ISSN 2663-0583 (Online)
ISSN 2663-0575 (Print)
  • Home
  • The Right to Informational Self-Determination between Legislation and Implementation
"

The Right to Informational Self-Determination between Legislation and Implementation

Summary: 1. Introduction. – 1.1. Significance of the Study. – 1.2. Research Problem. – 1.3. Research Methodology. – 1.4. Study Outline. – 2. The Nature of the Right to Informational Self-Determination. – 2.1. The Concept of the Right to Privacy. – 2.2. Definition of Informational Self-Determination. – 2.3. The Legal Nature of the Right to Informational Self-Determination. – 3. The Content of the Right to Informational Self-Determination. – 3.1. Rights of the Data Subject During Processing. – 3.1.1. The Right of Access by the Data Subject. – 3.1.2. Scope of the Right. – 3.2. The Right to Data Portability. – 3.3. The Right to Rectification. – 3.4. The Right to Object to Data Processing. – 3.5. The Right to Object to Direct Marketing. – 3.6. The Right to Request Erasure (Right to be Forgotten). – 4. Practical Challenges and Ways to Address Them. – 4.1. Practical Challenges. – 4.1.1. The Limitations of Consent in AI and Big Data Environments. – 4.1.2. Difficulties in Exercising Individual Rights. – 4.1.3. The Problem of Centralised Enforcement and Institutional Performance Disparities. – 4.1.4. The Protection of Mental Data and Emerging Data Patterns. – 4.2. Proposed Approaches to Address Implementation Gaps. – 4.2.1. A Critical Analysis of the Gap Between Legal Text and Practice. – 4.2.2. A Study of Judicial and Regulatory Cases. – 4.2.3. Evaluating the Effectiveness of Oversight and Supervision. – 4.2.4. Recommendations to Strengthen the Practical Application of the Right to Informational Self-Determination. – 5. Conclusions.

Full Text:

DOI

HTML Abstract About Author(s) References Reviews Українською

 

 

BackgroundThe right to informational self-determination has emerged as a pivotal component of digital rights in the era of artificial intelligence and big data. Rooted in the broader right to privacy, this right enables individuals to control the collection, use, and dissemination of their personal data. Despite its recognition in instruments such as the General Data Protection Regulation (GDPR), a significant gap persists between the legal framework and practical implementation. The rationale of this study lies in analysing the disjunction between legislative guarantees and the realities of enforcement, with a focus on the European legal landscape. The increasing complexity of digital technologies and the emergence of new data categories—such as mental data—have challenged both legal doctrines and institutional capabilities.

MethodsThe study employs a doctrinal legal analysis, drawing on a comprehensive examination of the GDPR provisions, judicial precedents from the Court of Justice of the European Union, national supervisory authority reports, and academic commentaries. Comparative elements are included to contextualise the European framework within broader international developments. Practical cases and regulatory enforcement patterns are used to identify gaps and assess the effectiveness of current mechanisms. The research also incorporates an analytical evaluation of algorithmic environments and their implications for consent, transparency, and individual agency.

Results and Conclusions: The study finds that while the GDPR offers a robust structure for personal data protection, its practical application is hindered by structural, technical, and interpretive challenges. Consent is often rendered ineffective in AI-driven contexts; individuals struggle to exercise their rights, and regulatory enforcement remains uneven across Member States. The research highlights the need for a harmonised institutional model, enhanced user interfaces, and the legal recognition of emerging data types like mental data. It concludes that bridging the legislative-implementation divide requires integrating legal, technological, and ethical tools within a cohesive framework—reaffirming the right to informational self-determination as a cornerstone of digital human dignity.

Abstract

 

BackgroundThe right to informational self-determination has emerged as a pivotal component of digital rights in the era of artificial intelligence and big data. Rooted in the broader right to privacy, this right enables individuals to control the collection, use, and dissemination of their personal data. Despite its recognition in instruments such as the General Data Protection Regulation (GDPR), a significant gap persists between the legal framework and practical implementation. The rationale of this study lies in analysing the disjunction between legislative guarantees and the realities of enforcement, with a focus on the European legal landscape. The increasing complexity of digital technologies and the emergence of new data categories—such as mental data—have challenged both legal doctrines and institutional capabilities.

MethodsThe study employs a doctrinal legal analysis, drawing on a comprehensive examination of the GDPR provisions, judicial precedents from the Court of Justice of the European Union, national supervisory authority reports, and academic commentaries. Comparative elements are included to contextualise the European framework within broader international developments. Practical cases and regulatory enforcement patterns are used to identify gaps and assess the effectiveness of current mechanisms. The research also incorporates an analytical evaluation of algorithmic environments and their implications for consent, transparency, and individual agency.

Results and Conclusions: The study finds that while the GDPR offers a robust structure for personal data protection, its practical application is hindered by structural, technical, and interpretive challenges. Consent is often rendered ineffective in AI-driven contexts; individuals struggle to exercise their rights, and regulatory enforcement remains uneven across Member States. The research highlights the need for a harmonised institutional model, enhanced user interfaces, and the legal recognition of emerging data types like mental data. It concludes that bridging the legislative-implementation divide requires integrating legal, technological, and ethical tools within a cohesive framework—reaffirming the right to informational self-determination as a cornerstone of digital human dignity.

About Authors

 

Authors information

 

Najlaa Flayyih*

PhD (Law), Associate Professor, College of Law, Ajman University, Ajman, United Arab Emirates

n.flayyih@ajman.ac.ae

https://orcid.org/0000-0002-2807-9350

Corresponding author, responsible for research methodology, data curation, investigation, writing-original draft.

 

Mohammed Hassan Ali 

PhD (Law), Associate Professor in Private Law, Law Faculty, University of Fujairah, Fujairah, United Arab Emirates

mohd.abdullah@uof.ac.ae

https://orcid.org/0000-0003-3592-2657

Co-author, responsible for data curation, funding acquisition, resources, validation, writing – review & editing.

 

Ahmad Fadli

PhD (Law), Associate Professor, College of Law, Ajman University, Ajman, United Arab Emirates

a.fadli@ajman.ac.ae

https://orcid.org/0000-0003-2117-7801

Co-author, responsible for conceptualization, formal analysis, validation, writing-original draft.

 

Khaled Aljasmi

PhD (Law), Associate Professor, College of Law, Ajman University, Ajman, United Arab Emirates

k.aljasmi@ajman.ac.ae

https://orcid.org/0000-0003-0085-8085

Co-author, responsible for formal analysis, data curation, validation, writing-original draft.

 

Competing interests: No competing interests were disclosed.

 

Disclaimer: The author declares that his/her opinion and views expressed in this manuscript are free of any impact of any organizations.


Funding Acknowledgment

Publication of this article is funded by authors.


Rights and Permissions

Copyright: © 2025 Najlaa Flayyih, Mohammed Hasson Ali, Ahmad Fadli and Khaled Aljasmi. This is an open access article distributed under the terms of the Creative Commons Attribution License, (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.


Editors

Managing editor – Mag. Yuliia HartmanEnglish Editor – Julie Bold. Ukrainian language Editor – Lilia Hartman.

References

 

1.    Al-Bahr MK, Protection of Private Life in Criminal Law (Dar Al-Nahda Al-Arabiya 2011).

2.    Beaney WM, ‘The Right to Privacy and American Law’ (1966) 31(2) Law and Contemporary Problems 253.

3.    Bloustein EJ, ‘Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser’ in Schoeman FD (ed), Philosophical Dimensions of Privacy: An Anthology (CUP 1984) 156, doi:10.1017/CBO9780511625138.007. 

4.    Bygrave LA, Data Protection Law: Approaching Its Rationale, Logic, and Limits (Wolters Kluwer 2002).

5.    Carey P, Data Protection: A Practical Guide to UK Law (5th edn, OUP 2018).

6.    Cate FH, Privacy in the Information Age (MM Shehab tr, Al-Ahram Center for Translation and Publishing1999). 

7.    Ding J and Quan X, ‘Legal Challenges in Protecting Personal Information in Big Data Environments’ (SSRN, 5 March 2025) doi:10.2139/ssrn.5166908.

