The Digital Services Act and Vulnerability: how Vulnerability is Defined by Digital Regulations in the EU

Abstract

Any discussion on legislation relating to digital services and data management is incomplete without an understanding of vulnerability, and vulnerable individuals. It appears to have been the case that a new vernacular is taking hold to define vulnerability within laws, one that is often governed by power imbalances between service providers and users in question. Previously, our understanding of vulnerability was informed by philosophy, wherein vulnerability was defined along the lines of an enlarged sense of self and self-interest. Vulnerability has now come to embody a variety of different definitions, informed by multiple disciplines such as ethics, sociology, law, and politics to name a few. Technologies, today, are being adopted at an unprecedented rate. This unguarded proliferation presents tremendous opportunities for the growth and development of humanity on the one hand, but on the other, mar to human rights, and the general understanding of the rule of law. The General Data Protection Regulation (GDPR) astutely recognised the need to protect individuals against the changing modalities of human interactions. However, it faced some difficulty in choosing a definition for vulnerability that would be equally applicable to all individuals in society.

With the aforementioned issues in mind, the key aim of this article is to highlight the lacuna in the safety net afforded by legislation concerning protections for users and their fundamental rights, to then assess areas for improvement. The article will begin by exploring the different theories for describing vulnerable groups that have been put forward by scholars from a variety of disciplines. The article will then situate 'vulnerable groups' in the context of digital regulation by discussing how the GDPR, and EU Law, in general, have defined vulnerability. The article will then analyse whether a similar interpretation can be applied when discussing the Digital Services Act to identify vulnerable groups and the extent of the protections that will be offered to the same. The article aims to ultimately identify the most appropriate vernacular for digital regulations to enhance the level of protection offered in relation to vulnerability in users.