Vulnerable Data Subjects

Computer Law and Security Review, Special Issue on Data Protection and Research, Forthcoming

22 Pages Posted: 20 Apr 2020

See all articles by Gianclaudio Malgieri

Gianclaudio Malgieri

EDHEC Business School - Augmented Law Institute; Vrije Universiteit Brussel (VUB) - Faculty of Law

Jedrzej Niklas

Cardiff University - School of Journalism, Media and Culture

Date Written: March 15, 2020


The discussion about vulnerable individuals and communities spread from research ethics, to consumer law and human rights. According to many theoreticians and practitioners, the framework of vulnerability allows formulating an alternative language to articulate problems of inequality, power imbalances and social injustice. Building on this conceptualisation, we try to understand the role and potentiality of the notion of vulnerable data subjects. The starting point for this reflection is wide-ranging development, deployment and use of data-driven technologies that may pose substantial risks to human rights, the rule of law and social justice. Application of such technologies area can significantly contribute to systematically disadvantage marginalised communities, exploit people in particularly sensitive life situations and lead to discrimination. Considering those problems, we recognise the special role of personal data protection and call for its vulnerability-aware interpretation. However, to better delineate and contextualise the general understanding of human vulnerability we first review the theories of vulnerability and the use of the concept in international human rights law and European law. Consequently, we recognise two dichotomies that are related to human vulnerability that also emerge in the data protection field: the first one relates to the definition and the second one to the manifestation of vulnerability. As regards the definition, we observe the tensions between the universal approach (vulnerability is a general human condition) and the particular one (only specific groups are vulnerable). As regards manifestation, we observe the dichotomy between vulnerability within the data processing itself and vulnerability to the outcome of data processing. To overcome limitations that arose from those two dichotomies we support the idea of layered vulnerability, which seems compatible with the GDPR and the risk-based approach. We also see particular connections between vulnerability and issues of consent, Data Protection Impact Assessment and the role of Data Protection Authorities.

Keywords: Vulnerability; Vulnerable data subjects; Data Subjects; GDPR; Data Protection; Privacy

Suggested Citation

Malgieri, Gianclaudio and Niklas, Jędrzej, Vulnerable Data Subjects (March 15, 2020). Computer Law and Security Review, Special Issue on Data Protection and Research, Forthcoming, Available at SSRN:

Gianclaudio Malgieri (Contact Author)

EDHEC Business School - Augmented Law Institute ( email )

58 rue du Port
Lille, 59046

HOME PAGE: http://

Vrije Universiteit Brussel (VUB) - Faculty of Law ( email )



Jędrzej Niklas

Cardiff University - School of Journalism, Media and Culture ( email )

Aberconway Building
Colum Drive
Cardiff, Wales CF10 3EU
United Kingdom

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics