Hostname: page-component-77c89778f8-7drxs Total loading time: 0 Render date: 2024-07-21T23:11:22.247Z Has data issue: false hasContentIssue false

The ‘Personal’ in Personal Data: Who is Responsible for Our Data and How Do We Get it Back?

Winner of Best in Category, Justis International Law and Technology Writing Competition 2020 for the Category of Social Media, Data and Privacy, by Janis Wong of the University of St Andrews

Published online by Cambridge University Press:  16 September 2020


In our data-driven society, every piece of technology that connects us to the internet collects our personal data (any information relating to an identified or identifiable natural person), building elaborate profiles on what we are doing, where we are, and even who we are. As data subjects (those about whom personal data are collected), we can no longer hide from data controllers (those who collect and determine what these data are used for). With every data breach and data sharing revelation from Cambridge Analytica to Google’s Project Nightingale, our personal data is becoming less personal, where data attached to our identity are no longer in our control and becomes harder for us to identify who is responsible.

Shorter Articles
Copyright © The Author(s) 2020. Published by British and Irish Association of Law Librarians

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)



1 Surya Mattu and Kashmir Hill, ‘The House that Spied on Me’ Wired (2 February 2018) <> accessed 30 November 2019.

2 Carole Cadwalladr and Emma Graham-Harrison, ‘Revealed: 50 million Facebook Profiles Harvested for Cambridge Analytica in Major Data Breach’ The Guardian (17 March 2018) <> accessed 30 November 2019.

3 Anonymous, ‘I'm the Google whistleblower. The Medical Data of Millions of Americans is at Risk’ The Guardian (14 November 2019) <> accessed 30 November 2019.

4 Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L119/1.

5 ibid art 15.

6 ibid art 17.

7 ibid art 22.

8 ibid rec 108.

9 Rachel Coldicutt, ‘Better than ethics’ (doteveryone, 28 November 2019) <> accessed 30 November 2019.

10 Custers, Bart, Sears, Alan M., Dechesne, Francien, Georgieva, Ilina, Tani, Tommaso, and van der Hof, Simone, ‘Conclusions’ in Custers, Bart, Sears, Alan M., Dechesne, Francien, Georgieva, Ilina, Tani, Tommaso, and van der Hof, Simone (eds), EU Personal Data Protection in Policy and Practice (T.M.C. Asser Press 2019)Google Scholar.

11 General Data Protection Regulation, art 6.

12 Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. ‘(Un)informed Consent: Studying GDPR Consent Notices in the Field.’ (2019) ACM SIGSAC Conference on Computer and Communications Security (CCS ’19) <> accessed 30 November 2019.

13 Case C-210/16 Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH ECLI:EU:C:2018:388.

14 Case C-40/17 Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV ECLI:EU:C:2019:629.

15 Case C-25/17 Tietosuojavaltuutettu v Jehovan todistajat—uskonnollinen yhdyskunta ECLI:EU:C:2018:551.

16 Decode European Commission, ‘Reclaiming the Smart City: Personal Data, Trust, and the New Commons’ (July 2018) <> accessed 30 November 2019.

17 VICE News, ‘China's “Social Credit System” Has Caused More Than Just Public Shaming (HBO)’ (12 December 2018) <> accessed 30 November 2019.

18 Julia Angwin, Jeff Larson, Surya Mattu, and Lauren Kirchner, ‘Machine Bias’ Propublica (23 May 2016) <> accessed 30 November 2019.

19 Sam Biddle, ‘Amazon's Ring Planned Neighborhood “Watch Lists” Built on Facial Recognition’ (The Intercept, 27 November 2019) <> accessed 30 November 2019.

20 Shoshana Zuboff, ‘Big Other: Surveillance Capitalism and the Prospects of an Information Civilization’ (2015) Journal of Information Technology 30, 75–89 <> accessed 30 November 2019.

21 Frank Pasquale, The Black Box Society: The Secret Algorithms That Control Money and Information (Harvard University Press 2015).

22 European Data Protection Board, ‘Guidelines’ (25 May 2018) <> accessed 30 November 2019.

23 Jef Ausloos, René Mahieu, and Michael Veale, ‘Getting Data Subject Rights Right’ (25 November 2019) <> accessed 30 November 2019.

24 James Vincent, ‘The Problem with AI Ethics’ The Verge (3 April 2019) <> accessed 30 November 2019.

25 Adam Satariano and Matina Stevis-Gridneff, ‘Big Tech's Toughest Opponent Says She's Just Getting Started’ New York Times (19 November 2019) <> accessed 30 November 2019.

26 Sylvie Delacroix and Neil D Lawrence, ‘Bottom-up Data Trusts: Disturbing the ‘one size fits all’ Approach to Data Governance’ (2019) International Data Privacy Law <> accessed 30 November 2019.

27 Databox <> accessed 30 November 2019.

28 Jumbo Privacy <> accessed 30 November 2019.

29 DoNotPay <> accessed 30 November 2019.

30 Floridi, Luciano, ‘Group Privacy: A Defence and an Interpretation’ in Taylor, Linnet, Floridi, Luciano, and van der Sloot, Bart (eds), Group Privacy: New Challenges of Data Technologies (Springer International Publishing 2016)Google Scholar.

31 Raz, Joseph, The Morality of Freedom (Oxford University Press 1986)Google Scholar.