Contributor(s): Professor Alex Voorhoeve, Dr Elin Palm, Dr Orla Lynskey | Prominent ethical and legal frameworks claim that governments and businesses can permissibly process personal information, under specific conditions, as soon as data subjects give their consent. This already justifies constraints on personal data processing practices to secure free, informed, and unambiguous consent, as well as to respect the context in which consent was given. But consent is not the whole story.
Processing personal data without consent may be permissible in some cases when other “legitimate interests” are at stake, such as national security or fraud prevention: so, how to balance privacy and other legitimate interests? On the other hand, emerging accounts of privacy propose that obtaining individual consent is sometimes insufficient to justify personal data processing. If giving away one’s personal data reveals information about others, or if coordination failure leads to suboptimal privacy for all, collective privacy decisions may be required.
view more