European Parliament Library

Vulnerability and data protection law, Gianclaudio Malgieri.

Vulnerability and data protection law, Gianclaudio Malgieri.
Bibliography note
Includes bibliographical references and index
index present
Intended audience
Literary Form
non fiction
Main title
Vulnerability and data protection law
electronic resource
Nature of contents
Oclc number
Responsibility statement
Gianclaudio Malgieri.
Series statement
Oxford data protection & privacy lawOxford scholarship online
Offers a rich analysis of the meaning of 'data subjects' and 'vulnerability' within the context of the General Data Protection Regulation. It seeks to reconceptualise data subjects' vulnerability in the digital age and to promote a 'vulnerability-aware' interpretation of the GDPR
Table Of Contents
Cover -- Series -- Vulnerability and Data Protection Law -- Copyright -- Dedication -- Contents -- Table of Cases -- Table of Legislation -- Abbreviations -- 1. The reasons for research on data subjects -- 1. The notion(s) of the data subject(s) in a digital changing world -- 2. Research question -- 3. Three related research objectives -- 4. Approach and scope -- 5. Societal and scientific relevance and the state of the art -- 6. Outline -- 2. The notion of the data subject: an average individual? -- 1. Introduction -- 2. The notion of the data subject in the EU data protection framework in general -- 3. The first requirement of the GDPR definition: the 'living' person -- 4. The second requirement of the GDPR definition: the natural person (and not legal persons) -- 5. The third requirement of the data subject definition: identified or identifiable -- 6. The fourth requirement of the data subject definition: to whom data are related -- 7. Preliminary conclusions: universalism versus particularism -- 8. The average data subject as the average consumer? -- 9. The average consumer in EU law: the Unfair Commercial Practices Directive -- 10. Criticisms and developments: the relatively average consumer -- 'Average consumers' in other parts of EU consumer law -- Critical remarks on the notion of 'average' consumer -- 11. Is there an average data subject in the GDPR? -- 12. The hybrid approach of the GDPR to average subjects and the room for contextual vulnerability -- 13. Concluding remarks -- 3. Who is the vulnerable individual? -- 1. From the average to the vulnerable data subject -- 2. Theorizing individual vulnerability: the layered theory -- 3. Vulnerability and power imbalance: structural imbalance -- 4. Layered vulnerability and intersectionality -- 5. Vulnerability and the importance of the dignity principle6. Vulnerability and human rights: the rise of the concept of vulnerable persons in the ECtHR jurisprudence -- 7. The rise of vulnerable individuals in EU secondary law: an overview -- 8. Vulnerable research subjects in EU law -- 9. Vulnerable consumers in EU law -- The European Commission Report on Consumer Vulnerability in the EU -- Layers of relational vulnerability for consumers -- 10. Conclusions -- 4. The vulnerable data subject in the GDPR -- 1. Introduction: situating vulnerable individuals in the data protection field -- 2. Universalistic or particularistic approach to data subjects' vulnerability -- 3. Data subjects' vulnerability during the data processing or as an outcome of the data processing -- 4. Effects of data subjects' vulnerability -- 5. How consumer vulnerability literature could inform the analysis on vulnerable subjects in the data protection framework -- 6. Manifestation of data subjects' vulnerability in the text of the GDPR: first analysis -- 7. Children as the typical vulnerable data subjects -- 8. Classifying data subjects' vulnerability in relation to power imbalance -- 9. The proposed Artificial Intelligence Act: a new approach to vulnerable data subjects? -- 10. Concluding remarks -- 5. Data protection principles and vulnerable data subjects -- 1. Introduction -- 2. The principle of fairness: first locus of the protection of data subjects' vulnerability -- The first nuance of fairness: procedural fairness. A way to mitigate processing- based vulnerability? -- The second nuance of fairness: fair balancing. A tool against power imbalance? -- The third nuance: fairness as good faith. A hybrid way to mitigate the two facets of data subjects' vulnerability? -- The need for a vulnerability- centred understanding of fairness3. The principle