Academia.eduAcademia.edu

Outline

Title
Abstract
FAQs
Introduction
Data Protection and Fundamental Rights' Status?
Interpreting Data
Chapter Two: Data Protection and Consent
Children's Consent to Data Processing
References
All Topics
Law
International Law

Data Protection: When Others Know What You Want Before You Do

Profile image of Endi SpahoEndi Spaho

2019

Abstract

Data protection is nowadays of immense importance considering the fact that more than 250 million people in the European Union alone make use of the internet daily, such as using it to deal with online transaction whilst shopping, online banking, using social media or any other form. This results in boundless amounts of data being exchanged every day between different public and private actors, be it for benevolent purposes or not. For this to occur, however, these bodies need to acquire the consent of the individual (data subject) whereby the latter has to give it in a freely, specific, informed and unambiguous form. Not only are these criteria not fully fulfilled after the adoption of the GDPR (General Data Protection Regulation), but having created a connection between autonomy and consent, it seems that they water down the fundamental right of privacy which entails even further complications in the judicial system. The acquiring of consent demands within itself several implications when it is given to private bodies. Facebook, for instance, uses this data through computational inferences to interpret and predict confidential and private information that, in the long run, goes against the GDPR and also fundamental rights. Such data may infer someone’s sexual orientation, ethnicity, religious and political views, etc. These tools can be utilised for social control, dominance, or even chaos. Moreover, consenting can be linked to nudging. This is a way to influence people’s behaviours by allowing them the freedom to choose between different options. Nudging is a seldom-legislated area in the European Union and it requires different perspectives as to how to tackle public and private bodies interfering with people’s autonomy and manipulating them into desired outcomes. Consent is not in itself the issue. The instruments exercising it are, because they create a narrow perception of what happens in the world and should be tackled in a behavioural aspect: not assuming how people behave, but by observing how they really behave.

FAQs

sparkles

AI

How does computational inference impact the concept of consent in data protection?add

The study finds that computational inference often circumvents informed consent requirements, undermining individuals' control over their data.

What role do nudges play in shaping consumer behavior according to recent findings?add

Research indicates that nudges can significantly influence consumer choices, sometimes leading to unintended manipulations of autonomy.

Why is consent considered insufficient for protecting individual privacy rights?add

The analysis reveals that consent is often given without full understanding, limiting its effectiveness in safeguarding privacy.

When did the GDPR redefine requirements around consent for data processing?add

The GDPR, enforced in 2018, introduced stricter requirements for consent, emphasizing informed and unambiguous agreements.

What implications does data modeling have for personal autonomy in social media contexts?add

Data modeling can restrict personal autonomy by predicting and manipulating user behavior, as seen in targeted advertising strategies.

Related papers

Consent as a Basis for the Processing of Personal Data under the European Data Protection Directive: Case Study on Facebook
Mulu Beyene Kidanemariam

2015

View PDFchevron_right
Online consent: how much do we need to know
Lode Lauwaert

Online consent: how much do we need to know, 2023

This paper argues, against the prevailing view, that consent to privacy policies that regular internet users usually give is largely unproblematic from the moral point of view. To substantiate this claim, we rely on the idea of the right not to know (RNTK), as developed by bioethicists. Defenders of the RNTK in bioethical literature on informed consent claim that patients generally have the right to refuse medically relevant information. In this article we extend the application of the RNTK to online privacy. We then argue that if internet users can be thought of as exercising their RNTK before consenting to privacy policies, their consent ought to be considered free of the standard charges leveled against it by critics.

View PDFchevron_right
Meaningful Choice: A History of Consent and Alternatives to the Consent Myth
Charlotte A Tschider

North Carolina Journal of Law and Technology, 2021

Although the first legal conceptions of commercial privacy were identified in Samuel Warren and Louis Brandeis’s foundational 1890 article, The Right to Privacy, conceptually, privacy has existed since as early as 1127 as a natural concern when navigating between personal and commercial spheres of life. As an extension of contract and tort law, two common relational legal models, U.S. privacy law emerged to buoy engagement in commercial enterprise, borrowing known legal conventions like consent and assent. Historically, however, international legal privacy frameworks involving consent ultimately diverged, with the European Union taking a more expansive view of legal justification for processing as alternatives to consent. Unfortunately, consent as a procedural substitute for individual choice has created a number of issues in achieving legitimate and effective privacy protections for Americans. The problems with consent as a proxy for choice are well known. This Article explores the twin history of two diverging bodies of law as they apply to the privacy realm, then introduces the concept of legitimate interest balancing as an alternative to consent. Legitimate interest analysis requires an organization formally assess whether data collection and use ultimately result in greater benefit to individuals than the organization with input from actual consumers. This model shifts responsibility from individual consumers having to protect their own interests to organizations that must engage in fair data use practices to legally collect and use data. Finally, this Article positions the model in relation to common law, federal law, Federal Trade Commission activities, and judicial decision-making as a means for separating good-intentioned organizations from unethical ones.

View PDFchevron_right
How do you solve a problem like consent?
Ewa Luger

Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication, 2014

Ubiquitous computing systems raise unprecedented challenges to how we currently elicit, secure and sustain user consent. Consent is the interactional process by which a user agrees to the terms of engagement with a system, and it represents the principle mechanism by which we protect our privacy online. However, whereas traditional online interactions are explicit, offering a series of moments at which one might inform and engage the user, the growing 'era of ubiquity' has decoupled users from devices, presenting no clear moment for consent to occur. Whilst there have been efforts to raise issues of consent within HCI and cognate disciplines, these remain disparate. The aim of this workshop is to bring together a solutionoriented community with a specific focus on consent issues within interactive environments. It will create a transnational, multidisciplinary platform for discussion and offer opportunities for collaboration, support and the development of a new research agenda.

View PDFchevron_right
Information and consent (AoIR paper)
Amy A Hasinoff

Selected papers of internet research, 2013

In 1999, a technology CEO stated: “You have zero privacy. Get over it.” Is it true that privacy is impossible online? By socializing on the internet and on mobile devices, users deliberately and inadvertently generate personal artifacts and data that can be persistent, easily replicable, and even searchable. While people have significant interests in protecting their private personal information, the existing rhetorical and legal tools to do so are limited. The solution proposed here is to adopt a standard that explicit consent should be necessary for the production, distribution, or possession of private media content and information. Given the quantity of personal information created and stored in digital formats, scholars, policymakers, technology developers, and users alike need to develop social norms and technological mechanisms for obtaining meaningful and informed consent before circulating private information.

View PDFchevron_right
Exposing the Myth of Consent
Oliver Goodenough

Indiana Health Law Review, 2015

View PDFchevron_right
The Technology of Consent (Notes)
Chad Andrews

2015

Notes from a talk where I overview what I call "the technology of consent": The “technology” portion of the technology of consent refers to exactly what you’d expect. The technologies we’re surrounded by – from the phones in our pockets to the machines that brought us here to the photon-emitting devices that illuminate us. It refers, in other words, to the technological environment we inhabit, and that positions us as creatures of modern technoculture. The “consent” part of the title is trickier. My contention here is that in modern technological societies, like our own, the status quo is maintained not through coercion, where subjects are forced to conform, but through the establishment of a tenuous consent, where subjects agree to the legitimacy of ideologies and social structures. The basic characteristics of this view are borrowed from the Marxist thinker Antonio Gramsci, and the theoretical aspect of my work involves investigating the viability of a Gramscian approach to modern technological democracies.

View PDFchevron_right
Consent Study In Europe : A Study Case to Understand Development of Digital Consent In UK
Asep Kamaluddin Nashir

Global Komunika, 2023

The securitization of cyberspace has been specter to the political studies in various countries. This article focusses on the dynamic of speech act on implementation consent and its relation to the theory of lateral pressure formulated by Nazli in studying cyberpolitcs. Since 2018 European Commission has implemented GDPR as a basic law related to data transfer, collect and process (TCP). This policy has brought the fundamental problem to the activity conducting by the state and private sector. Moreover, it was also criticized that this policy has brought to the discrimination of algorithm that came to bias to the minority group. In speak of Methodology, we used qualitative research of 418 article with keyword 'consent' focusing in Social and Humanities Science on Journal Sage, after manually analysis found 146 articles related to the consent study and social science. The final project is to find out the significant tendency on how Europe has securitized GDPR through speech act by corelating it to the Lateral Pressure Index. The potential implications of the finding could give theoretical preference in formulating data protection base policy.

