{"id":461,"date":"2025-04-27T21:06:25","date_gmt":"2025-04-27T21:06:25","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/jb23435\/?page_id=461"},"modified":"2025-04-27T21:08:46","modified_gmt":"2025-04-27T21:08:46","slug":"what-does-the-general-data-protection-regulation-gdpr-mean-for-ethics","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/jb23435\/what-does-the-general-data-protection-regulation-gdpr-mean-for-ethics\/","title":{"rendered":"What does the General Data Protection Regulation (GDPR) mean for ethics?"},"content":{"rendered":"\n<p><strong>Introduction<\/strong><br>With the 2018 implementation of the EU\u2019s General Data Protection Regulation (GDPR), the world of data<br>privacy and cybersecurity was completely transformed. Although its underlying goal is to protect human<br>rights in an increasingly digitalized world, the law has some moral issues. These are concerns around the<br>privacy-security tradeoff, business costs associated with compliance and innovation chokepoints. In this<br>article, we discuss the ethics of the GDPR, specifically which rights it safeguards, which restrictions it<br>carries, and whether it does an adequate job of reconciling personal and shared interests.<\/p>\n\n\n\n<p><br><strong>Protection and Limitation of Rights<\/strong><br>This fundamental premise of the GDPR is defending rights of individuals, including the right to privacy.<br>It requires companies to gain explicit consent before collecting any data, and gives users a right to view,<br>amend or unsubscribe from their data. This means users are in full ownership of their online identity. To<br>quote from Moerel and Prins (2016): &#8220;The GDPR is a response to mounting fears of digital age eroding<br>privacy and an important step towards the enforcement of rights of individuals&#8221; (p 44).<br>But even the GDPR has some limitations that could be considered ethically problematic. The policy<br>upholds the right to privacy but, when it\u2019s used improperly, enables large-scale data-gathering<br>technologies like artificial intelligence (AI) and machine learning. These fields have been dominated by<br>data driven innovation and restrictive data usage regulations such as the GDPR may restrict innovation<br>for businesses. That makes ethical questions arise about whether the law values the individual rights more<br>than the shared interests of technology development and prosperity (Mantelero, 2018).<\/p>\n\n\n\n<p><br><strong>Costs and Benefits of GDPR<\/strong><br>The cost of doing business is one of the big moral issues with GDPR. Data protection, data protection<br>officers, compliance \u2013 all these things are a large expenditure but relatively cheap for the size of a large<br>company. But small and medium-sized companies (SMEs) have a bigger problem. The compliance for<br>GDPR is almost a nightmare for SMEs, which puts financial pressure or even shutters the company. This<br>leads to a moral dilemma: GDPR has an intent to protect individuals\u2019 rights but can also adversely affect<br>small businesses which lack the resources to comply with its rigorous standards (Veale, Binns &amp; Ausloos,<br>2018).<br>The advantages of the GDPR, however, are huge for individuals because it gives them more access to<br>their data and make companies accountable for data breaches. This is crucial at a time when data breaches<br>and data misuse are not uncommon. But, the regulation\u2019s cost-benefit ratio might be biased against firms<br>\u2013 particularly EU entities not already obligated under GDPR because the GDPR is extraterritorial. These<br>businesses could incur large compliance fees without enjoying the full advantage of European market<br>access, so it is not always fair to consider how the policy will be applied across the globe.<\/p>\n\n\n\n<p><br><strong>Equally Reducing Individual Rights to Individual Interests?<\/strong><br>The GDPR clarifies the key ethical issues about data privacy, but it also questions the proper balance of<br>personal and collective interest. By being so focused on personal privacy, the law can restrict data for<br>research and development in areas that may be useful to society more generally. For instance, healthcare<br>data is crucial for medical research, but even anonymised data is strictly prohibited under GDPR. It can<br>also stifle the studies that could result in novel therapies and public health advancements (Mantelero,<br>2018).<br>And the GDPR not only gives people more power, by giving them greater control over their data, it limits<br>certain freedoms. Businesses, especially tech startups, might encounter ethical difficulties as they strive to<br>comply with GDPR and also develop and launch new products and services. \u2018Ethics is about balancing<br>competing rights, and in the present draft of the GDPR the right to privacy might be overriding other<br>desirable rights, such as the right to benefit from technological innovation,\u2019 Floridi (2016) writes (p.10).<\/p>\n\n\n\n<p><br><strong>Does GDPR Properly Deal With Individuals\u2019 Rights?<\/strong><br>The GDPR seeks to protect individuals rights \u2013 including the right to privacy \u2013 but critics say it may not<br>do justice to the new digital world. The demand for explicit permission, for example, can occasionally<br>cause &#8220;consent fatigue&#8221; as the process becomes flooded with request after request that diminishes the<br>purpose of what they can say. This is ethically problematic in that we may be asking whether participants<br>are actually giving informed consent or merely click on an agreement without really understanding the<br>implications (Veale et al, 2018).<br>Furthermore, while the GDPR grants individuals a right to have their data deleted (&#8220;right to be<br>forgotten&#8221;), this right can conflict with other ethics, such as a right to public information. How to strike a<br>middle ground between these competing interests is an ethical problem that both policymakers and judges must remain faced with in the new digital age.<\/p>\n\n\n\n<p><br><strong>Conclusion<\/strong><br>The ethical implications of the GDPR are complex \u2013 it touches upon questions of individual rights,<br>corporate expenses, and social good. While it provides meaningful protections for personal privacy, the<br>regulation also creates ethical issues about its implications for innovation, business resilience and<br>balancing the interests of individuals and societies. With the advances of digital technologies we will<br>require continuous ethical thought if the GDPR and similar regulations are to continue navigating the data privacy maze in a fair and just manner.<\/p>\n\n\n\n<p><strong>References<\/strong><br>Floridi, L. (2016). The ethics of information transparency. Ethics and Information Technology, 18(1), 9-<br>11. https:\/\/doi.org\/10.1007\/s10676-016-9404-5.<br>Mantelero, A. (2018). AI and Big Data: A road map for a human rights, social and ethical analysis of<br>impact. Computer Law &amp; Security Review, 34(2), 754-772. https:\/\/doi.org\/10.1016\/j.clsr.2018.05.017.<br>Moerel, L., &amp; Prins, C. (2016). Privacy for the Homo Digitalis: Rethinking data protection regulation in<br>the era of big data and IoT. Computer Law &amp; Security Review, 32(1): 43-57.<br>https:\/\/doi.org\/10.1016\/j.clsr.2015.12.007<br>Veale, M., Binns, R., &amp; Ausloos, J. (2018). Where data protection by design meets data subject rights.<br>International Data Privacy Law, 8(2), 105-123. https:\/\/doi.org\/10.1093\/idpl\/ipy002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>IntroductionWith the 2018 implementation of the EU\u2019s General Data Protection Regulation (GDPR), the world of dataprivacy and cybersecurity was completely transformed. Although its underlying goal is to protect humanrights in an increasingly digitalized world, the law has some moral issues. These are concerns around theprivacy-security tradeoff, business costs associated with compliance and innovation chokepoints. In&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/jb23435\/what-does-the-general-data-protection-regulation-gdpr-mean-for-ethics\/\">Read More<\/a><\/div>\n","protected":false},"author":24719,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/pages\/461"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/users\/24719"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/comments?post=461"}],"version-history":[{"count":2,"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/pages\/461\/revisions"}],"predecessor-version":[{"id":467,"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/pages\/461\/revisions\/467"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/media?parent=461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}