Abstract
Ethics is seen as a critical resource for data law. But beyond this almost slogan-like truism, the exact functions which ethics might play in data law are often left unclear. This contribution clarifies the ways in which data ethics and data law are intertwined and, on this basis, offers guidelines for practitioners in terms of interpreting the GDPR. Two types of norms allow for modulation between the law and ethics of data. The first type of norms is the ‘principles’ of the GDPR. Ethical resources can be used for the interpretation of these norms using a Rawlsian reflective equilibrium approach. The second type of norms is evaluative judgment norms, the most well-known of which derive from the characteristically risk-based responsibility that the GDPR bestows on controllers. For these evaluative norms, ethical resources could be used in three different functions: as a tool for the identification and assessment of risks, as a resource for improving data controller processes, and as the basis for the codes of conduct foreseen by the GDPR. These three potential modulations between ethics and the law of data help controllers of data make sense of their responsibilities in light of the GDPR’s requirements.
OUP accepted manuscript