View PDFchevron_right
The notion of consent in GDPR
Maria Apostolina

2018

View metadata, citation and similar papers at core.ac.uk provided by International Hellenic University: IHU Open Access Repository VI. The withdrawal of consent……………………………………………42 VII. Right to erasure or "right to be forgotten"……………………………42 VIII. Burden of proof for the acquisition of consent……………………….44 IX. Overall assessment and future perspectives…………………………...44 X. Concluding remarks…………………………………………………...47 References……………………………………………………………..49 This dissertation could not have been finished without the help and support of my supervisor professor, the academic staff, the academic library of International Hellenic University, and my family. It is my great pleasure to acknowledge people who have given me guidance, help and support and who have faith in me. First of all , I would like to express my sincere appreciation and deepest gratitude to my supervisor professor and Scientific Director Professor Dr Athanasios Kaissis for providing me with the opportunity to attend the LLM in Transnational and European Commercial Law and Alternative Dispute Resolution Program , which enabled me to acquire valuable knowledge on international commercial law , economics and ADR . I would like to thank him for his extremely valuable guidance and support in order to complete this dissertation. Similarly, I would like to thank Dr Komnios Komninos for his also extremely valuable guidance and suggestions, which were very helpful and precious to me in order to finish this dissertation. Special thanks should be given to the academic library of International Hellenic University, which provided me with variety of resources, the library staff, the academic staff and assistants in general, who were always willing to help me and guide me through my research. Also, I would like to thank particularly , a very beloved person , who is important to my life , who I consider to be my family , who urges me to reach my goals , who tells me to "fly as high as I can" , and who encouraged and inspired me to undertake and complete this particular dissertation . Finally , I would like to thank my parents , my brother and my daughter , who have faith in me and always support and encourage me to overcome myself .

View PDFchevron_right
A European Perspective on Data Processing Consent through the Reconceptualization of European Data Protection's Looking Glass after the Lisbon Treaty: Taking Rights Seriously
Federico Ferretti

European Review of Private Law, 2012

EU data protection law is undergoing a process of reform to meet the challenges of the modern economy and rapid technological developments. This study re-conceptualizes data protection in the EU in light of the enactment of the Treaty of Lisbon and the Charter of Fundamental Rights of the EU. It focuses on data subjects' consent as a key component of data processing legislation-alongside the principles of purpose specification and data quality-to reinforce the view that it is a necessary, though not sufficient, tool to guarantee the declared high level of protection of individuals. To prevent confusion, conflation, or abuse of consent and safeguard the fundamental values to which it is tied, this paper puts forward that additional legal constraints and qualifications would be necessary for the enhancement of its application and enforcement. Soft or libertarian paternalism may be the key to nudge individuals towards the desired social outcome while preserving their individual autonomy. The ultimate suggestion is that EU policy makers should take rights seriously and not be seduced by and surrender to conflicting economic interests.

View PDFchevron_right

References (24)