8.    Garrow DJ, Liberty and Sexuality: The Right to Privacy and the Making of Roe v Wade (Macmillan 1994).

9.    Ienca M and Malgieri G, ‘Mental Data Protection and the GDPR’ (2022) 9(1) Journal of Law and the Biosciences lsac006, doi:10.1093/jlb/lsac006.

10. Karman L, ‘The Promise and Peril of Privacy’ (1994) 22(4) Reviews in American History 725, doi:10.2307/2702826.

11. Kodde Cl, ‘Germany’s “Right to be forgotten”’ – between the Freedom of Expression and the Right toInformational Self-Determination’ (2016) 30(1-2) International Review of Law, Computers & Technology 17, doi:10.1080/13600869.2015.1125154.

12. Kuner C, Bygrave LA and Docksey C, The EU General Data Protection Regulation (GDPR): A Commentary (CUP 2020). 

13. Liu X, ‘Legal Dilemma and Outlet of Privacy Protection in the Era of Big Data’ in Huang C, Chan YW and Yen N (eds), 2020 International Conference on Data Processing Techniques and Applications for Cyber-Physical Systems (Advances in Intelligent Systems and Computing 1379, Springer 2021) 775, doi:10.1007/978-981-16-1726-3_95.

14. Lukács A and Váradi S, ‘GDPR-Compliant AI-Based Automated Decision-Making in the World of Work’ (2023) 50 Computer Law & Security Review 1, doi:10.1016/j.clsr.2023.105848.

15. Mayer-Schönberger V and Cukier K, Big Data: A Revolution That Will Transform How We Live, Work, and Think (Houghton Mifflin Harcourt 2013).

16. Miller AR, The Assault on Privacy: Computers, Data Banks, and Dossiers (University of Michigan Press 1971). 

17. Mohamed MAR, The Scope of the Right to Private Life (or Privacy): A Comparative Study (Dar Al-Nahda Al-Arabiya 1994). 

18. Mone and Sivakumar CLV, ‘An Analysis of the GDPR Compliance Issues Posed by New Emerging Technologies’ (2022) 22(3) Legal Information Management 166, doi:10.1017/S1472669622000317.

19. Poullet Y and others, Report on the Application of Data Protection Principles to the Worldwide Telecommunication Networks: Information Self-Determination in the Internet Era: Thoughts on Convention No 108 for the Purposes of the Future Work of the Consultative Committee (T-PD) (Council of Europe 2004). 

20. Rahman HA, Rights and Legal Statuses (Introduction to Civil Law, Dar Al-Fikr Al-Arabi 1975).

21. Roessler B, ‘Privacy as a Human Right’ (2017) 117(2) Proceedings of the Aristotelian Society 187.

22. Schoeman FD (ed), Philosophical Dimensions of Privacy: An Anthology (CUP 1984) doi:10.1017/CBO9780511625138.

23. Shuttuck JHF, Rights of Privacy (To protect these rights, National Textbook Co 1977). 

24. Warren SD and Brandeis LD, ‘The Right to Privacy’ (1890) 4(5) Harvard Law Review 193, doi:10.2307/1321160. 

25. Westin AF, Privacy and Freedom (Atheeum 1967).

26. Wiedemann K, ‘A matter of choice: the German Federal Supreme Court's interim decision in the abuse of dominance proceedings Bundeskartellamt v Facebook (Case KVR 69/19)’ (2020) 51(9) International Review of Intellectual Property and Competition Law 1168, doi:10.1007/s40319-020-00990-3. 

27. Wiedemann K, ‘The ECJ's Decision in Planet 49 (Case C-673/17): A Cookie Monster or Much Ado About Nothing?’ (2020) 51(4) International Review of Intellectual Property and Competition Law 543, doi:10.1007/s40319-020-00927-w.

28. Yanisky-Ravid S, ‘To Read or Not to Read: Privacy Within Social Networks, the Entitlement of Employees to a Virtual Private Zone, and the Balloon Theory’ (2014) 64(1) American University Law Review 53.

