In recent years, data protection has become synonymous with the EU general data protection regulation (GDPR), in force since 2018. However, data protection rules coexist with a number of other regulations that may enhance and complement but also, perhaps, cause confusion. In fact, personal data or sensitive information is – directly or indirectly – protected in many older and newer regulations that do not specifically belong to the area of data protection.
In this chapter we examine data protection from the individual’s perspective, considering him or her as more than just – or at least not only as – a data subject. Our objective is to evaluate not just the GDPR but also the broader legal frameworks which may offer individuals alternative, and sometimes more suitable, protection against a party who processes his or her personal data in a way they find unacceptable. More specifically we will examine which data protection mechanisms can be identified in the areas of tort law and consumer law. We will also examine how the upcoming AI Act and some other related proposals from the Digital Decade Strategy may add to the protection of personal data and the interpretation of the GDPR. In this contribution we will thus discuss how the chosen legal areas relate to rules on data protection, when they overlap and if protection in certain situations is missing despite (or due to) the multitude of possible legal alternatives.