The personal information sphere: An integral approach to privacy and related information and communication rights

Data protection laws, including the European Union General Data Protection Regulation, regulate aspects of online personalization. However, the data protection lens is too narrow to analyze personalization. To define conditions for personalization, we should understand data protection in its larger fundamental rights context, starting with the closely connected right to privacy. If the right to privacy is considered along with other European fundamental rights that protect information and communication flows, namely, communications confidentiality; the right to receive information; and freedom of expression, opinion, and thought, these rights are observed to enable what I call a “personal information sphere” for each person. This notion highlights how privacy interferences affect other fundamental rights. The personal information sphere is grounded in European case law and is thus not just an academic affair. The essence of the personal information sphere is control, yet with a different meaning than mere control as guaranteed by data protection law. The personal information sphere is about people controlling how they situate themselves in information and communication networks. It follows that, to respect privacy and related rights, online personalization providers should actively involve users in the personalization process and enable them to use personalization for personal goals.