EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Is the GDPR efficient in protecting EU citizens against the privacy risks raised by social media?

Caroline Doulcet
Additional contact information
Caroline Doulcet: Oerlikon, Switzerland

Journal of Data Protection & Privacy, 2025, vol. 7, issue 4, 331-345

Abstract: The General Data Protection Regulation (GDPR) was adopted for a noble cause: protecting European Union (EU) citizens’ privacy and the EU social model founded on the values of dignity, freedom, democracy, equality, the rule of law and respect for human rights. Thanks to the magnitude of its fines, the GDPR attracted much attention from media, companies and legislators far beyond the EU and greatly helped expand the protection of personal data worldwide. Seven years after coming into force, however, it appears that the GDPR has failed to stop social media from massively tracking EU citizens’ online activity, monetising their privacy and personal data, exploiting their vulnerabilities and manipulating them for commercial and political purposes. This paper aims to demonstrate that the GDPR failure is mainly due to: (1) an individualist approach to data protection; (2) the absence of any absolute prohibition; (3) the concept of lawfulness conceived as mere procedural exercise; (4) the tendency of the EU supervisory authorities and legislators to prioritise individual consent as the GDPR’s legal basis for online social media behavioural advertising activities, despite its inability to efficiently protect individuals’ and collective democratic rights and values; (5) insufficient use of the overarching fairness principle to draw red lines from the outset; and (6) inefficient EU data protection authorities’ enforcement strategy towards social media. The GDPR should be amended to adopt another paradigm focused on a risk-based approach that considers collective interests, such as the EU regulation on artificial intelligence (AI). Although the European Commission (EC) has not proposed any amendment to the GDPR following its reports on GDPR application in 2020 and 2024, it seems urgent to make these changes given the geopolitical context and the omnipotence of social media in the US. Moving away from an individualist vision of data protection will help put an end to the overreliance on consent for digital services and personalised online advertising. This paper is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.

Keywords: social media; manipulation; GDPR; consent behavioural advertising; EU AI Act (search for similar items in EconPapers)
JEL-codes: K2 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/9477/download/ (application/pdf)
https://hstalks.com/article/9477/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2025:v:7:i:4:p:331-345

Access Statistics for this article

More articles in Journal of Data Protection & Privacy from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-06-19
Handle: RePEc:aza:jdpp00:y:2025:v:7:i:4:p:331-345