Rear view mirror, crystal ball: Predictions for the future of data protection law based on the history of environmental protection law

Several authors have compared the impact of Big Data to the environmental impact of industrialisation (Kuneva, 2009, Schneier, 2013, Hirsch, 2006). This analogy seems useful: like the exhaust and use of chemical compounds, the omnipresent generation and subsequent use of personal data can impact individuals as well as society as a whole. Similarly to the effects of industrialisation, adverse side-effects of datafication on individuals, societies and ecosystems could manifest themselves only years later and in seemingly unrelated contexts. Industrialised societies have enacted laws in response to the adverse environmental effects of industrialisation. Theories from modern sociology and public awareness have played a significant role in this process. Similarly, the European Union has enacted the General Data Protection Regulation to address the risks of processing of personal data. But laws tend to come only after any negative impact has become sufficiently apparent. This has spurred the introduction of precaution-and discourse-based management of unknown risks. The GDPR appears to implement these risk management mechanisms less extensively than current environmental protection laws. As with the effects of industrialisation, the side-effects of datafication cannot be entirely known in advance. Privacy is currently a prime concern, but datafication can also affect entire societies if it results in a digital panopticon. Considering the influence of Risk Society Theory and Normal Accident Theory, two important social theories concerning industrial hazards, this article proposes a number of areas where future iterations of data protection law can be developed. (C) 2017 Michiel Rhoen. Published by Elsevier Ltd. All rights reserved.