of lawfulness: second locus of the protection of data subjects' vulnerability -- Consent in case of vulnerable data subjects: limits and potentialities -- Other lawful bases for processing data of (vulnerable) data subjects -- Legitimate interests and vulnerable data subjects -- Sensitive data: a concept for protecting (more) vulnerable data subjects? -- 4. The purpose limitation principle: third locus of the protection of data subjects' vulnerability -- 5. The accuracy principle -- 6. Conclusions -- 6. Data protection rights and duties and vulnerable data subjects -- 1. Introduction -- 2. Data subjects' rights in the GDPR: towards a vulnerability- based interpretation? -- 3. Transparency rights and the types of the data subject -- 4. The right to erasure and the vulnerable subjects -- 5. The right to object and 'the particular situation' of vulnerable data subjects -- 6. The right to object and 'the particular situation' in the different Member States -- 7. The right not to be subject to automated decision- making and the vulnerable data subject -- 8. Accountability and vulnerable data subjects: the risk- based approach in the GDPR -- The 'categories' of data subjects in the accountability duties -- The risk- based approach and the layers of data subjects' vulnerability -- 9. Data protection by design -- 10. Data Protection Impact Assessment and the vulnerable data subjects -- 11. Data subjects' vulnerability as a risk factor in different national DPIA lists -- First group: the Member States with a minimalist approach to vulnerability as a high risk for data protection -- Second group: the Member States where vulnerability combined with another risk factor determines the high risk of data processing -- Third group: the Member States where vulnerability is a significant risk factor, even considered aloneFourth group: the Member States where the notion of vulnerability is better clarified and conceptualized -- 12. The content of a DPIA: towards a vulnerability- centred implementation -- 13. Conclusion: a vulnerability- attentive analysis of the GDPR -- 7. Assessing (and mitigating) layers of data subjects' vulnerability: Using the DPIA as a model -- 1. Introduction -- 2. Risks to 'fundamental rights and freedoms': which ones? -- 3. Analysing the severity of risks: from mere effects to damages -- 4. Analysing the likelihood of risks -- 5. Mitigation measures: a vulnerability- aware application of the data protection safeguards -- 6. When vulnerability layers cannot be mitigated: the backstop scenario -- 7. Conclusions -- 8. The limitations and the alternatives of a vulnerability- based interpretation of the GDPR -- 1. Introduction -- 2. The risks of paternalism in a vulnerability- based approach to data protection -- 3. Lack of legal certainty and foreseeability? -- The inflation risk: is everyone vulnerable? -- 4. The risk of an individualistic approach versus group- based vulnerability: lessons from 'group privacy' literature -- 5. The problem of interpretation: too much attention to a hidden concept in the GDPR? -- 6. Interpretational issues in a vulnerability- aware implementation of the GDPR -- Is the GDPR perpetuating vulnerability itself? Inputs for further research -- 7. Policy recommendations: how to alter the data protection law to improve the protection of vulnerable data subjects -- Policy option 1: the category- based approach to vulnerability -- Policy option 2: the general approach to vulnerability -- 8. Conclusions -- 9. Conclusions: The layers of data subject's vulnerability and the way ahead -- 1. The need for a spectrum -- 2. Who is/ are the data subject/ s? -- 3. The average data subject4. The compelling necessity to consider vulnerable data subjects -- 5. Human vulnerability: the layered approach -- 6. The two types of vulnerable data subject: a new taxonomy -- 7. Vulnerable to what? The choice of legal or similarly significant effects -- 8. Vulnerability as a heuristic tool in the GDPR: a subject- centred perspective of the risk- based approach -- 9. Is the GDPR enough? -- 10. Call for further research -- Sources and bibliography -- Secondary Sources -- Guidance documents, opinions, recommendations, and statements -- European Data Protection Board -- European Data Protection Supervisor -- European Commission and Parliament -- National DPA documents -- Academic literature -- Index
Target audience
Mapped to

Incoming Resources