Data protection in the era of predictive analysis: Overcoming the limits of informational self-determination

Even if a person has never divulged any personal or intimate data about themself, it is now possible to use predictive analytics to generate it without their knowledge and from vast quantities of available data. The data generated can be used to make decisions about individuals, leading to manipulation and discrimination. The General Data Protection Regulation (GDPR), as a set of requirements for data protection, is essentially based on informational self-determination. In this article, we will demonstrate that this approach does not adequately protect individuals from the risks raised by predictive analytics and that it ignores the collective issues linked to this type of analysis. We will argue for the addition of a form of societal protection, that is, a legislative framework for the uses of data in line with a risk-based approach. We will suggest two ways of incorporating this framework into the GDPR. We will also underline the fact that data protection is rooted in the right to privacy and recall the ethical values it upholds.