection. Although a wide majority of websites (69%) has in place a system to ask separate consent for engaging in marketing activities, it is only 16.2% of them that obtain a consent which is valid under the standards set by EU law. The test with UCE shows that only less than one out of three websites (30.5%) respects the will of the data subject not to receive commercial communications, and that, when submitting personal data in online transactions, there is a high probability (50%) of incurring in a website that will ignore the refusal of consent and will send UCE. The article concludes that there is either lack, or inappropriate standard, of implementation, information or supervision by the UK authorities, especially in light of the clarifications provided at EU level.

Keywords: data protection, e-privacy, e-commerce, consent, unsolicited commercial emails, EU law, UK law

Suggested Citation

Borghi, Maurizio and Ferretti, Federico and Karapapa, Stavroula, Online Data Processing Consent Under EU Law: A Theoretical Framework and Empirical Evidence from the UK (March 10, 2013). International Journal of Law and Information Technology, Vol. 21, No. 2 (2013). Available at SSRN: https://ssrn.com/abstract=2358921 or http://dx.doi.org/10.2139/ssrn.2358921

Maurizio Borghi (Contact Author)

Centre for Intellectual Property Policy & Management (CIPPM) ( email )

Bournemouth University
Fern Barrow
Poole, Dorset BH12 5BB
United Kingdom

HOME PAGE: http://www.cippm.org.uk

Federico Ferretti

Brunel University London - Brunel Law School ( email )

Kingston Lane
Elliott Jaques Building
Uxbridge, Middlesex UB8 3PH
United Kingdom

Stavroula Karapapa

University of Reading ( email )

Whiteknights
Reading, Berkshire RG6 6AH
United Kingdom

HOME PAGE: http://www.reading.ac.uk/law/about/staff/s-karapapa.aspx

Centre for Commercial Law and Financial Regulation ( email )

Whiteknights
Reading, RG6 7BA
United Kingdom

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
407
Abstract Views
1,395
rank
77,044
PlumX Metrics