Your Privacy Is Important to Us! – Restoring Human Dignity in Data-Driven Marketing

about & support

Foreword by Eric K. Clemons

Preface, Acknowledgements and Abbreviations



1. Why this book?
    (#methodology #delimitations #structure)

2. Data-Driven Business Models
    (#surveillancecapitalism #valueextraction #harm)


3. Regulating Markets
    (#law #markets #architecture #consumerprotection)

4. Data Protection Law
    (#gdpr #personaldata #lawfulprocessing #legitimatebasis)

5. Marketing Law
    (#ucpd #professionaldiligence #averageconsumer)


6. Human Decision-Making
    (#agency #psychology #boundedrationality #willpower)

7. Persuasive Technology
    (#technology #choicearchitecture #friction #prompts)

8. Manipulation
    (#coercion #deception #subliminalmarketing #paternalism)

9. Transparency
    (#information #communication #complexity #asymmetry)


10. Human Dignity and Democracy
      (#humanwellbeing #privacy #discrimination #proportionality)


11. Conclusions
      (#humandignity #datadrivenmarketing #beinghuman)

12. Next Steps
      (#action #conversations #future)


Why this book?

#law and beyond  #methodology  #delimitations  #structure

The internet has delivered on many of the promises that it offered the ‘information society’ in the wake of its popular and commercial breakthrough in the 1990s. In that vein, its impact is comparable to the introduction in the mid-1400s of the printing press with movable type—an invention that ushered us out of the dark ages through the age of discovery and enlightenment to the current age of information, attention and addiction.

This book is about the downsides of certain business models that often rely on the internet and dominate large parts of the modern information society. The hypothesis is that the negative consequences can be mitigated with negligible impact on the benefits from the technologies, which will make society richer in a broad sense. The hope is to steer us away from entering a new dark age with limited scientific and cultural advancement.1

1. Aim and objectives

The aim of this book is to inform and amplify ongoing debates by providing a coherent framing of data-driven marketing in the context of law, psychology, technology and society. The objective is to elucidate how data protection law and consumer protection law can work in tandem to mitigate negative effects of data-driven business models that challenge democracy by infringing on human dignity.

At the core of the predatory aspects of data-driven business models are the capabilities for surveillance and manipulation that may have both personal, social and societal consequences. Therefore, the objective includes to consider the role of fundamental rights (primary law) that are intended to protect human dignity and democracy.

2. Methodology

The analyses are based on a legal methodology that focuses on the analysis of sources of law, including in particular legislation and case law. Administrative documents, including e.g. Commission staff working documents as well as guidelines from the EDPB and its predecessor, the Article 29 Working Party, are included with the caveat that such sources do not necessarily reflect valid law.2

This book builds on a legal methodology that embraces the CJEU’s appetite for teleological, effective and holistic interpretation of EU law, which is further substantiated and discussed in Part II (law).

Many of the issues have not been dealt with by the CJEU, and the solutions outlined here do not necessarily reflect how the CJEU—eventually—will interpret the law. It is thus an additional aim to inspire law-makers as well as enforcement authorities and other litigators, with a view to having the arguments tested with the judiciary.

2.1. Law and policy

Politics and law are intertwined. Law reflects political decisions, and political opinions suggest how the law should be amended. Legal scholars use the distinction between de lege lata (the law as it exists) and de lege ferenda (the law as it should be).

Law is not an exact science. Especially when case law from the CJEU is sparse—as is the case for many of the topics dealt with here—a prognosis for de lege lata must be associated with uncertainty (known unknowns). Thus, some findings may turn out to constitute de lege lata and others de lege ferenda.

Law is dynamic. If judges of the CJEU—maybe after reading this book—decide to interpret the law in a way that is aligned with the presented arguments, our prognosis turns out to be right (i.e. de lege lata), even though there was no supporting case law when the argument was presented in this book. Conversely, if a subsequent judgment debunks an argument or prognosis, it will turn out to fall under de lege ferenda that may be achieved through legislation.

The aim is to provide a prognosis for de lege lata, while, being aware that new legislation or case law may be required. As the primary purpose of this book is to facilitate an informed debate on the regulation of data-driven marketing, it is not crucial in which box an argument falls.

We aim to provide arguments and prognoses that are (1) not inconsistent with current legal sources, including case law, and (2) not unlikely, given the legal arguments as well as cited research from outside the field of law.

3. Assumptions and delimitations

In the legal analyses in this book, we apply research from different disciplines within business, psychology and technology. References to resources are made when arguments are presented, but it is neither possible nor desirable to present an exhaustive account of all research areas.

If the reader should not find the arguments from other disciplines to be sufficiently substantiated, we draw inspiration from the field of economics and hereby include them as assumptions, i.e. ‘facts’ or ‘evidence’ for the purpose of this research. This is no less problematic than the economic assumption of fully rational consumers, which we explore in Chapter 6 (human decision-making).

