Data Protection By Design and By Default: Out of Sight, out of Politics?

Data protection regulation, and its on-going reform, has become a key topic in European Union policy debates. The so-called 'reform package' aims, inter alia, to achieve the ability to cope with 'rapid technological developments' (and their social and economic implications) and to 'build trust in the online environment' (Commission 2012, 1). In other words, data protection is framed as the productive response to the tensions among legal regulations, technologies, economic logics, law enforcement and judicial practices, and the protection of fundamental rights.

In this contribution, we argue that the data protection reform offers a privileged occasion to better grasp the development of a contemporary, original, and far-reaching form of governmentality. If data protection is about governing (through) data, what kind of politics may be(come) possible?

To address this question, we focus on the introduction of a new principle: 'data protection by design and by default'. Its goal is to enforce the respect of legislation and the protection of data subjects through the adoption of tailored technological and organizational tools. The study of the debates surrounding this provision and of its prospective functioning is promising for researchers interested on the modes and effects of regulation. In particular, a critical inquiry may cast a light on the interactions between the legal, the technological and the institutional, and on the paradoxical political side-effects of a successful implementation.