On the Infringement upon Natural Persons’ Data Protection Rights by Natural Persons — An EU-Centred Analysis

21 Pages Posted: 20 Sep 2017

See all articles by Céline Castets-Renard

Céline Castets-Renard

Institut Universitaire de France; University of Toulouse 1 - Université Toulouse 1 Capitole

Kévin Huguenin

University of Lausanne (UNIL) - HEC Lausanne

Mathias Humbert

ETH Zürich; ETH Zürich

Thibault Brunel

University Toulouse I, Faculty of Law, Students

Date Written: September 8, 2017

Abstract

Empowered by mobile devices and next-generation web services, such as personal cloud-storage services and social-networking services, individuals store increasing amounts of personal data online. As web services become more social, such personal data relates to individuals and to their relationships. As a matter of fact, individuals also disclose online personal data that relates to other individuals (e.g., individuals store their address books, which contain the birthdate and contact information or their contacts, on cloud platforms). The research questions addressed in this article are the following: “How do data protection regulations apply in such cases and to which extent do they protect data subjects from privacy infringements committed by natural persons in such a digital and online context?” and “how such protection can be improved, if needed, by integrating new legal solutions, potentially coupled with technical solutions for achieving compliance and enforcement?”

In most regulations that aim to protect the personal data of individuals, including the EU General Data Protection Regulation (GDPR) enacted on April 27th, 2016, the definition of data controllers encompasses natural and legal persons. This means that, even if some exceptions can apply in specific cases, a natural person who manipulates personal data of other natural persons, as illustrated above, must in principle respect the regulation. In their definition of personal data, many regulations rely on the core notion of data subject and make two assumptions: (i) for a given piece of personal data, there is a single data subject, i.e., personal data relates to a single individual, the data subject, (ii) the individual who discloses the personal data to an online service is the data subject (they are one and the same person). But in fact, in many situations, personal data relates to several natural persons and the determination of the data subject(s) is not straightforward. In this article, this problem is introduced and illustrated through carefully chosen real-life examples rooted in the use of information and communication technologies. A classification is proposed for the aforementioned situations: it contains three broad categories based on the relation between the user of the data and the data subject. The considered examples are analysed through the lens of the recently adopted EU GDPR. The ability of the EU GDPR to protect individuals against such infringements is questioned and discussed.

Keywords: Data-Protection and Privacy Laws; Information and Communication Technologies; Multi-Party and Interdependent Privacy Risks

Suggested Citation

Castets-Renard, Céline and Huguenin, Kévin and Humbert, Mathias and Brunel, Thibault, On the Infringement upon Natural Persons’ Data Protection Rights by Natural Persons — An EU-Centred Analysis (September 8, 2017). Available at SSRN: https://ssrn.com/abstract=3034181 or http://dx.doi.org/10.2139/ssrn.3034181

Céline Castets-Renard

Institut Universitaire de France ( email )

103, bld Saint-Michel
75005 Paris
France

University of Toulouse 1 - Université Toulouse 1 Capitole ( email )

2 Rue du Doyen-Gabriel-Marty
Toulouse, 31042
France

Kévin Huguenin (Contact Author)

University of Lausanne (UNIL) - HEC Lausanne ( email )

Unil Dorigny, Batiment Internef
Lausanne, 1015
Switzerland

HOME PAGE: http://people.unil.ch/kevinhuguenin/

Mathias Humbert

ETH Zürich ( email )

Department of Management, Technology and Economics
Weinbergstrasse 56/58
8092 Zurich
Switzerland

ETH Zürich ( email )

Department of Management, Technology and Economics
Weinbergstrasse 56/58
8092 Zurich
Switzerland

Thibault Brunel

University Toulouse I, Faculty of Law, Students ( email )

Capitol
France

Register to save articles to
your library

Register

Paper statistics

Downloads
85
rank
288,998
Abstract Views
384
PlumX Metrics
!

Under construction: SSRN citations while be offline until July when we will launch a brand new and improved citations service, check here for more details.

For more information