PhD thesis defence by Emmanouil Bougiakiotis
This thesis critically examines EU data protection law and calls for a change of paradigm from individualistic to collective data protection governance. The research question it addresses is whether collective data protection governance is desirable and how it can be achieved.
Despite the popularity and wide adoption of EU data protection law, the individualistic governance that underlies most of its provisions faces fundamental problems. Not only is it ineffective because of the difficulties of individuals to make meaningful decisions, but also because, even if individuals were to overcome these problems, they would still end up compromising each other’s privacy due to its relational nature. Finally, the individualistic paradigm of current data protection law gives unilateral control to some individuals over matters that affect both other individuals and more broadly groups and society as a whole, and it fails to capture these interests. These problems can only be overcome if we regulate in a manner that takes all these interests into account.
To resolve these problems, this thesis examines the structural concepts, substantive rules, and the enforcement of European data protection law. It proposes a number of interconnected reforms that broaden data protection law’s scope, allowing it to capture all relevant interests and reduce the gap between the law on the books and its application in reality; to introduce flexible rules that can adjust to the differences in subject matter and technological development; and to use alternative case handling mechanisms that will lessen data protection authorities’ caseload, enabling them to tackle systemic issues.
This thesis builds on the emerging but disparate proposals of data protection scholarship that seeks to tackle these challenges and, using insights from law, economics, and regulatory theory, it synthesises them into a coherent proposal for reform.