In our exploration of the future of data protection, we begin our analysis with a look at historic patterns of discrimination in order to get a clear look at what the future might hold for data protection. As the past and present inform the future, we proceed with the current and upcoming EU legislation concerning current data practices: the GDPR, the DMA and DSA, as well as the draft AI Act, AI Liability Directive and Platform Workers Directive. We ultimately find that this regulation does not sufficiently address the market incentives underlying many of the current harmful data practices. Instead, we argue that for a better future a more systemic approach is required and that the law has to address infrastructures as well as service providers/manufacturers directly, as this is where informational power concentrates. Yet, it is also paramount to realise that the (data protection) law alone cannot fix the systemic failures created by market dynamics. In conclusion, we argue that in order to break the spiralling cycles of trying to fix harmful technologies after large players have started to gain immense profits, we need a more fundamental shift in these financial incentives.
Keywords: GDPR, design justice, big tech, Fundamental Rights Impact Assessment