The new E.U. proposal for a general data protection regulation has been introduced to give an answer to the challenges of the evolving digital environment. In some cases, these expectations could be disappointed, since the proposal is still based on the traditional main pillars of the last generation of data protection laws. In the field of consumer data protection, these pillars are the purpose specification principle, the use limitation principle and the “notice and consent” model. Nevertheless, the complexity of data processing, the power of modern analytics and the “transformative” use of personal information drastically limit the awareness of consumers, their capability to evaluate the various consequences of their choices and to give a free and informed consent. To respond to the above, it is necessary to clarify the rationale of the “notice and consent” paradigm, looking back to its origins and assessing its effectiveness in a world of predictive analytics. From this perspective, the paper considers the historical evolution of data protection and how the fundamental issues coming from the technological and socio-economic contexts have been addressed by regulations. On the basis of this analysis, the author suggests a revision of the “notice and consent” model focused on the opt-in and proposes the adoption of a different approach when, such as in Big Data collection, the data subject cannot be totally aware of the tools of analysis and their potential output. For this reason, the author sustains the provision of a subset of rules for Big Data analytics, which is based on a multiple impact assessment of data processing, on a deeper level of control by data protection authorities, and on the different opt-out model.
The future of consumer data protection in the E.U. Rethinking the “notice and consent” paradigm in the new era of predictive analytics / Mantelero, Alessandro. - In: COMPUTER LAW & SECURITY REPORT. - ISSN 0267-3649. - STAMPA. - 30:6(2014), pp. 643-660. [10.1016/j.clsr.2014.09.004]
The future of consumer data protection in the E.U. Rethinking the “notice and consent” paradigm in the new era of predictive analytics
MANTELERO, ALESSANDRO
2014
Abstract
The new E.U. proposal for a general data protection regulation has been introduced to give an answer to the challenges of the evolving digital environment. In some cases, these expectations could be disappointed, since the proposal is still based on the traditional main pillars of the last generation of data protection laws. In the field of consumer data protection, these pillars are the purpose specification principle, the use limitation principle and the “notice and consent” model. Nevertheless, the complexity of data processing, the power of modern analytics and the “transformative” use of personal information drastically limit the awareness of consumers, their capability to evaluate the various consequences of their choices and to give a free and informed consent. To respond to the above, it is necessary to clarify the rationale of the “notice and consent” paradigm, looking back to its origins and assessing its effectiveness in a world of predictive analytics. From this perspective, the paper considers the historical evolution of data protection and how the fundamental issues coming from the technological and socio-economic contexts have been addressed by regulations. On the basis of this analysis, the author suggests a revision of the “notice and consent” model focused on the opt-in and proposes the adoption of a different approach when, such as in Big Data collection, the data subject cannot be totally aware of the tools of analysis and their potential output. For this reason, the author sustains the provision of a subset of rules for Big Data analytics, which is based on a multiple impact assessment of data processing, on a deeper level of control by data protection authorities, and on the different opt-out model.File | Dimensione | Formato | |
---|---|---|---|
Mantelero_BigData_A new paradigm_PREPRINT.pdf
accesso aperto
Descrizione: This is a pre-print version of the article appearing in “The Computer Law and Security Review”. This version
is distributed for non-commercial purposes (http://www.elsevier.com/journals/computer-law-and-securityreview/
0267-3649/guide-for-authors).
Tipologia:
1. Preprint / submitted version [pre- review]
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
334.16 kB
Formato
Adobe PDF
|
334.16 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2556555
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo