Article 29 Working Party guidelines and the case law of the CJEU facilitate a plausible argument that in the near future everything will be or will contain personal data, leading to the application of data protection to everything: technology is rapidly moving towards perfect identifiability of information; datafication and advances in data analytics make everything (contain) information; and in increasingly 'smart' environments any information is likely to relate to a person in purpose or effect. At present, the broad notion of personal data is not problematic and even welcome. This will change in future. When the hyperconnected onlife world of data-driven agency arrives, the intensive compliance regime of the General Data Protection Regulation (GDPR) will become 'the law of everything', well-meant but impossible to maintain. By then we should abandon the distinction between personal and non-personal data, embrace the principle that all data processing should trigger protection, and understand how this protection can be scalable.
This contribution is an attempt to facilitate a meaningful European discussion on propertization of personal data by explaining the idea as it emerged in its 'motherjurisdiction', the United States. The piece starts with an overview of how the current US legal system addresses the data protection problem and whether, according to the US commentators, the law does it effectively. Furthermore, the contribution presents propertization of personal information as an alternative to the existing data protection regime and one of the ways to fill in the alleged gaps in the US data protection system. The article maps the US propertization debate. Pro-propertization arguments are considered from economic perspective as well as from the perspective of the limitations of the US legal and political system. In continuation it analyses proposals on how property rights in personal data would have to be regulated, if at all, in case the idea of propertization is accepted. The main points of criticism of propertization are also sketched. The article concludes with a brief summary of the US propertization discourse and, most importantly, with a list of the lessons Europeans can learn from their American counterparts engaging in the debate in the home jurisdiction. Among the mane messages is that the outcome of the debate depends on the definition of the problem propertization is called on to tackle, and that it is the substance of the actual rights with regard to personal data that matters, and not whether we label them as property rights or not.
The right to data portability (RtDP) introduced by Article 20 of the General Data Protection Regulation (GDPR) forms a regulatory innovation within EU law. The RtDP provides data subjects with the possibility to transfer personal data among data controllers, but has an impact beyond data protection. In particular, the RtDP facilitates the reuse of personal data that private companies hold by establishing a general-purpose control mechanism of horizontal application. Article 20 of the GDPR is agnostic about the type of use that follows from the ported data and its further diffusion. We argue that the RtDP does not fit well with the fundamental rights nature of data protection law, and should instead be seen as a new regulatory tool in EU law that aims to stimulate competition and innovation in data-driven markets.What remains unclear is the extent to which the RtDP will be limited in its aspirations where intellectual property rights of current data holders—such as copyright, trade secrets andsui generisdatabase rights—cause the regimes to clash. In such cases, a reconciliation of the interests might particularly confine the follow-on use of ported data again to specific set of socially justifiable purposes, possibly with schemes of fair remuneration. Despite these uncertainties, the RtDP is already being replicated in other fields, namely consumer protection law and the regulation of non-personal data. Competition law can also facilitate portability of data, but only for purpose-specific goals with the aim of addressing anticompetitive behavior.We conclude that to the extent that other regimes will try to replicate the RtDP, they should closely consider the nature of the resulting control and its breadth and impact on incentives to innovate. In any case, the creation of data portability regimes should not become an end in itself. With an increasing number of instruments, orchestrating the consistency of legal regimes within the Digital Single Market and their mutual interplay should become an equally important concern.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.