  1. P Carey, Data Protection: A Practical Guide to UK and EU law (4 th edn, OUP 2015) 1.
  2. E Kosta, Consent in European Data Protection Law (Brill 2013) 13; See for instance the early reactions of A Westin, Privacy and Freedom (6th edn Atheneum Book 1970) and P Sieghart, Privacy and computers (Latimer 1976), who discussed extensively the nature of computers and how they can put privacy at risk.
  3. See E Kosta n9 254.
  4. P De Hert and S Gutwirth, 'Data protection in the case law of Strasbourg and Luxemburg: Constitutionalisation in action' in P De Hert and S Gutwirth and others (eds), Reinventing data protection? (Springer 2009) 1.
  5. Council of Europe, Handbook on European Data Protection Law (Publications Office of the European Union 2018) 18.
  6. United Nations (UN), Universal Declaration of Human Rights (UDHR), 10 December 1948., art 12; Council of Europe, European Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocols Nos 11 and 14, 4 November 1950, ETS 5, art 8.
  7. Charter of Fundamental Rights of the European Union [2012] OJ 1 326/391.
  8. P De Hert and S Gutwirth, 'Making sense of privacy and data protection: A prospective overview in the light of the future of identity, location-based services and virtual residence' in Institute for Prospective Technological 98 HJ Smith and others, 'Information privacy: Measuring individuals' concerns about organizational practices' (1996) 20(2) MIS Quarterly 167.
  9. Ibid.
  10. M De Choudhury and others, 'Predicting Postpartum Changes in Emotion and Behavior via Social Media' (2013) MICROSOFT RESEARCH, available at http://research.microsoft.com/enus/um/people/horvitz/predicting_postpartum_changes_chi_2013.pdf; M De Choudhury and others, 'Predicting Depression via Social Media' (2013 128 Proceedings of The Seventh International AAAI Conference on Weblogs and Social Media available at <http://www.aaai.org/ocs/index.php/ICWSM/ICWSM13/paper/view/6124/6351> accessed 3 May 2019.
  11. Lucia Moses, 'Marketers Should Take Note of When Women Feel Least Attractive' (Adweek, 2 October 2013) <https://www.adweek.com/brand-marketing/marketers-should-take-note-when-women-feel-least- attractive-152753/> accessed 2 May 2019.
  12. 'This could be done by hiring people based on "commuting distance to work," a factor that companies working on algorithmically calculating the potential success of newly hired employees have already found to be correlated to a low-degree of employee turnover. Such a criterion would not directly target race, but given the residential segregation patterns in many cities around the United States, could easily effectively do so' -elaborated in Z Tufekci, 'Algorithmic harms beyond Facebook and Google: Emergent challenges of computational agency' (2015) 13 Colo Tech LJ 203, 217. record it and link it to your Guest ID', as elaborated in Charles Duhigg, 'How Companies Learn Your Secrets' (The New York Times Magazine, 16 February 2012)<https://www.nytimes.com/2012/02/19/magazine/shopping- habits.html> accessed 22 May 2019.
  13. Ibid.
  14. See Z Tufekci n83.
  15. The term was first coined in CR Sunstein and RH Thaler, 'Libertarian Paternalism Is Not an Oxymoron' (2003) 70(4) The University of Chicago Law Review 1159, 1160.
  16. HS Saetra, 'When nudge comes to shove: Liberty and nudging in the era of big data' (2019) Technology in Society <https://doi.org/10.1016/j.techsoc.2019.04.006> accessed 22 May 2019, 4;
  17. R Baldwin, 'From regulation to behavior change: Giving nudge the third degree' (2014) 77(6) The Modern Law Review 831, 833. Implementation/Application of Directive 2005/29/EC on Unfair Commercial Practices ' SEC (2009) 1666 , ec.europa.eu/justice/consumer-marketing/fi les/ucpd_report_en.pdf, 32), consumer rights (particularly art 22 of Directive 2011/83/EU on consumer rights [ 2011 ] OJ L304/64 , which prohibits the use of pre-ticked boxes on e-commerce websites).
  18. AL Sibony and A Alemanno, 'The emergence of Behavioural policy-making: a European Perspective' in A Alemanno and AL Sibony (eds), Nudge and the Law: A European Perspective (Hart Publishing 2015) 21.
  19. A Alemanno and A Spina, 'Nudging legally: On the checks and balances of behavioral regulation' (2014) 12(2) International Journal of Constitutional Law 429, 445.
  20. A Alemanno and A Spina, 'On the Checks and Balances of Behavioural Regulation' (2014) 12 International Journal of Constitutional Law 429.
  21. Informed consent in this section is not meant merely for data processing, but in the general manner.
  22. See CR Sunstein and RH Thaler n114, 1159-1160;
  23. R Munoz and others, 'Evidence-Based Nudging: Best Practices in Informed Consent' (2015) 15(10) The American Journal of Bioethics 43, 43.
  24. E Di Nucci, 'Habits, Nudges, and Consent' (2013) 13(6) The American Journal of Bioethics 27, 28.

