27 November 2023
Justice, as defined by Cambridge Dictionary, encompasses ‘behaviour or treatment that is fair and morally correct’. In today’s digitised world, where our lives are entwined with various technologies, the mishandling of personal data online can significantly impact peoples’ access to justice. Globally, individuals spend almost seven hours of their day in front of a computer screen, making themselves more susceptible to harm online (Exploding Topics, 2023). The General Data Protection Regulation (GDPR) safeguards our access to fair and moral treatment on the Internet. This law, which came into effect in the European Union on May 25, 2018, is now recognised as the strictest privacy and security law in the world. While GDPR is primarily viewed within a business context, focusing on fines on non-compliant companies, this article highlights its broader importance in safeguarding vulnerable individuals' access to just treatment.
At its core, GDPR is about safeguarding human rights. It was created to protect the personal data of citizens residing in the EU, also known as 'data subjects'. Personal data, in this context, refers to information which could be used to identify an individual. Seven key principles form the GDPR - Lawfulness, Fairness, and Transparency; Purpose Limitation; Data Minimization; Accuracy; Storage Limitation; Integrity and Confidentiality; and Accountability. Its global impact is evident, as it has prompted the creation of regional data protection laws worldwide, including the California Consumer Privacy Act (CCPA) and the UK's own GDPR policies. Recent high-profile cases involving major players in the media industry being fined for inappropriate use of personal data highlight the seriousness of data protection for businesses. Earlier this year Skillkast reported that Meta was fined a staggering $1.3bn for mishandling user data, for unlawful processing & storing in the US of personal EU data. Meta is not the only company to have been affected this year; Amazon and TikTok received fines of 746 million and 345 million respectively.
However, the impact of GDPR extends beyond the commercial realm and disproportionately affects vulnerable individuals. Privacy is a fundamental right protected by the European Convention on Human Rights, which safeguards the right to respect for private life, the home and correspondence (Council of Europe). In this digital age, the right to privacy is increasingly important: as it can easily be violated by both states and companies. For example, in the United States individuals seeking abortions face significant risks due to data collection practices. The unregulated collection of data from reproductive health apps can compromise the privacy of those seeking these services, making them vulnerable to imprisonment in states where the practice has been illegalised. Notably, in 2019, the period-tracking app Flo had to settle with the Federal Trade Commission (FTC), after selling user data to firms including Facebook and Google (Brookings).
Data surveillance can affect vulnerable individuals not only in the United States but also in the European Union, as evidenced by a recent case in the Netherlands. The Foundation Take Back Your Privacy and the Dutch Consumer Association are pursuing a €1.5 billion claim against TikTok, alleging that TikTok exploits the personal data of child users, in violation of the GDPR and Dutch and European consumer law. The accusations range from data minimization and transparency violations, to processing personal data without a lawful basis and failing to obtain valid consent from children and their parents or guardians. Mishandling of personal data leaves children vulnerable to harm online, making it easier for harassers to target victims in person. In severe cases, the collection of personal data could be exploited by individuals seeking to groom or exploit children. Information gathered through the leaking of personal data by media platforms can therefore leave children open to exploitation and harm.
GDPR is crucial in ensuring that our rights are safeguarded. By protecting privacy, curbing data exploitation, and holding platforms accountable for mishandling data, GDPR ensures morally correct treatment for all. Data protection is especially important for susceptible individuals, such as those seeking medical care or young children. As we navigate the complex landscape of data-driven technologies, GDPR remains a tool that ensures access to justice and secures the rights of the most vulnerable among us.
This article is written by Sophie Gray (UvA student)