Grappling with “Data Power”: Normative Nudges from Data Protection and Privacy
Abstract
The power exercised by technology companies is attracting the attention of policymakers, regulatory bodies and the general public. This power can be categorized in several ways, ranging from the “soft power” of technology companies to influence public policy agendas to the “market power” they may wield to exclude equally efficient competitors from the marketplace. This Article is concerned with the “data power” exercised by technology companies occupying strategic positions in the digital ecosystem. This data power is a multifaceted power that may overlap with economic (market) power but primarily entails the power to profile and the power to influence opinion formation.
While the current legal framework for data protection and privacy in the EU imposes constraints on personal data processing by technology companies, it ostensibly does so without regard to whether or not they have “data power.” This Article probes this assumption. It argues that although this legal framework does not explicitly impose additional legal responsibilities on entities with “data power,” it provides a clear normative indication to do so. The volume and variety of data and the reach of data-processing operations seem to be relevant when assessing both the extent of obligations on technology companies and the impact of data processing on individual rights. The Article suggests that this finding provides the normative foundation for the imposition of a “special responsibility” on such firms, analogous to the “special responsibility” imposed by competition law on dominant companies with market power. What such a “special responsibility” might entail in practice will be briefly outlined and relevant questions for future research will be identified.