Consumer Choice and Consent in Data Protection

The mechanism of the GDPR limited legal grounds for the collection and processing of personal data, and the narrow and very restrictive interpretation of the same legal grounds runs the risk of limiting consumer choice, instead of reinforcing self-determination. This leads to removing the choice for consumers to pay with their data. The superimposition of competition law with the proposal to introduce dominance into the GDPR analysis is liable to exacerbate this effect by further limiting consumer choice. The GDPR example highlights the risk of introducing general and comprehensive privacy laws for consumer choice: while it reinforces consumer control on their data in general, it puts constraints on self-determination by reducing its choice in terms of features, products or ability to use its personal data to obtain more services.

By Pranvera Këllezi¹

I. INTRODUCTION

Consumer choice and consent go together in data protection, where the consumer has a choice when it consents on how the data are collected and processed. Express or implied, opt-in or opt-out: these requirements are there to qualify consent and consequently determine the choice of the consumer. Granularity of consent gives more choice to consumers on the collection and processing of their data. By contrast, strict conditions on the validity of consent reduce the ability of the consumers to consent and therefore their choices.

Consumer choice between substitute products makes competition work. Consu