On 22 September Professor Hildebrandt presented her reply to the keynote of Professor Nadya Purtova, during the international Beyond Data Protection Conference at Utrecht University (based on Purtova’s ERC project). Hildebrandt discussed the need to steer free from the harm-approach to fundamental rights impact assessments, reminding the audience that the Court of Justice of the European Union takes a violation-approach. To establish a violation we need not prove harm. Fundamental rights are part of international constitutional law, and the approach to assessing potential impact should not be framed on e.g. tort law (where harm caused is a condition) or on utilitarian ideology (based on the harm-principle and cost-benefit analyses). Whereas Anglo-American legal theory is ‘marinated’ in a utilitarian approach, European legal theory takes the violation of rights seriously as an independent criterion for fundamental rights impact assessments. Hildebrandt also recalled the fact that the GDPR protects not only data subjects, but - as stipulated in art. 1, 24, 25, 32 and 35 - requires that controllers foresee potential impact for natural persons.
You can access her slides here.