Reviews for article

Add a Review

Reviews are moderated and will be published after verification!
All comments not related to reviews of the article will be deleted!

 АНОТАЦІЯ УКРАЇНСЬКОЮ МОВОЮ

 

Дослідницька стаття

 

ПРАВО НА ІНФОРМАЦІЙНЕ САМОВИЗНАЧЕННЯ МІЖ ЗАКОНОДАВСТВОМ ТА ВПРОВАДЖЕННЯМ

 

Найлаа Флайїх*, Могаммед Гассон Алі, Агмад Фаділ та Халед Алджасмі

 

АНОТАЦІЯ

Вступ. Право на інформаційне самовизначення стало ключовим компонентом цифрових прав в епоху штучного інтелекту та великих обсягів даних. Вкорінене в ширшому праві на приватність, це право дозволяє особам контролювати збір, використання та поширення своїх персональних даних. Незважаючи на його визнання в таких документах, як Загальний регламент про захист даних (GDPR), існує значний розрив між правовою базою та її практичним впровадженням. Метою цього дослідження, що зосереджене на європейському праві, є аналіз розбіжностей між законодавчими гарантіями та реаліями правозастосування. Щораз більша складність цифрових технологій та поява нових категорій даних, таких як ментальні дані, кидають виклик як правовим доктринам, так і інституційним можливостям.

Методи. У дослідженні використовується доктринальний правовий аналіз, що спирається на комплексне вивчення положень GDPR, судових прецедентів Суду Європейського Союзу, звітів національних наглядових органів та академічних коментарів. Елементи порівняння застосовані для контекстуалізації європейської системи в межах ширшого міжнародного розвитку. Практичні випадки та моделі нормативно-правового забезпечення використовуються для виявлення прогалин та оцінки ефективності чинних механізмів. Дослідження також містить аналітичну оцінку алгоритмічних середовищ та їхнього впливу на згоду, прозорість та індивідуальну діяльність.

Результати та висновки. Дослідження показує, що хоча GDPR пропонує надійну структуру для захисту персональних даних, його практичному застосуванню перешкоджають структурні, технічні та інтерпретаційні проблеми. Згода часто є неефективною в контекстах, що керуються штучним інтелектом; люди мають труднощі з реалізацією своїх прав, а нормативно-правове забезпечення залишається нерівномірним у різних державах-членах ЄС. У дослідженні увага звертається на необхідність гармонізованої інституційної моделі, вдосконалених інтерфейсів користувача та правового визнання нових типів даних, таких як ментальні дані. Висновок дослідження полягає в тому, що подолання розриву між законодавством та впровадженням вимагає інтеграції правових, технологічних та етичних інструментів у єдину систему, підтверджуючи право на інформаційне самовизначення як наріжний камінь людської гідності в епоху цифровізації.

Ключові слова: захист персональних даних, інформаційне самовизначення, права суб'єкта даних, інформаційна конфіденційність, GDPR.

Keywords

  • personal data protection, informational self-determination, data subject rights, informational privacy, GDPR

Publication history

  •  

    DETAILS FOR PUBLICATION

    Date of submission: 08 May 2025

    Date of acceptance: 02 Jul 2025

    Online First publication: 21 Jul 2025

    Last Publication: 17 Aug 2025

    Whether the manuscript was fast tracked? - No

    Number of reviewer report submitted in first round: 2 reports

    Number of revision rounds: 1 round with minor revisions

    Technical tools were used in the editorial process

    Plagiarism checks - Turnitin from iThenticate https://www.turnitin.com/products/ithenticate/

    Scholastica for Peer Review https://scholasticahq.com/law-reviews

How to cite it?

  •  

    Flayyih N, Hasson Ali M, Fadli A and Aljasmi K, ‘The Right to Informational Self-

    Determination between Legislation and Implementation’ (2025) 8(3) Access to Justice in Eastern Europe 362-89 <https://doi.org/10.33327/AJEE-18-8.3-a000116>

     

    Managing editor     – Mag. Yuliia HartmanEnglish Editor – Julie Bold. Ukrainian language Editor – Lilia Hartman.