The Concept of ‘Information’: An Invisible Problem in the GDPR

Abstract

Information is a central concept in data protection law. Yet, there is no clear definition of the concept in law – in legal text or jurisprudence. Nor has there been extensive scholarly consideration of the concept. This lack of attention belies a concept which is complex, multifaceted and functionally problematic in the GDPR. This paper takes an in-depth look at the concept of information in the GDPR and offers up three theses: (i) the concept of information plays two different roles in the GPDR – as an applicability criterion and as an object of regulation; (ii) the substantive boundaries of the concepts populating these two roles differ; and (iii) these differences are significant for the efficacy of the GDPR as an instrument of law.