Published online by Cambridge University Press: 16 September 2020
In our data-driven society, every piece of technology that connects us to the internet collects our personal data (any information relating to an identified or identifiable natural person), building elaborate profiles on what we are doing, where we are, and even who we are. As data subjects (those about whom personal data are collected), we can no longer hide from data controllers (those who collect and determine what these data are used for). With every data breach and data sharing revelation from Cambridge Analytica to Google’s Project Nightingale, our personal data is becoming less personal, where data attached to our identity are no longer in our control and becomes harder for us to identify who is responsible.
1 Surya Mattu and Kashmir Hill, ‘The House that Spied on Me’ Wired (2 February 2018) <https://gizmodo.com/the-house-that-spied-on-me-1822429852> accessed 30 November 2019.
2 Carole Cadwalladr and Emma Graham-Harrison, ‘Revealed: 50 million Facebook Profiles Harvested for Cambridge Analytica in Major Data Breach’ The Guardian (17 March 2018) <https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election> accessed 30 November 2019.
3 Anonymous, ‘I'm the Google whistleblower. The Medical Data of Millions of Americans is at Risk’ The Guardian (14 November 2019) <https://www.theguardian.com/commentisfree/2019/nov/14/im-the-google-whistleblower-the-medical-data-of-millions-of-americans-is-at-risk> accessed 30 November 2019.
4 Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)  OJ L119/1.
9 Rachel Coldicutt, ‘Better than ethics’ (doteveryone, 28 November 2019) <https://www.doteveryone.org.uk/2019/11/better-than-ethics/> accessed 30 November 2019.
10 Custers, Bart, Sears, Alan M., Dechesne, Francien, Georgieva, Ilina, Tani, Tommaso, and van der Hof, Simone, ‘Conclusions’ in Custers, Bart, Sears, Alan M., Dechesne, Francien, Georgieva, Ilina, Tani, Tommaso, and van der Hof, Simone (eds), EU Personal Data Protection in Policy and Practice (T.M.C. Asser Press 2019)Google Scholar.
11 General Data Protection Regulation, art 6.
12 Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. ‘(Un)informed Consent: Studying GDPR Consent Notices in the Field.’ (2019) ACM SIGSAC Conference on Computer and Communications Security (CCS ’19) < https://doi.org/10.1145/3319535.3354212> accessed 30 November 2019.
13 Case C-210/16 Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH ECLI:EU:C:2018:388.
14 Case C-40/17 Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV ECLI:EU:C:2019:629.
15 Case C-25/17 Tietosuojavaltuutettu v Jehovan todistajat—uskonnollinen yhdyskunta ECLI:EU:C:2018:551.
16 Decode European Commission, ‘Reclaiming the Smart City: Personal Data, Trust, and the New Commons’ (July 2018) <https://media.nesta.org.uk/documents/DECODE-2018_report-smart-cities.pdf> accessed 30 November 2019.
17 VICE News, ‘China's “Social Credit System” Has Caused More Than Just Public Shaming (HBO)’ (12 December 2018) <https://www.youtube.com/watch?v=Dkw15LkZ_Kw&> accessed 30 November 2019.
18 Julia Angwin, Jeff Larson, Surya Mattu, and Lauren Kirchner, ‘Machine Bias’ Propublica (23 May 2016) <https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing> accessed 30 November 2019.
19 Sam Biddle, ‘Amazon's Ring Planned Neighborhood “Watch Lists” Built on Facial Recognition’ (The Intercept, 27 November 2019) <https://theintercept.com/2019/11/26/amazon-ring-home-security-facial-recognition/> accessed 30 November 2019.
20 Shoshana Zuboff, ‘Big Other: Surveillance Capitalism and the Prospects of an Information Civilization’ (2015) Journal of Information Technology 30, 75–89 < https://doi.org/10.1057/jit.2015.5.> accessed 30 November 2019.
21 Frank Pasquale, The Black Box Society: The Secret Algorithms That Control Money and Information (Harvard University Press 2015).
22 European Data Protection Board, ‘Guidelines’ (25 May 2018) <https://edpb.europa.eu/our-work-tools/our-documents/publication-type/guidelines_en> accessed 30 November 2019.
23 Jef Ausloos, René Mahieu, and Michael Veale, ‘Getting Data Subject Rights Right’ (25 November 2019) <osf.io/preprints/lawarxiv/e2thg> accessed 30 November 2019.
24 James Vincent, ‘The Problem with AI Ethics’ The Verge (3 April 2019) <https://www.theverge.com/2019/4/3/18293410/ai-artificial-intelligence-ethics-boards-charters-problem-big-tech> accessed 30 November 2019.
25 Adam Satariano and Matina Stevis-Gridneff, ‘Big Tech's Toughest Opponent Says She's Just Getting Started’ New York Times (19 November 2019) <https://www.nytimes.com/2019/11/19/technology/tech-regulator-europe.html> accessed 30 November 2019.
26 Sylvie Delacroix and Neil D Lawrence, ‘Bottom-up Data Trusts: Disturbing the ‘one size fits all’ Approach to Data Governance’ (2019) International Data Privacy Law <https://doi.org/10.1093/idpl/ipz014> accessed 30 November 2019.
30 Floridi, Luciano, ‘Group Privacy: A Defence and an Interpretation’ in Taylor, Linnet, Floridi, Luciano, and van der Sloot, Bart (eds), Group Privacy: New Challenges of Data Technologies (Springer International Publishing 2016)Google Scholar.