Taking proportionality seriously: The use of contextual integrity for a more informed and transparent analysis in EU data protection law

Abstract

AbstractDifficulties abound as to where the boundary between legitimate and illegitimate processing of personal data should be set. The open‐ended wording of the EU Data Protection Directive (DPD) 95/46 leaves space for diverse interpretations. The European Court of Justice finds it difficult to establish methodically the contextual data flows associated with individuals’ rights and their processing, with cascading consequences for the proportionality analysis, thus echoing the wider debate on proportionality. Taking stock of the criticisms of the ECJ's decisions and of the changes introduced by the General Data Protection Regulation, this paper proposes to use contextual integrity, a framework of analysis developed by Helen Nissenbaum, largely implicit in EU data protection law, to provide a systematic method of interpretation that ensures more consistency in current EU legal practice. It recommends adopting a new formal three‐tier structure, so that all factors necessary to the discussion on proportionality are fully and systematically identified and proportionality is taken seriously.