Emerging Collective Implications of Personal Data Processing: Challenges and Responses in the European Context

In the age of Big Data, artificial intelligence and algorithms, personal data protection takes on increased relevance not only in its individual dimension, but also and specially in its superindividual dimension. Given the risks arising from the extensive use of penetrating techniques of data collection, user profiling and predictive analytics, involving new challenges for the safeguard of fundamental rights and democracy, it is essential to recognise the importance and peculiarities of such superindividual dimension, hence to develop solutions capable to take due account of the collective implications of data processing. Consistently, our analysis focuses on those challenges that transcend the individual dimension of data protection and, more specifically, on how they are being addressed in Europe. The General Data Protection Regulation has established the transition to a new protection model, including risk management and accountability as key components, with the declared purpose of combining the development of digital economy with a proper protection of personal data. Nevertheless, it does not demonstrate full awareness of the collective risks currently related to data processing: a further step should be taken, in order to incorporate the superindividual dimension of data protection into European and national legislations. Therefore, by considering the indications coming from some recent texts drawn up within the European Union and the Council of Europe, we point out some possible approaches and tools which should be adopted and implemented in this perspective.