Data protection by design and by default: out of sight, out of politics?

Abstract

Data protection is a recurrent topic in European Union (EU) policy debates, but it is largely ignored by (social sciences) European studies. This is not only surprising, but also a missed opportunity to discuss classical questions such as the tension between regulation and technology from new perspectives. For instance, data protection by default and by design, one of the new principles to be introduced by the ongoing data protection reform, aims to enforce the respect of legislation and the protection of data subjects through the adoption of tailored technological and organizational tools. The overall aim of this contribution is to introduce EU studies to the relevance and the potential of further research on data protection. This is particularly urgent in a European and international landscape characterized by the will to govern through (big) data. I argue that the analysis of specific configurations of the data protection dispositif offers the occasion to explore their political implications. In particular, a critical inquiry of the current debates concerning the future definition of data protection by design may cast a light on the interactions between the legal, the technological and the institutional, and on the paradoxical political side-effects of a successful implementation. Once data protection is designed into, and performed through, technologies and organizational routines – then kept ‘out of sight’ – what space is left for a conception of the political premised on the possibility of dissensus