Related papers

THE ROLE OF CONSENT IN LEGITIMISING THE PROCESSING OF PERSONAL DATA UNDER THE CURRENT EU DATA PROTECTION FRAMEWORK
Sandeep Mittal

Asian Journal of Computer Science And Information Technology 7: 4 August (2017) 76-78, 2017

A large amount of personal data is being collected in the form of metadata or personal identification data having the potential of invading the privacy of the data subject, even when collected anonymously. The consent is an instrument in the hands of data subjects to control their personal data in the context of EU data privacy framework. The consent plays an important role in legitimising the processing of personal data and EU has place high stakes on this concept at the cost of other legitimising factors like contract, which probably would be a more attractive proposition for market forces. There is a real possibility that by the time GDPR is adopted by member states, the enforcement of the violations of the provisions related to the consent becomes impossible and redundant in view of rapidly evolving information society services.

View PDFchevron_right
The unbearable lightness of consent
Paul Prinsloo

Proceedings of the Fifth Annual ACM Conference on Learning at Scale, 2018

The article discusses challenges to privacy protection in social media platforms, focusing in particular on the principle of user consent. Based on a Danish study, the article argues that in relation to Facebook, user consent de facto served as the price for participating and for gaining access to a social infrastructure. The article opens with a brief introduction to privacy as a human right, followed by a discussion of some of the critique that has been raised towards social media platforms vis-à-vis the right to privacy. Second, it presents the findings from a study conducted amongst 68 Danish high school students in October 2013 concerning their privacy perceptions and practices when using social media platforms. Thirdly, it discusses the implications of these findings in relation to the principle of user consent as a means of providing individuals with control over their personal information in the context of social media platforms.

View PDFchevron_right
When Consent Doesn’t Work: A Rights-Based Case for Limits to Consent’s Capacity to Legitimise
Keith Hyams
View PDFchevron_right
Just ticking the box: A social informatics model of the consequences of consent
Rob Wilson

2019

Given the societal diffusion, proliferation and ubiquity of computerised systems and platforms, it is generally perceived by consumers that systems and eBusiness platforms often pose a threat to the privacy of their supplied information (Srnicek, 2017; Andreotti et al., 2018). Furthermore, as we see the replacement of systems that were once manual and paper-based migrate to digital processes and information systems (Lunt et al., 2019), consent in the information era is reduced to ‘Yes’ or ‘No’ option, often in the form of a tick box. Additionally, despite the arrival of the General Data Protection Regulation in 2018 as means to provide protection in relation to data processing, we argue that there is a lack of transparency in relation to the intention of this data processing and secondary data use for the purposes of research and marketing, for example. In light of this, we argue that there exists an increasingly difficult challenge to establish a mutual understanding of what consen...

View PDFchevron_right
Forgetting about consent. Why the focus should be on "suitable safeguards" in data protection law
Gabriela Zanfir

""This article explores the assumption that data processing based on consent is ancillary in the greater context of data protection, being only one of the six lawful bases for data processing. Moreover, the data protection draft regulation proposed by the European Commission in 2012 meets overwhelmingly the concerns regarding consent in data protection expressed on numerous occasions in the past years. Hence, the focus in data protection law should be, instead, on the development of efficient and clear provisions for handling data, which can be deemed as “suitable safeguards”, regardless of the bases of their processing. For instance, the rights of the data subject – access, information, erasure etc., purpose requirements and accountability rules are effective in all of the situations of data processing. This article proposes a set of such suitable safeguards which match the content and the purpose of the right to data protection. Key-words: consent, draft regulation, rights of the data subject, suitable safeguards. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2261973

View PDFchevron_right

Related topics

  • European Union Law
  • EU Law
  • Privacy and data protection
  • General Data Protection Regulati...
  • Computational Inference
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved