The Future of Consumer Data Protection in the E.U. Rethinking the 'Notice and Consent' Paradigm in the New Era of Predictive Analytics

Computer Law and Security Review, 2014, 30, 643-660

30 Pages Posted: 23 Nov 2014 Last revised: 10 Jul 2015

See all articles by Alessandro Mantelero

Alessandro Mantelero

Polytechnic University of Turin - Department of Management and Production Engineering

Date Written: November 19, 2014

Abstract

The new E.U. proposal for a general data protection regulation has been introduced to give an answer to the challenges of the evolving digital environment. In some cases, these expectations could be disappointed, since the proposal is still based on the traditional main pillars of the last generation of data protection laws. In the field of consumer data protection, these pillars are the purpose specification principle, the use limitation principle and the “notice and consent” model. Nevertheless, the complexity of data processing, the power of modern analytics and the “transformative” use of personal information drastically limit the awareness of consumers, their capability to evaluate the various consequences of their choices and to give a free and informed consent.

To respond to the above, it is necessary to clarify the rationale of the “notice and consent” paradigm, looking back to its origins and assessing its effectiveness in a world of predictive analytics. From this perspective, the paper considers the historical evolution of data protection and how the fundamental issues coming from the technological and socioeconomic contexts have been addressed by regulations. On the basis of this analysis, the author suggests a revision of the “notice and consent” model focused on the opt-in and proposes the adoption of a different approach when, such as in Big Data collection, the data subject cannot be totally aware of the tools of analysis and their potential output. For this reason, the author sustains the provision of a subset of rules for Big Data analytics, which is based on a multiple impact assessment of data processing, on a deeper level of control by data protection authorities, and on the different opt-out model.

Keywords: privacy, big data, data protection, personal information, notice, consent

JEL Classification: K1, K2

Suggested Citation

Mantelero, Alessandro, The Future of Consumer Data Protection in the E.U. Rethinking the 'Notice and Consent' Paradigm in the New Era of Predictive Analytics (November 19, 2014). Computer Law and Security Review, 2014, 30, 643-660, Available at SSRN: https://ssrn.com/abstract=2529245

Alessandro Mantelero (Contact Author)

Polytechnic University of Turin - Department of Management and Production Engineering ( email )

Corso Duca degli Abruzzi, 24
Torino, 10129
Italy

HOME PAGE: http://staff.polito.it/alessandro.mantelero/

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
546
Abstract Views
1,899
rank
71,822
PlumX Metrics