The General Data Protection Regulation (GDPR) took effect mid-2018. The Regulation aims to protect the rights and freedoms of individual citizens against risks from the processing of personal data. It therefore necessitates measures to ensure that these risks are as small as possible. Citizens are also provided special rights, such as the ‘right to be forgotten’. The emergence of technologies such as ‘big data’ however lead to new questions: can the GDPR control the risks that arise from big data and sufficiently control corporate power?

To provide an answer to this question, Michiel Rhoen compared the GDPR with prior European regulations that were intended to regulate risks and power balances. In addition, he examined whether the special provisions on discrimination contained in the GDPR are sufficient to uncover and combat discrimination that arises from advanced analysis technologies (algorithms).

The research showed that the GDPR does not contain a proper analysis of the risks of big data. The GDPR provides consumers with few possibilities for involvement in decisions on their personal data. Existing methods which could protect consumers or the environment, were also not applied. As a result it is more difficult to assess whether the GDPR has achieved its goals and to further develop the legislation via case law. Rhoen also concluded that the GDPR can fall short in combatting discrimination through algorithms.

The dissertation, therefore, puts forward a number of guiding principles to be considered in the assessment of disputes between consumers and processors of personal data. These guiding principles could also be applied in the future evaluation of the GDPR.