PERSONALIZATION BEYOND CONVENIENCE: NAVIGATING PRIVACY AND PERSONAL DATA PROTECTION ISSUES

Abstract

Personalization is widely promoted as a mechanism for enhancing consumer convenience and relevance. Yet, its underlying data practices increasingly raise concerns about individual autonomy and privacy. This article examines how personalization systems operate across personal, non-personal, and inferred data. It argues that these forms of data processing can interfere with informational, decisional, and psychological dimensions of privacy. Building on analysis of European privacy and data protection law and judicial practice, this article highlights conceptual tensions between personalization and the GDPR, particularly regarding the legal status and oversight of inferred and non-personal data. It demonstrates that current data protection safeguards insufficiently address the privacy risks stemming from personalization techniques that influence users’ choices, perceptions, and behaviour without relying solely on personal data processing. With regards to possible harms, this article also analyses personalization as potential automated decision-making under Article 22 GDPR. The article concludes that understanding and mitigating the privacy challenges of personalization requires moving beyond legal definitions of personal data to consider the broader ways in which digital systems shape autonomy and decision-making.