File Download
Supplementary
-
Citations:
- Appears in Collections:
postgraduate thesis: From consent to accountability : reforming data protection laws
| Title | From consent to accountability : reforming data protection laws |
|---|---|
| Authors | |
| Issue Date | 2024 |
| Publisher | The University of Hong Kong (Pokfulam, Hong Kong) |
| Citation | Song, R. [宋瑞峰]. (2024). From consent to accountability : reforming data protection laws. (Thesis). University of Hong Kong, Pokfulam, Hong Kong SAR. |
| Abstract | Consent is widely seen as the cornerstone of data protection laws. Yet reliance on consent attracts much criticism because consent from data subjects is rarely informed or voluntary and can easily be manipulated in the digital context. Existing studies have not adequately addressed the theoretical valorization of consent with its practical deficiencies. If the defects of consent are inherent, then its role in data protection laws should be re-evaluated. To address this issue, this thesis explores the following question: How can consent be appropriately approached in data protection laws and what reforms should be undertaken to better safeguard data privacy?
The thesis uses historical research, doctrinal study, content analysis, and comparative studies to answer the question. Based on the research findings, the argument put forward is twofold. Firstly, consent should not be considered the cornerstone of data protection laws. While it should be retained in the laws for its residual value under certain circumstances, it should not be relied upon as the primary mechanism for protecting data privacy. Secondly, the focus of data protection laws should shift from securing individuals’ consent to enhancing data controllers’ accountability because this is the only feasible means to defend individual privacy given the growing power disparity between data subjects and data controllers.
While global data protection laws already seek to strengthen controllers’ responsibility through a series of technical and organizational mechanisms, the rationale behind some of these mechanisms remains problematic and they risk falling short of their goals. To make controllers truly accountable, the laws should adopt a holistic approach to risk assessment in data processing and enforce ex post transparency, requiring controllers to reveal their actual data processing practices and data protection measures. While the specific details of such reform may differ across jurisdictions, the underlying principle is applicable to the EU, the US, and China given the converging features of their data protection laws. Overall, the thesis contributes to the existing literature by proposing risk-based and transparency-based reforms to strengthen controller accountability as the ultimate reform for data protection laws. |
| Degree | Doctor of Philosophy |
| Subject | Data protection - Law and legislation |
| Dept/Program | Law |
| Persistent Identifier | http://hdl.handle.net/10722/353394 |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Song, Ruifeng | - |
| dc.contributor.author | 宋瑞峰 | - |
| dc.date.accessioned | 2025-01-17T09:46:17Z | - |
| dc.date.available | 2025-01-17T09:46:17Z | - |
| dc.date.issued | 2024 | - |
| dc.identifier.citation | Song, R. [宋瑞峰]. (2024). From consent to accountability : reforming data protection laws. (Thesis). University of Hong Kong, Pokfulam, Hong Kong SAR. | - |
| dc.identifier.uri | http://hdl.handle.net/10722/353394 | - |
| dc.description.abstract | Consent is widely seen as the cornerstone of data protection laws. Yet reliance on consent attracts much criticism because consent from data subjects is rarely informed or voluntary and can easily be manipulated in the digital context. Existing studies have not adequately addressed the theoretical valorization of consent with its practical deficiencies. If the defects of consent are inherent, then its role in data protection laws should be re-evaluated. To address this issue, this thesis explores the following question: How can consent be appropriately approached in data protection laws and what reforms should be undertaken to better safeguard data privacy? The thesis uses historical research, doctrinal study, content analysis, and comparative studies to answer the question. Based on the research findings, the argument put forward is twofold. Firstly, consent should not be considered the cornerstone of data protection laws. While it should be retained in the laws for its residual value under certain circumstances, it should not be relied upon as the primary mechanism for protecting data privacy. Secondly, the focus of data protection laws should shift from securing individuals’ consent to enhancing data controllers’ accountability because this is the only feasible means to defend individual privacy given the growing power disparity between data subjects and data controllers. While global data protection laws already seek to strengthen controllers’ responsibility through a series of technical and organizational mechanisms, the rationale behind some of these mechanisms remains problematic and they risk falling short of their goals. To make controllers truly accountable, the laws should adopt a holistic approach to risk assessment in data processing and enforce ex post transparency, requiring controllers to reveal their actual data processing practices and data protection measures. While the specific details of such reform may differ across jurisdictions, the underlying principle is applicable to the EU, the US, and China given the converging features of their data protection laws. Overall, the thesis contributes to the existing literature by proposing risk-based and transparency-based reforms to strengthen controller accountability as the ultimate reform for data protection laws. | - |
| dc.language | eng | - |
| dc.publisher | The University of Hong Kong (Pokfulam, Hong Kong) | - |
| dc.relation.ispartof | HKU Theses Online (HKUTO) | - |
| dc.rights | The author retains all proprietary rights, (such as patent rights) and the right to use in future works. | - |
| dc.rights | This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. | - |
| dc.subject.lcsh | Data protection - Law and legislation | - |
| dc.title | From consent to accountability : reforming data protection laws | - |
| dc.type | PG_Thesis | - |
| dc.description.thesisname | Doctor of Philosophy | - |
| dc.description.thesislevel | Doctoral | - |
| dc.description.thesisdiscipline | Law | - |
| dc.description.nature | published_or_final_version | - |
| dc.date.hkucongregation | 2025 | - |
| dc.identifier.mmsid | 991044897477103414 | - |