ABSTRACT
The arrival of the commercial internet brought a revolution in consumer opportunities as well as novel risks of deception and manipulation. While EU consumer law was initially not well prepared to regulate free services funded by targeted advertising, data protection was better equipped for this task. In the consumer sphere, it offered a highly flexible regulatory model centred on informed individual choice, underpinned by a core principle of fairness and directly rooted in European fundamental rights.
In the event, the goal of consumer empowerment through data protection remains on the horizon. Online user interfaces continue to evolve in ways that often confuse and sometimes mislead consumers. While the capacities of consumers to navigate complex digital environments, even when designed fairly, seem close to exhaustion. Consumer decision making is therefore frequently intuitive or even emotive, falling far short of the ideal of informed deliberation.
In response, consumer data protection law has increasingly pursued design regulation. Paradoxically, these efforts have tended to accept the limitations of consumer decision making, seeking policy ends by harnessing the intuitions of overwhelmed consumers, such as their mass preference for clicking ‘reject’ rather than ‘accept’ on cookie popups. The conundrum of this shallow autonomy at the heart of contemporary consumer data protection law will, however, not be easily resolved. The conflation of informational self-determination and the individual exercise of rights is embedded in EU digital constitutionalism. Nonetheless, solutions will be found. Services offered to consumers will be more closely regulated to reduce potential harms and consumers will have more opportunities to delegate their choices to trusted intermediaries.
Keller, Perry, Consumer Data Protection: Pursuing Data Subject Autonomy Through Design Regulation (November 1, 2023), European Journal of Consumer Law / Revue Européenne de Droit de la Consummation, Forthcoming.
Leave a Reply