The vulnerable data subject: A gendered data subject?
Vulnerability is an emerging topic in many different fields, but data protection and privacy discussions of vulnerability have rarely engaged with gender studies. This paper investigates the notion of the ‘vulnerable data subject’ from a gender perspective, to question whether gender should be regarded as factor of vulnerability at all, and, if yes, how. It also asks what do these reflections tell us about the (gendered or un-gendered) notion of ‘standard data subject’. Even though the term ‘vulnerable data subject’ is only incidentally mentioned in EU data protection law, and in the GDPR only referring explicitly to children, several Data Protection Authorities (e.g. in Spain and Poland) have considered “being female” as a potential source of data subject’s vulnerability (e.g. in case of consumers victims of sex-related crimes). The US privacy tort – as originally conceived – was built off gendered notions of female modesty, suggesting women were vulnerable, and connecting women’s privacy claims to the ‘wrong kind of privacy’. Looking at the history and foundations of privacy and data protection law, surface questions such as whether the ‘average data subject’ in privacy and data protection legislation is, by default, a man, and whether women might have to be regarded as vulnerable data subjects just because they are women. This article then looks into law and economics analysis of consumers’ behaviour, but also political philosophy and, in particular, gender studies, to observe an intellectual polarisation: on the one hand the universalist approach, according to which every human must be regarded as vulnerable, as otherwise vulnerability would be a stigmatising label; on the other hand the particularistic approach, according to which some subjects are more vulnerable than others (in particular, women are more vulnerable – i.e. subject to adverse effects – than men in many contexts: workplace, education, etc.). A third way might be the ‘layered’ theory of Luna, based on a contextual and relational (even situational) nature of vulnerability. This solution is compatible with the layered risk-based approach in the GDPR, but also with intersectional approaches in gender studies. This ‘third way’ might be also a cautious solution to the ambiguous and inconsistent treatment of vulnerability both in the European Union policies surrounding data protection law and in the EU data protection practice itself (considering, e.g. the ineffective protection of children).
EJLT is an open access journal, aiming to disseminate academic work and perspectives as widely as possible to the benefit of the author and the author’s readers. It is the assumption of the EJLT that authors who publish in the journal wish their work to be available as freely and as widely as possible through the open access publishing channel.
Authors who publish with EJLT will retain copyright and moral rights in the underlying work but will grant all users the rights to copy, store and print for non-commercial use copies of their work. Commercial mirroring may also be carried out with the consent of the journal. The work must remain as published – without redaction or editing – and must clearly state the identity of the author and the originating EJLT url of the article. Any commercial use of the author’s work - apart from mirroring - requires the permission of the author and any aspects of the article which are the property of EJLT (e.g. typographical format) requires permission from EJLT.
Authors can sometimes become no longer contactable (through, for example, death or retirement). If this occurs, any rights in the work will pass to the European Journal of Law and Technology which will continue to make the work available in as wide a manner as possible to achieve the aims of open access and ensuring that an author's work continues to be available. An author - or their estate - can recover these rights from EJLT by providing contact information.
The European Journal of Law and Technology holds rights in format, publication and dissemination.
EJLT, as a non-commercial organisation - which receives donations to allow it to continue publishing – must retain information on reader access to journal articles. This means that we will not give permission to mirror the journal unless we can be provided with full details as to reader access to each and every journal article. We prefer and encourage deep linking rather than mirroring. Encouragement is thus given for all users – commercial and non-commercial – to provide indexes and links to articles in the EJLT where the index or link points to the location of the article on the EJLT server, rather than to stored copies on other servers.
Please contact the European Journal of Law and Technology if you are in any doubt as to what this statement of use covers.