The EU General Data Protection Regulation (2016/679, GDPR) was enacted to regulate digital platforms who process excessive amounts of personal data and dominate today’s online markets. However, the Regulation has not fully succeeded in meeting this goal. This article argues that effective regulation of digital platforms should be based on understanding the data power these companies hold. Data power, stemming from control over personal data, weakens monetary sanctions due to the monopolistic position digital platforms have obtained by data processing, reduces accountability and democratic control over data pro- cessing practices, and limits individual control over one’s own data. This power sets digital platforms apart from other companies and calls for sector-specific data protection rules for the platform industry.
Tuulia Karjalainen
Faculty of Law, University of Helsinki, P.O. Box 64, 00014, Finland