Enter the quagmire - the complicated relationship between data protection law and consumer protection law

Research output: Contribution to journalArticleResearchpeer-review

2 Citations (Scopus)

Abstract

This article examines the complex relationship between consumer protection law and data protection law, particularly within the EU's online environment, and highlights the problems that stem from this complexity. It suggests that, while there are significant similarities between their respective sources, tools and purposes, there are also arguable differences between consumer protection law and data protection law. One such arguable difference is found in that, while consumer protection law can be seen to merely set a floor in its pursuit of a sufficiently high level of consumer protection, data protection law - due to its clearly articulated dual purposes of (a) protecting individuals with regard to the processing of personal data and (b) providing for the free movement of such data - sets both a floor and a ceiling.Having discussed the relationship between consumer protection law and data protection law in more detail, the argument is made that it seems possible to conclude that the balance struck in the Data Protection Directive, and soon in the General Data Protection Regulation, places limitations on consumer protection law. The implications of this conclusion are then examined briefly in the context of some matters currently coming before the CJEU and the contours of a framework are presented, addressing situations where a data protection-based liability claim is pursued against a third-party non-controller under consumer protection law.

Original languageEnglish
Pages (from-to)25-36
Number of pages12
JournalComputer Law and Security Review
Volume34
Issue number1
DOIs
Publication statusPublished - 1 Feb 2018

Fingerprint

Consumer protection
data protection
consumer protection
Data privacy
Law
Data protection
Ceilings
personal data
liability
EU

Cite this

@article{a0a5ca739e4a4c37a5672e346951f517,
title = "Enter the quagmire - the complicated relationship between data protection law and consumer protection law",
abstract = "This article examines the complex relationship between consumer protection law and data protection law, particularly within the EU's online environment, and highlights the problems that stem from this complexity. It suggests that, while there are significant similarities between their respective sources, tools and purposes, there are also arguable differences between consumer protection law and data protection law. One such arguable difference is found in that, while consumer protection law can be seen to merely set a floor in its pursuit of a sufficiently high level of consumer protection, data protection law - due to its clearly articulated dual purposes of (a) protecting individuals with regard to the processing of personal data and (b) providing for the free movement of such data - sets both a floor and a ceiling.Having discussed the relationship between consumer protection law and data protection law in more detail, the argument is made that it seems possible to conclude that the balance struck in the Data Protection Directive, and soon in the General Data Protection Regulation, places limitations on consumer protection law. The implications of this conclusion are then examined briefly in the context of some matters currently coming before the CJEU and the contours of a framework are presented, addressing situations where a data protection-based liability claim is pursued against a third-party non-controller under consumer protection law.",
author = "Svantesson, {Dan Jerker B.}",
year = "2018",
month = "2",
day = "1",
doi = "10.1016/j.clsr.2017.08.003",
language = "English",
volume = "34",
pages = "25--36",
journal = "Computer Law and Security Review",
issn = "0267-3649",
publisher = "Elsevier",
number = "1",

}

Enter the quagmire - the complicated relationship between data protection law and consumer protection law. / Svantesson, Dan Jerker B.

In: Computer Law and Security Review, Vol. 34, No. 1, 01.02.2018, p. 25-36.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Enter the quagmire - the complicated relationship between data protection law and consumer protection law

AU - Svantesson, Dan Jerker B.

PY - 2018/2/1

Y1 - 2018/2/1

N2 - This article examines the complex relationship between consumer protection law and data protection law, particularly within the EU's online environment, and highlights the problems that stem from this complexity. It suggests that, while there are significant similarities between their respective sources, tools and purposes, there are also arguable differences between consumer protection law and data protection law. One such arguable difference is found in that, while consumer protection law can be seen to merely set a floor in its pursuit of a sufficiently high level of consumer protection, data protection law - due to its clearly articulated dual purposes of (a) protecting individuals with regard to the processing of personal data and (b) providing for the free movement of such data - sets both a floor and a ceiling.Having discussed the relationship between consumer protection law and data protection law in more detail, the argument is made that it seems possible to conclude that the balance struck in the Data Protection Directive, and soon in the General Data Protection Regulation, places limitations on consumer protection law. The implications of this conclusion are then examined briefly in the context of some matters currently coming before the CJEU and the contours of a framework are presented, addressing situations where a data protection-based liability claim is pursued against a third-party non-controller under consumer protection law.

AB - This article examines the complex relationship between consumer protection law and data protection law, particularly within the EU's online environment, and highlights the problems that stem from this complexity. It suggests that, while there are significant similarities between their respective sources, tools and purposes, there are also arguable differences between consumer protection law and data protection law. One such arguable difference is found in that, while consumer protection law can be seen to merely set a floor in its pursuit of a sufficiently high level of consumer protection, data protection law - due to its clearly articulated dual purposes of (a) protecting individuals with regard to the processing of personal data and (b) providing for the free movement of such data - sets both a floor and a ceiling.Having discussed the relationship between consumer protection law and data protection law in more detail, the argument is made that it seems possible to conclude that the balance struck in the Data Protection Directive, and soon in the General Data Protection Regulation, places limitations on consumer protection law. The implications of this conclusion are then examined briefly in the context of some matters currently coming before the CJEU and the contours of a framework are presented, addressing situations where a data protection-based liability claim is pursued against a third-party non-controller under consumer protection law.

UR - http://www.scopus.com/inward/record.url?scp=85028863103&partnerID=8YFLogxK

U2 - 10.1016/j.clsr.2017.08.003

DO - 10.1016/j.clsr.2017.08.003

M3 - Article

VL - 34

SP - 25

EP - 36

JO - Computer Law and Security Review

JF - Computer Law and Security Review

SN - 0267-3649

IS - 1

ER -