Abstract
This article argues that the self-management of one's is impossible due to externalities. Privacy externalities are the negative by-product of the services offered by some controllers, whereby the price to pay for a service includes not just the provision of the user's own personal data, but also that of others. This term, related to similar concepts from the literature on such as networked privacy or data pollutio, is used here to bring to light the incentives and exploitative dynamics behind a phenomenon which, I demonstrate, benefits both the user and the controller to the detriment of third-party subjects. Building on these novel elements and on the relevant concepts and examples found in the existing literature, this article draws a comprehensive picture of the phenomenon, and offers two promising paths to address it-better enforcing the principle of protection by design and by default, and relying on the framework of joint controllership.
Highlights
This article examines the interdependent dimension of privacy and criticises the individualistic framework of notice and consent through which one’s personal data is in practice protected
The 2016/679 General Data Protection Regulation (GDPR) states that personal data shall be (a) processed lawfully, fairly and in a transparent manner in relation to the data subject, (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, and (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
If this is right and the analogy with environmental protection holds, joint controllership will be inadequate to solve privacy externalities, and Data Protection by Design and by Default (DPbDD) is the way to go. 19
Summary
This article examines the interdependent dimension of privacy and criticises the individualistic framework of notice and consent (hereafter ‘N&C’) through which one’s personal data is in practice protected. While the phenomenon has been addressed in scholarly and policy settings already ( often with a different goal or scope), the present article frames it in a way which puts into light an important aspect hitherto mostly unaddressed This aspect is the financial incentives and the exploitative dynamics behind these disclosures of others’ data; it is a major factor in making the phenomenon ethically problematic, it is the very reason the phenomenon is perpetuated. This concern about externalities is different from more traditional data protection issues of inappropriate disclosure such as leaks and hacks: privacy externalities are about bad personal data management, and about impossible personal data management. This analysis responds to, and is informed by relevant works in the existing literature
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
