On Decision Transparency, or How to Enhance Data Protection after the Computational Turn
M. Hildebrandt & K. De Vries (eds), Privacy, Due Process and the Computational Turn, Abingdon: Routledge, pp. 196-220, 2013
19 Pages Posted: 15 Dec 2013 Last revised: 3 Apr 2014
Date Written: September 1, 2013
How can data protection meet the challenge of decisions increasingly being taken on the basis of large-scale, complex, and multi-purpose processes of matching and mining enormous amounts of data? This paper argues that the focus in data protection should shift from ex ante regulation of data processing to ex post regulation of decision-making. A focus on decision transparency is needed to enhance the protection of individuals after the computational turn. After briefly analysing the limitations of the Data Protection Directive and of the current proposals for revision, I provide a theoretical and practical perspective on effecting decision transparency. The first, theoretical, part applies the conceptual framework of David Heald on transparency relations to explain data-processing relationships. Enhancing protection requires a dual strategy: diminishing transparency of data subjects, through shielding and obfuscating data, and enhancing transparency of data controllers, through introducing mechanisms for outcome (and not only process) transparency, retrospective transparency in (near) real-time for individual cases, and, most importantly, effective (and not only nominal) transparency. This requires receptors who are capable of understanding transparency information and who are able to use it. The second part of the chapter discusses ways in which the theoretical approach could be effected in practice. It describes existing models of transparency in legal, social, and technical regulatory measures, and discusses how these models could enhance transparency of data controllers in illustrative cases of commerce, government service provisioning, and law enforcement. The paper concludes that in the 21st century, with its computational turn, data protection can no longer reside in the exclusive realm of informational privacy and self-determination; rather, it must be approached from the angle of due process and fair treatment in the database age. A focus on decision transparency has good potential to achieve just that.
Keywords: data protection, downwards transparency, profiling, decision-making, ex post regulation
JEL Classification: K19, K30, O38, J78, L86
Suggested Citation: Suggested Citation