Information can harm people, for instance, being denied a mortgage or insurance based on your grocery shopping or online surfing profile. But what exactly is it about information that is harmful, and how can people be protected? The current legal answer is that legal...
Information can harm people, for instance, being denied a mortgage or insurance based on your grocery shopping or online surfing profile. But what exactly is it about information that is harmful, and how can people be protected? The current legal answer is that legal protection (data protection principles, rights and obligations) is granted when a) there is information b) about or potentially affecting a person c) who is identified or identifiable. This is personal data. But what will become of legal protection when all information is personal data, and how will law be able to meaningfully protect against information-induced harms?
Given modern data collection and processing techniques and unprecedented amounts of data available for analysis, any information will become personal data in a near future. Legal regime of protection triggered by any automated interaction with information will be difficult to maintain. Yet, alternatives for structuring legal protection other than through the concept of personal data are lacking. It is important that we anticipate on this shift and conduct fundamental research on how information harms people and how legal protection can be structured more effectively.
We look for substitutes for the notion of personal data to fundamentally re-organize legal protection. The project is unique in integrating how law, economics, and information studies conceptualize information. In addition to the data protection law, the results of the project will impact various other areas of law regulating information in digital age: intellectual property (drawing borders of rights in information objects); constitutional law (if data is protected speech); telecommunication and cybercrime.
Three project objectives are:
(1) to analyse the challenges of personal data-centred legal protection against information-induced harms in light of the modern data-driven economy and information processing technologies and practices;
(2) to consider alternative organising notion(s) relating to information rooted in a better understanding of information and how it negatively affects people from the perspectives of law, economics, and information studies, that can provide more adequate legal protection; and
(3) to indicate directions for future improved legal protection against information-induced harms.
The 1st period covered the problem analysis stage of the project. It included legal, economic, information studies, and interdisciplinary integration tracks. We conceptualized the problem of failing legal protection centered on the notion of personal data as two-sided:
1) the legal problem, i.e. failure of the legal notion of personal data as a trigger concept in data protection law, including legal, technological, economic and societal drivers behind this shift; the principal findings are published in N Purtova (2018) â€œThe law of everything. Broad concept of personal data and future of EU data protection lawâ€ LIT 10(1) https://doi.org/10.1080/17579961.2018.1452176 (open access).
2) the societal problems that data protection law aims to address. Analysis included academic privacy and data protection literature conceptualising harms, values, principles and practices that data protection or information privacy aim to avert, secure or control respectively. They were discussed in an internal workshop and described in a Catalogue of information-induced harms (a living document which can be restructured and include new literature as the project evolves).
The project is in the process of finalizing Stage 1 (Problem statement), while the biggest progress beyond state of art is foreseen for Stage 2 (Exploration) and 3 (Analysis/Operationalization). Yet, some progress has been made. Upon a comprehensive review of the data protection law, including the case law of the EU Court of Justice and authoritative opinions of Article 29 Working Party, we have been able to support the project hypothesis and demonstrate that a plausible legal argument can be made that in the near future everything will be or will contain personal data, leading to the application of data protection to everything, and a collapse of the data protection law as we know it. The results of the study are published in N Purtova (2018) â€œThe law of everything. Broad concept of personal data and future of EU data protection lawâ€ LIT 10(1) https://doi.org/10.1080/17579961.2018.1452176.
While the current data protection and privacy law do not operate with any theoretical understanding of information, in the end of the project we expect to develop an interdisciplinary understanding of information and how it relates to people, and on this basis articulate alternative notion or notions which can be used to rebuild legal protection against information-induced harms.
More info: http://www.infolegproject.net.