Sangam: A Confluence of Knowledge Streams

Online Data Processing Consent Under EU Law: A Theoretical Framework and Empirical Evidence from the UK

Show simple item record

dc.creator Ferretti, F
dc.creator Borghi, M
dc.creator Karapapa, S
dc.date 2015-01-14T12:37:45Z
dc.date 2013-03-10
dc.date 2015-01-14T12:37:45Z
dc.date 2013
dc.date.accessioned 2022-05-25T14:53:03Z
dc.date.available 2022-05-25T14:53:03Z
dc.identifier International Journal of Law and Information Technology, 21:2, pp. 109 - 153, 2013
dc.identifier 1464-3693
dc.identifier http://ijlit.oxfordjournals.org/content/21/2/109
dc.identifier http://bura.brunel.ac.uk/handle/2438/9741
dc.identifier http://dx.doi.org/10.1093/ijlit/eat001
dc.identifier.uri http://localhost:8080/xmlui/handle/CUHPOERS/172665
dc.description This article analyses the results of an empirical study on the 200 most popular UK-based websites in various sectors of e-commerce services. The study provides empirical evidence on unlawful processing of personal data. It comprises a survey on the methods used to seek and obtain consent to process personal data for direct marketing and advertisement, and a test on the frequency of unsolicited commercial emails (UCE) received by customers as a consequence of their registration and submission of personal information to a website. Part One of the article presents a conceptual and normative account of data protection, with a discussion of the ethical values on which EU data protection law is grounded and an outline of the elements that must be in place to seek and obtain valid consent to process personal data. Part Two discusses the outcomes of the empirical study, which unveils a significant departure between EU legal theory and practice in data protection. Although a wide majority of the websites in the sample (69%) has in place a system to ask separate consent for engaging in marketing activities, it is only 16.2% of them that obtain a consent which is valid under the standards set by EU law. The test with UCE shows that only one out of three websites (30.5%) respects the will of the data subject not to receive commercial communications. It also shows that, when submitting personal data in online transactions, there is a high probability (50%) of incurring in a website that will ignore the refusal of consent and will send UCE. The article concludes that there is severe lack of compliance of UK online service providers with essential requirements of data protection law. In this respect, it suggests that there is inappropriate standard of implementation, information and supervision by the UK authorities, especially in light of the clarifications provided at EU level.
dc.language English
dc.language en
dc.publisher Oxford University Press
dc.relation International Journal of Law and Information Technology
dc.relation International Journal of Law and Information Technology
dc.relation International Journal of Law and Information Technology
dc.subject data protection
dc.subject e-privacy
dc.subject e-commerce
dc.subject consent
dc.subject unsolicited commercial emails
dc.subject EU law
dc.subject UK law
dc.title Online Data Processing Consent Under EU Law: A Theoretical Framework and Empirical Evidence from the UK
dc.type Article


Files in this item

Files Size Format View
Fulltext.doc 269.8Kb application/msword View/Open

This item appears in the following Collection(s)

Show simple item record

Search DSpace


Advanced Search

Browse