Law-Technology Lag or Law as Technology in the Big Data Age

Abstract

AbstractIn an data-driven world, people increasingly value the protection and security of their personal data. Many states have adopted or are in the process of adopting data protection laws based on principles similar to those of the General Data Protection Regulation (GDPR) of the European Union, resulting in a global convergence of data protection rules. Yet doubts may arise regarding the ability of the GDPR to effectively safeguard data protection principles and rights in the age of big data and related algorithmic decision-making. Against this background, the choice of the risk-based approach as the key law enforcement mode under the GDPR might be interpreted to be a result of the recognition of a law/technology lag in this instance, in the sense of an intrinsic difficulty of the law in dealing with the pervasiveness and automation involved in present-day collection, circulation and use of the data. The risk-based approach leaves data protection decisions mainly to the data controllers. A better explanation for the GDPR’s novel enforcement mode may be found in the “law as technology” proposition, meaning a law intended to liberate the use of digital technologies. In the context of its strategy for a data-driven economy, the EU had shown its concern with European lateness in embracing the data revolution. Accordingly, EU data protection reform has been meant to reduce the administrative burden on the data controllers and processors so as to further the competitiveness of the digital single market. As a consequence, data protection will ultimately depend on how the data controllers will meet their greater responsibilities.KeywordsData protectionPrivacyGDPRDigital single marketData-driven economyBig dataAlgorithmsRisk-based approachTechnology-law lagEuropean Union