For our legal analyses, we focus on data protection law, marketing law and fundamental rights, as introduced in Part II (law). We do not go into detail with enforcement, but address some aspects of effective enforcement and fines in Chapter 12 (next steps).

In particular, we will not focus on competition law or tax law that also regulate important legal aspects of data-driven business models. Aspects of platform liability and contract law are also excluded in order to keep the book focused. Inspiration is, however, drawn from consumer protection aspects of contract law.

Given efficient tax planning and the size of big tech-actors, much focus has—for good reasons—been on tax law and competition law (‘antitrust’/‘monopoly’). Consumer protection law, including data protection law in this context, has the advantage that—in contrast to competition law—it applies to traders regardless of market power.

Even if there existed real competition among providers of e.g. search and social media (think of a market with a few Googles and Facebooks), there are still intrinsic parts of data-driven business models that are likely to infringe on privacy and distort the economic interests of consumers.

We focus on European Union law, but insights, ideas and solutions can be translated to inspire legal interpretation and legislation in jurisdiction outside the European Union.

Longer descriptions of legislative proposals are avoided, and we do not go in detail with, the proposed ePrivacy Regulation,3 Digital Services Act,4 Digital Markets Act5 and Artificial Intelligence Act.6 Also, as our focus is on consumer protection, we do not go in detail with the Platform to Business Regulation.7 This book is about the regulation of business models rather than technology.

4. Structure


In the first part we will explore the nature and role of data-driven business models in business-to-consumer markets. The primary attributes we focus on is (1) personalisation and surveillance, (2) value extraction and behaviour modification, and (3) that the products are often offered for ‘free’. These business models are often associated with information technology that is easy to automate and scale.


We introduce the concept of law as a system of regulating behaviour in society based on specific goals and by balancing often-conflicting interests. In the market, relevant interests pertain to competition (other traders), consumers/citizens and society as such. In this vein we introduce fundamental rights, data protection law (GDPR) and marketing law (UCPD). These legal disciplines are further elaborated and applied in the rest of the book.


Human agency and the right to self-determination are central concepts in legal theory as well as in consumer protection law, where the regulatory framework aims at empowering consumers to act in accordance with their goals, values and preferences. In this part, we focus on human decision-making while elucidating how psychology and technology can affect human behaviour and inspire law. Empowerment requires capable individuals, transparency and the absence of manipulation.


We revisit fundamental rights and discuss their role in market regulation. Attention and agency are scarce and precious resources that—once consumed by data-driven business models—cannot be used for other social or societal activities. To the extent that business models rely on surveillance, attention extraction and behaviour modification, it seems reasonable to discuss the freedom to conduct a business in light of human dignity, privacy and non-discrimination. We discuss the important concept of proportionality in light of the fundamental right to conduct a business.


The conclusion is deliberately detailed so that the time-conscious reader can quickly get an overview of the book’s primary messages. After the conclusions, we introduce measures that may enhance transparency, empowerment and human well-being in the context of data-driven business models. This includes the use of technology (humane technology and human welfare computing), the role of education (itself a part of consumer protection) and necessary conversations. The aim must be to ensure that markets and technology eventually work for people and not vice versa.

1. See also Maggie Jackson, Distracted (Prometheus Books 2008), p. 13: ‘The way we live is eroding our capacity for deep, sustained, perceptive attention—the building block of intimacy, wisdom, and cultural progress.’

2. Jan Trzaskowski, ‘Interpretation and Assessment under the Unfair Commercial Practices Directive—the ICC Code for Advertising and Marketing and the Commission’s Staff Working Document’, in Ulf Bernitz & Caroline Heide-Jørgensen (eds), Marketing and Advertising Law in a Process of Harmonization (Hart 2017), pp. 85–103.

3. Proposal for a regulation concerning the respect for private life and the protection of personal data in electronic communications (Regulation on Privacy and Electronic Communications), 10 January 2017, COM(2017) 10 final, 2017/0003 (COD).

4. Proposal for a Regulation on a Single Market For Digital Services (Digital Services Act), 15 December 2020, COM(2020) 825 final, 2020/0361(COD).

5. Proposal for a Regulation on contestable and fair markets in the digital sector, 15 December 2020, COM(2020) 842 final, 2020/0374(COD).

6. Proposal for a regulation laying down harmonised rules on artificial intelligence, of 21 April, COM(2021) 206 final, 2021/0106 (COD).

7. Regulation (EU) 2019/1150 on promoting fairness and transparency for business users of online intermediation services. See also Commission Notice, Guidelines on ranking transparency pursuant to Regulation (EU) 2019/1150 of the European Parliament and of the Council, 8 December 2020, Official Journal, C 424/1.