Not Just User Control in the General Data Protection Regulation. On the Problems with Choice and Paternalism, and on the Point of Data Protection

C. Quelle, ‘Not Just User Control in the General Data Protection Regulation’ in A. Lehmann et al (eds), Privacy and Identity Management – Facing up to Next Steps, IFIP AICT 498 (2017)

26 Pages Posted: 6 Mar 2017

See all articles by Claudia Quelle

Claudia Quelle

Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT)

Date Written: February 28, 2017

Abstract

User control is increasingly prominent in the discourse surrounding the General Data Protection Regulation (GDPR). However, alongside user control, the GDPR also tries to achieve what will be called controller responsibility. Is this unjust paternalism or does it correctly place the responsibility for data protection with the controller and its supervisory authority? This paper argues that the question of responsibility should be evaluated in light of the overarching objective of the GDPR to protect the fundamental rights of natural persons. It describes the problems of a focus on the “choice” of data subjects, but also takes seriously the charge of paternalism which more protective data protection laws are faced with, tying the resulting dilemma to the objectives of data protection and ultimately to the debate on the nature of rights. Does data protection law seek to protect certain interests, such as secrecy and seclusion, or does it seek to give data subjects control over their data, and thereby political power regarding the substance of their fundamental rights? The paper concludes that a further exploration of will theories and interest theories of rights would shed light on the appropriate roles for user control and controller responsibility.

Keywords: data protection, controller responsibility, informational self-determination, consent, paternalism, fundamental rights

Suggested Citation

Quelle, Claudia, Not Just User Control in the General Data Protection Regulation. On the Problems with Choice and Paternalism, and on the Point of Data Protection (February 28, 2017). C. Quelle, ‘Not Just User Control in the General Data Protection Regulation’ in A. Lehmann et al (eds), Privacy and Identity Management – Facing up to Next Steps, IFIP AICT 498 (2017), Available at SSRN: https://ssrn.com/abstract=2925410 or http://dx.doi.org/10.2139/ssrn.2925410

Claudia Quelle (Contact Author)

Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT) ( email )

Tilburg
Netherlands

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
237
Abstract Views
839
rank
148,459
PlumX Metrics