What Makes Data Personal?

55 Pages Posted: 7 Jun 2022

See all articles by Maria Lillà Montagnani

Maria Lillà Montagnani

Bocconi University - Department of Law

Mark Verstraete

UCLA School of Law

Date Written: June 4, 2022

Abstract

Personal data is an essential concept for information privacy law. Privacy’s boundaries are set by personal data: for a privacy violation to occur, personal data must be involved. And an individual’s right to control information extends only to personal data. However, current theorizing about personal data is woefully incomplete. In light of this incompleteness, this Article offers a new conceptual approach to personal data. To start, this Article argues that personal data is simply a legal construct that describes the set of information or circumstances where an individual should be able to exercise control over a piece of information.

After displacing the mythology about the naturalness of personal data, this Article fashions a new theory of personal data that more adequately tracks when a person should be able to control specific information. Current approaches to personal data rightly examine the relationship between a person and information; however, they misunderstand what relationship is necessary for legitimate control interests. Against the conventional view, this Article suggests that how the information is used is an indispensable part of the analysis of the relationship between a person and data that determines whether the data should be considered personal. In doing so, it employs the philosophical concept of separability as a method for making determinations about which uses of information are connected to a person and, therefore, should trigger individual privacy protections and which are not.

This framework offers a superior foundation to extant theories for capturing the existence and scope of individual interests in data. By doing so, it provides an indispensable contribution for crafting an ideal regime of information governance. Separability enables privacy and data protection laws to better identify when a person’s interests are at stake. And further, separability offers a resilient normative foundation for personal data that grounds interests of control in a philosophical foundation of autonomy and dignity values—which are incorrectly calibrated in existing theories of personal data. Finally, this Article’s reimagination of personal data will allow privacy and data protection laws to more effectively combat modern privacy harms such as manipulation and inferences.

Keywords: privacy, data protection, GDPR, legal theory, dignity, CCPA, inferences, privacy law, information law

JEL Classification: K1

Suggested Citation

Montagnani, Maria Lillà and Verstraete, Mark, What Makes Data Personal? (June 4, 2022). UC Davis Law Review, Vol. 56, No. 3, 2023 Forthcoming, Bocconi Legal Studies Research Paper No. 4128080, Available at SSRN: https://ssrn.com/abstract=4128080 or http://dx.doi.org/10.2139/ssrn.4128080

Maria Lillà Montagnani

Bocconi University - Department of Law ( email )

Via Roentgen, 1
Milan, Milan 20136
Italy

Mark Verstraete (Contact Author)

UCLA School of Law ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
300
Abstract Views
1,148
rank
149,458
PlumX Metrics