This work aims at investigating the concept of “individual control over personal data”, as a core constituent of data protection law. In an era in which personal data have become a main driving force behind innovation, growth and prosperity; companies and governments are at war to gain new usable knowledge; technological advances are upstaging expectations in terms of what can be inferred, predicted and manipulated through data, and people are milked at an increasing speed to fulfill the generalized data hunger, calls to bring individuals back in control of their personal data and develop a more individual-friendly data ecosystem have been increasingly pressing. Yet, older and newer hurdles still hinder a satisfactory implementation of this vision. Against this backdrop, this work intends to investigate in depth the notion of “individual control” in the data protection realm and its persisting shortcomings, and attempt to further explore what steps could be made to move forward, in order to offer the necessary support or supplementation to this underlying principle of data protection. To this end, the analysis starts by providing a historical overview to track the emergence of this notion in the European data protection context, taking into account the role assigned to the concept of “control” in the doctrinal debate, its legal manifestation within regulatory provisions (at national, international and EU level) and the approach of the CJEU jurisprudence on the matter. The analysis further considers the manifold issues that undermine the effective implementation of the idea of individual control, particularly as a result of the technological changes that have transformed our society and revolutionized the way in which we live and communicate. Finally, in light of the shortcomings affecting the privacy self-management logic, the work seeks to explore possible a selection of mechanisms and approaches that, if adequately leveraged and implemented, could offer effective support and complementation to the individual control model, with a view to increasing the level of protection offered to individuals. These mechanisms include both “individual-centric” measures, whose leading actors remain data subjects and whose objective is to enhance the means individuals can use to gain better control, but also measures that move beyond a strict “data subject-focused” dimension, in that they are addressed to different societal actors and approach data protection from a broader collective rather than strictly individualistic perspective. As the analysis shows, there is, unfortunately, no silver bullet. However, the promotion and valorization of the proposed mechanisms and the combined benefits that these could bring, in their own way, on the data protection table are a first essential step to start building a systemic and comprehensive response to the protection gaps that afflict individuals and society as a result of the weaknesses currently affecting the individual control logic.
Individual control and data protection. Looking back and moving forward.
MENEGHETTI, MARIA CHIARA
2022
Abstract
This work aims at investigating the concept of “individual control over personal data”, as a core constituent of data protection law. In an era in which personal data have become a main driving force behind innovation, growth and prosperity; companies and governments are at war to gain new usable knowledge; technological advances are upstaging expectations in terms of what can be inferred, predicted and manipulated through data, and people are milked at an increasing speed to fulfill the generalized data hunger, calls to bring individuals back in control of their personal data and develop a more individual-friendly data ecosystem have been increasingly pressing. Yet, older and newer hurdles still hinder a satisfactory implementation of this vision. Against this backdrop, this work intends to investigate in depth the notion of “individual control” in the data protection realm and its persisting shortcomings, and attempt to further explore what steps could be made to move forward, in order to offer the necessary support or supplementation to this underlying principle of data protection. To this end, the analysis starts by providing a historical overview to track the emergence of this notion in the European data protection context, taking into account the role assigned to the concept of “control” in the doctrinal debate, its legal manifestation within regulatory provisions (at national, international and EU level) and the approach of the CJEU jurisprudence on the matter. The analysis further considers the manifold issues that undermine the effective implementation of the idea of individual control, particularly as a result of the technological changes that have transformed our society and revolutionized the way in which we live and communicate. Finally, in light of the shortcomings affecting the privacy self-management logic, the work seeks to explore possible a selection of mechanisms and approaches that, if adequately leveraged and implemented, could offer effective support and complementation to the individual control model, with a view to increasing the level of protection offered to individuals. These mechanisms include both “individual-centric” measures, whose leading actors remain data subjects and whose objective is to enhance the means individuals can use to gain better control, but also measures that move beyond a strict “data subject-focused” dimension, in that they are addressed to different societal actors and approach data protection from a broader collective rather than strictly individualistic perspective. As the analysis shows, there is, unfortunately, no silver bullet. However, the promotion and valorization of the proposed mechanisms and the combined benefits that these could bring, in their own way, on the data protection table are a first essential step to start building a systemic and comprehensive response to the protection gaps that afflict individuals and society as a result of the weaknesses currently affecting the individual control logic.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Meneghetti Maria Chiara_final thesis.pdf
accesso aperto
Descrizione: Final Thesis Maria Chiara Meneghetti
Tipologia:
Tesi di dottorato
Dimensione
3.4 MB
Formato
Adobe PDF
|
3.4 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
