Skip to main content
Data Protection by Design and Technology Neutral Law
Computer Law & Security Review (2013)
  • Mireille Hildebrandt, Radboud University Nijmegen
  • Laura Tielemans, Vrije Universiteit Brussel
This article argues that to achieve a technology neutral law, technology specific law is sometimes required. To explain this we discriminate between three objectives, often implied in the literature on technological neutrality of law. The first we call the compensation objective, which refers to the need to have technology specific law in place whenever specific technological designs threated the substance of human rights. The second we call the innovation objective, referring to the need to prevent legal rules from privileging or discriminating specific technological designs in ways that would stifle innovation. The third we call the sustainability objective, which refers to the need to enact legislation at the right level of abstraction, to prevent the law from becoming out of date all too soon. The argument that technology neutral law requires compensation in the form of technology specific law is built on a relational conception of technology, and we explain that though technology in itself is neither good nor bad, it is never neutral. We illustrate the relevance of the three objectives with a discussion of the EU cookie Directive of 2009. Finally we explain the salience of the legal obligation of Data Protection by Design in the proposed General Data Protection Regulation and test this against the compensation, innovation and sustainability objectives.
  • Technology neutral law,
  • Data protection by design,
  • Personal data processing systems,
  • Compensation,
  • Innovation,
  • Sustainability,
  • Legal certainty,
  • Fundamental rights,
  • Non-discrimination
Publication Date
Citation Information
Mireille Hildebrandt and Laura Tielemans. "Data Protection by Design and Technology Neutral Law" Computer Law & Security Review 19 (2013): 509-521. Available at: