Against Data Fixation: why “Data” Fails as a Regulatory Target for Data Protection Law and What to Do About It

Nadya Purtova; Bryce Newell

doi:10.1093/ojls/gqaf038

Against Data Fixation: why “Data” Fails as a Regulatory Target for Data Protection Law and What to Do About It

Nadya Purtova
, Bryce Newell

Research output: Contribution to journal › Article › Academic › peer-review

Abstract

This article critiques the fixation on data as an object of regulation for addressing a broad range of digital problems. We challenge the idea that data are always the appropriate regulatory targets for addressing information-related problems, specifically in the context of data protection and the General Data Protection Regulation (GDPR). The GDPR tackles a broad range of digital problems by regulating personal data. This results in regulatory imprecision. Framing digital problems as (personal) data problems often does not reflect the causal processes law aims to control, pre-empts modernising traditionally non-digital legal domains, such as consumer and labour law, and distracts from what is really problematic and in need of regulatory intervention. Drawing on theories of regulation and information, we distinguish between two different causal processes underlying information-induced problems: semantic (meaning-driven) and syntactic (meaning-agnostic). We propose a roadmap for improving legal protection against information-related problems.

Original language	English
Article number	gqaf038
Journal	Oxford Journal of Legal Studies
Early online date	27 Nov 2025
DOIs	https://doi.org/10.1093/ojls/gqaf038
Publication status	E-pub ahead of print - 27 Nov 2025

Funding

This article reports on the results of the project 'Understanding Information for Legal Protection of People against Information-Induced harms' ('INFO-LEG'). This project received funding from the European Research Council (ERC) under the EU's Horizon 2020 research and innovation programme (grant agreement No 716971). The article reflects only the authors' views, and the ERC is not responsible for any use that may be made of the information it contains. The funding source had no involvement in study design, the collection, analysis and interpretation of data, the writing of the report or the decision to submit the article for publication. Earlier versions of this argument were presented at, among others, the 2nd INFO-LEG Expert Workshop, Utrecht, 17-18 November 2022; the CPDP conference, Brussels, 25 May 2023; the Beyond Data Protection Conference, Utrecht, 21-22 September 2023; the Knut Selmer Memorial Lecture, University of Oslo, 15 November 2023; and the CIPIL Spring Conference, University of Cambridge, 22 March 2024. We would like to thank Michael Veale, Orla Lynskey, Laurence Diver, David Erdos, Thomas Streinz, Julie Cohen, Mireille Hildebrandt, Ronald Leenes and other colleagues and participants of the workshop and/or the conferences for their valuable comments and critique, which allowed us to sharpen our analysis. We are also grateful to the anonymous reviewers for their careful reading of the article and useful suggestions.

Funders	Funder number
European Research Council (ERC) under the EU	716971

Access to Document

10.1093/ojls/gqaf038

Cite this

@article{81ef2345e45c498c894dd5a14dd3a220,

title = "Against Data Fixation: why “Data” Fails as a Regulatory Target for Data Protection Law and What to Do About It",

abstract = "This article critiques the fixation on data as an object of regulation for addressing a broad range of digital problems. We challenge the idea that data are always the appropriate regulatory targets for addressing information-related problems, specifically in the context of data protection and the General Data Protection Regulation (GDPR). The GDPR tackles a broad range of digital problems by regulating personal data. This results in regulatory imprecision. Framing digital problems as (personal) data problems often does not reflect the causal processes law aims to control, pre-empts modernising traditionally non-digital legal domains, such as consumer and labour law, and distracts from what is really problematic and in need of regulatory intervention. Drawing on theories of regulation and information, we distinguish between two different causal processes underlying information-induced problems: semantic (meaning-driven) and syntactic (meaning-agnostic). We propose a roadmap for improving legal protection against information-related problems.",

author = "Nadya Purtova and Bryce Newell",

year = "2025",

month = nov,

day = "27",

doi = "10.1093/ojls/gqaf038",

language = "English",

journal = "Oxford Journal of Legal Studies",

issn = "0143-6503",

publisher = "Oxford University Press",

}

TY - JOUR

T1 - Against Data Fixation: why “Data” Fails as a Regulatory Target for Data Protection Law and What to Do About It

AU - Purtova, Nadya

AU - Newell, Bryce

PY - 2025/11/27

Y1 - 2025/11/27

N2 - This article critiques the fixation on data as an object of regulation for addressing a broad range of digital problems. We challenge the idea that data are always the appropriate regulatory targets for addressing information-related problems, specifically in the context of data protection and the General Data Protection Regulation (GDPR). The GDPR tackles a broad range of digital problems by regulating personal data. This results in regulatory imprecision. Framing digital problems as (personal) data problems often does not reflect the causal processes law aims to control, pre-empts modernising traditionally non-digital legal domains, such as consumer and labour law, and distracts from what is really problematic and in need of regulatory intervention. Drawing on theories of regulation and information, we distinguish between two different causal processes underlying information-induced problems: semantic (meaning-driven) and syntactic (meaning-agnostic). We propose a roadmap for improving legal protection against information-related problems.

AB - This article critiques the fixation on data as an object of regulation for addressing a broad range of digital problems. We challenge the idea that data are always the appropriate regulatory targets for addressing information-related problems, specifically in the context of data protection and the General Data Protection Regulation (GDPR). The GDPR tackles a broad range of digital problems by regulating personal data. This results in regulatory imprecision. Framing digital problems as (personal) data problems often does not reflect the causal processes law aims to control, pre-empts modernising traditionally non-digital legal domains, such as consumer and labour law, and distracts from what is really problematic and in need of regulatory intervention. Drawing on theories of regulation and information, we distinguish between two different causal processes underlying information-induced problems: semantic (meaning-driven) and syntactic (meaning-agnostic). We propose a roadmap for improving legal protection against information-related problems.

U2 - 10.1093/ojls/gqaf038

DO - 10.1093/ojls/gqaf038

M3 - Article

SN - 0143-6503

JO - Oxford Journal of Legal Studies

JF - Oxford Journal of Legal Studies

M1 - gqaf038

ER -

Against Data Fixation: why “Data” Fails as a Regulatory Target for Data Protection Law and What to Do About It

Abstract

Funding

Access to Document

Fingerprint

Cite this