Big data, big risks, big power shifts: Evaluating the General Data Protection Regulation as an instrument of risk control and power redistribution in the context of big data

The GDPR aims to control the risks associated with the processing of personal data. It requires measures to minimise these risks and gives data subjects certain powers, such as the rights to be informed and to be forgotten. Big data is a relatively new technology, giving the controllers of data the power to permanently observe the users of digital services. Therefore this thesis answers the question whether the GDPR is suited to avert the risks and power shifts associated with big data. To answer this question, the GDPR is compared to earlier EU legislation associated with technological risks and power shifts. Additionally, the suitability of the GDPR’s anti-discrimination provisions are evaluated for the prevention of algorithmic discrimination. Results: The GDPR is not based on any discernible analysis of the risks of big data. Methods from EU environmental protection law and consumer protection law, aimed at technological risks and power shifts, were not applied. This can make evaluation of the GDPR’s effectiveness more difficult and could stand in the way of developing a coherent body of case law. The conclusion proposes a number of guidelines for the decision of court cases and points for evaluating the GDPR. Effective Protection of Fundamental Rights in a pluralist worl

Transaction costs and the social cost of online privacy

Economically, privacy can be understood as a problem of social cost, where the actions of one agent (e.g., a mailing list broker) impart a negative externality on another agent (e.g., an end consumer). Problems in social cost can be understood by modeling the liabilities, transaction costs and property rights assigned to various economic agents within the system, and can be resolved by reallocating property rights and liability to different agents as needed to achieve economic equilibrium. This article examines how advances in high speed networking and data storage have radically reduced the costs to businesses of collecting, storing, manipulating and exchanging large amounts of personally identifying information on consumers, and the policy implications that these cost reductions have on property rights over personal information. A complementary economic and legal system that recognizes individual property rights over personal information is suggested as a way in which to greatly accelerate the adoption of electronic commerce and to extract inefficiencies from the already existing marketplace for personal information