PRIVACY NUTRITION LABELS VS. PRIVACY DYNAMIC TARGETING - Ex-ante and ex-post models for the administration of privacy information and the exercise of data subject rights

While the static ex-ante model, like the one developed by Apple with the Privacy Nutrition Labels, is still anchored to traditional information administration criteria (even if in innovative and creative ways) and risks collateral effects on the free economic initiative and freedom of expression of developers, the dynamic ex-post model adopted by other operators seems to offer a clearer idea of the future of privacy. The algorithms in this sense could be the antidote to themselves. Our proposal is to direct the potential of the use of algorithms, if developed in an intelligent way, toward different purposes with respect to those typically commercial or statistical, making the personalised profiling of data subjects more pro-privacy through a sort of behavioural targeting intended to favour greater uniformity in the experience of the various virtual spaces visited by browsers. This way, for example, if site x registers an objection to processing, this objection is also proposed in site y so as to ensure that the experience effectively and organically adheres to the privacy preferences expressed by the data subject. We could define this kind of initiative as Privacy Dynamic Targeting: Apps and websites dynamically “follow” or, better, “accompany” data subjects, analysing their behaviour and recording their preferences (also) with the purpose of uniformly ensuring their informational self-determination in each of the digital scenarios they encounter. The effect in these cases would be that of systematically and coherently personalising the privacy-information experience to the advantage of the data subjects. By exploiting algorithms as an antidote to algorithms, Privacy Dynamic Targeting would give rise to a type of personal data processing that could well find its roots in the legitimate interest of the controller and interested third parties as per article 6 (1)(f) of the GDPR. By abandoning the concept of the privacy information notice as a singular, static summary of information on the processing of personal data (as we find in nutrition labels, or, continuing the metaphor, in a static menu abstractly describing ingredients and dishes), the dynamic ex-post model disaggregates the information and releases it precisely in the digital spaces where the processing effectively takes place (as would be the case, continuing the nutritional metaphor, of a waiter describing the qualities and characteristics of the dishes as they’re being served, in real time). In the future, the dynamic ex-post model could evolve further and develop in at least two directions. One could involve the use of algorithms not already serving typically commercial or statistical purposes, for profiling data subjects according to the privacy preferences expressed in the various digital spaces they visit, thereby ensuring uniformity in their digital self-determination. This corresponds to the Privacy Dynamic Targeting. The other could involve combining the information functions with the functions for the exercise of the rights provided for under articles 15-22 of the GDPR, which could finally turn the concept of privacy into something live and interactive.