Vulnerability and data protection law / Gianclaudio Malgieri.

Format:

Book

Author/Creator:

Malgieri, Gianclaudio, author.

Series:

Oxford data protection & privacy law.

Oxford scholarship online.

Oxford data protection & privacy law

Oxford scholarship online

Language:

English

Subjects (All):

Data protection--Law and legislation.

Data protection.

Physical Description:

1 online resource (305 pages)

Edition:

First edition.

Place of Publication:

Oxford : Oxford University Press, 2023.

Summary:

Offers a rich analysis of the meaning of 'data subjects' and 'vulnerability' within the context of the General Data Protection Regulation. It seeks to reconceptualise data subjects' vulnerability in the digital age and to promote a 'vulnerability-aware' interpretation of the GDPR.

Contents:

Cover

Series

Vulnerability and Data Protection Law

Copyright

Dedication

Contents

Table of Cases

Table of Legislation

Abbreviations

1. The reasons for research on data subjects

1. The notion(s) of the data subject(s) in a digital changing world

2. Research question

3. Three related research objectives

4. Approach and scope

5. Societal and scientific relevance and the state of the art

6. Outline

2. The notion of the data subject: an average individual?

1. Introduction

2. The notion of the data subject in the EU data protection framework in general

3. The first requirement of the GDPR definition: the 'living' person

4. The second requirement of the GDPR definition: the natural person (and not legal persons)

5. The third requirement of the data subject definition: identified or identifiable

6. The fourth requirement of the data subject definition: to whom data are related

7. Preliminary conclusions: universalism versus particularism

8. The average data subject as the average consumer?

9. The average consumer in EU law: the Unfair Commercial Practices Directive

10. Criticisms and developments: the relatively average consumer

'Average consumers' in other parts of EU consumer law

Critical remarks on the notion of 'average' consumer

11. Is there an average data subject in the GDPR?

12. The hybrid approach of the GDPR to average subjects and the room for contextual vulnerability

13. Concluding remarks

3. Who is the vulnerable individual?

1. From the average to the vulnerable data subject

2. Theorizing individual vulnerability: the layered theory

3. Vulnerability and power imbalance: structural imbalance

4. Layered vulnerability and intersectionality

5. Vulnerability and the importance of the dignity principle.

6. Vulnerability and human rights: the rise of the concept of vulnerable persons in the ECtHR jurisprudence

7. The rise of vulnerable individuals in EU secondary law: an overview

8. Vulnerable research subjects in EU law

9. Vulnerable consumers in EU law

The European Commission Report on Consumer Vulnerability in the EU

Layers of relational vulnerability for consumers

10. Conclusions

4. The vulnerable data subject in the GDPR

1. Introduction: situating vulnerable individuals in the data protection field

2. Universalistic or particularistic approach to data subjects' vulnerability

3. Data subjects' vulnerability during the data processing or as an outcome of the data processing

4. Effects of data subjects' vulnerability

5. How consumer vulnerability literature could inform the analysis on vulnerable subjects in the data protection framework

6. Manifestation of data subjects' vulnerability in the text of the GDPR: first analysis

7. Children as the typical vulnerable data subjects

8. Classifying data subjects' vulnerability in relation to power imbalance

9. The proposed Artificial Intelligence Act: a new approach to vulnerable data subjects?

10. Concluding remarks

5. Data protection principles and vulnerable data subjects

2. The principle of fairness: first locus of the protection of data subjects' vulnerability

The first nuance of fairness: procedural fairness. A way to mitigate processing-​based vulnerability?

The second nuance of fairness: fair balancing. A tool against power imbalance?

The third nuance: fairness as good faith. A hybrid way to mitigate the two facets of data subjects' vulnerability?

The need for a vulnerability-​centred understanding of fairness.

3. The principle of lawfulness: second locus of the protection of data subjects' vulnerability

Consent in case of vulnerable data subjects: limits and potentialities

Other lawful bases for processing data of (vulnerable) data subjects

Legitimate interests and vulnerable data subjects

Sensitive data: a concept for protecting (more) vulnerable data subjects?

4. The purpose limitation principle: third locus of the protection of data subjects' vulnerability

5. The accuracy principle

6. Conclusions

6. Data protection rights and duties and vulnerable data subjects

2. Data subjects' rights in the GDPR: towards a vulnerability-​based interpretation?

3. Transparency rights and the types of the data subject

4. The right to erasure and the vulnerable subjects

5. The right to object and 'the particular situation' of vulnerable data subjects

6. The right to object and 'the particular situation' in the different Member States

7. The right not to be subject to automated decision-​making and the vulnerable data subject

8. Accountability and vulnerable data subjects: the risk-​based approach in the GDPR

The 'categories' of data subjects in the accountability duties

The risk-​based approach and the layers of data subjects' vulnerability

9. Data protection by design

10. Data Protection Impact Assessment and the vulnerable data subjects

11. Data subjects' vulnerability as a risk factor in different national DPIA lists

First group: the Member States with a minimalist approach to vulnerability as a high risk for data protection

Second group: the Member States where vulnerability combined with another risk factor determines the high risk of data processing

Third group: the Member States where vulnerability is a significant risk factor, even considered alone.

Fourth group: the Member States where the notion of vulnerability is better clarified and conceptualized

12. The content of a DPIA: towards a vulnerability-​centred implementation

13. Conclusion: a vulnerability-​attentive analysis of the GDPR

7. Assessing (and mitigating) layers of data subjects' vulnerability: Using the DPIA as a model

2. Risks to 'fundamental rights and freedoms': which ones?

3. Analysing the severity of risks: from mere effects to damages

4. Analysing the likelihood of risks

5. Mitigation measures: a vulnerability-​aware application of the data protection safeguards

6. When vulnerability layers cannot be mitigated: the backstop scenario

7. Conclusions

8. The limitations and the alternatives of a vulnerability-​based interpretation of the GDPR

2. The risks of paternalism in a vulnerability-​based approach to data protection

3. Lack of legal certainty and foreseeability?

The inflation risk: is everyone vulnerable?

4. The risk of an individualistic approach versus group-​based vulnerability: lessons from 'group privacy' literature

5. The problem of interpretation: too much attention to a hidden concept in the GDPR?

6. Interpretational issues in a vulnerability-​aware implementation of the GDPR

Is the GDPR perpetuating vulnerability itself? Inputs for further research

7. Policy recommendations: how to alter the data protection law to improve the protection of vulnerable data subjects

Policy option 1: the category-​based approach to vulnerability

Policy option 2: the general approach to vulnerability

8. Conclusions

9. Conclusions: The layers of data subject's vulnerability and the way ahead

1. The need for a spectrum

2. Who is/​are the data subject/​s?

3. The average data subject.

4. The compelling necessity to consider vulnerable data subjects

5. Human vulnerability: the layered approach

6. The two types of vulnerable data subject: a new taxonomy

7. Vulnerable to what? The choice of legal or similarly significant effects

8. Vulnerability as a heuristic tool in the GDPR: a subject-​centred perspective of the risk-​based approach

9. Is the GDPR enough?

10. Call for further research

Sources and bibliography

Secondary Sources

Guidance documents, opinions, recommendations, and statements

European Data Protection Board

European Data Protection Supervisor

European Commission and Parliament

National DPA documents

Academic literature

Index.

Notes:

This edition also issued in print: 2023.

Includes bibliographical references and index.

Description based on online resource; title from PDF title page (viewed on May 19, 2023).

Other Format:

Print version: Malgieri, Gianclaudio Vulnerability and Data Protection Law

ISBN:

0-19-196663-0

0-19-269751-X

0-19-269750-1

OCLC:

1375294472