Respected or Challenged by Technology? The General Data Protection Regulation and Commercial Profiling on the Internet
48 Pages Posted: 21 Oct 2016 Last revised: 7 Nov 2016
Date Written: July 13, 2016
Individuals are becoming increasingly transparent on the Internet. When browsing websites, sending emails or keeping in touch with friends and acquaintances on social media platforms, they leave vast amounts of traces behind them. Commercial entities collect these data and with the help of complex algorithms, they construct and apply user profiles in order to infer a range of new information about Internet users. Essentially, the new General Data Protection Regulation seeks to regulate this process in the same way as it regulates any kind of personal data processing: by requiring that 20-year-old core principles of data protection law be respected. This thesis analyses whether two of them – the principles of purpose limitation and consent – succeed in living up to their aims and purposes when regulating commercial profiling operations. Given the broad material scope of the new Regulation, it has great potential to safeguard individuals’ rights and interests on the Internet. However, unless we start interpreting core principles more flexibly and in light of their aims and purposes, it is doubtful whether data protection law will be able to keep up with technology.
Keywords: Data protection, GDPR, big data, profiling, privacy
Suggested Citation: Suggested Citation