Delegation for privacy management from womb to tomb – a European perspective

Abstract

In our information society with processing of personal data in almost all areas of life, the legally granted right to privacy is quite hard to preserve. User-controlled identity management systems have been proposed as a means to manage one’s own private sphere. Still there is no functioning concept how privacy protection can be effectively safeguarded over a long time period and how self-determination in the field of privacy can be maintained in all stages of life from the womb to the tomb. When user control and the capability to exercise rights can not yet or no longer be carried out by the data subject herself, the decisions concerning the processing of personal data may have to be delegated to a delegate. In this text, we elaborate on delegation of privacy-relevant actions under a lifelong perspective and point out possible legal, technological, and organizational measures to appropriately take up the arising challenges. For crucial gaps in current concepts we sketch solutions and explain implications on user-controlled identity management systems. Finally we give recommendations to stakeholders such as data controllers, application designers and policy makers.