In this contribution, we argue that the data protection reform offers a privileged occasion to better grasp the development of a contemporary, original, and far-reaching form of governmentality. If data protection is about governing (through) data, what kind of politics may be(come) possible?
To address this question, we focus on the introduction of a new principle: 'data protection by design and by default'. Its goal is to enforce the respect of legislation and the protection of data subjects through the adoption of tailored technological and organizational tools. The study of the debates surrounding this provision and of its prospective functioning is promising for researchers interested on the modes and effects of regulation. In particular, a critical inquiry may cast a light on the interactions between the legal, the technological and the institutional, and on the paradoxical political side-effects of a successful implementation.