Chapter II has discussed both the current and the original privacy and data protection paradigm. In broad strokes, it signaled a shift on four points, by contrasting the ‘original’ with the ‘current’ approach – both were presented in idealized form. First, there has been a shift away from protecting privacy through duties of care and doctrines based on the abuse of power, and towards granting subjective rights to natural persons. Second, there has been a shift away from the protection of general and societal interests and towards an, almost exclusive, focus on the protection of personal interests of natural persons. Third, there has been a shift away from a more fundamental, rule-of-law-based perspective when determining the outcome of privacy cases and towards adopting the method of balancing as a standard approach. Fourth and finally, there has been a shift away from an approach which combined legal and ethical forms of regulation, and towards a paradigm which almost exclusively focuses on legal regulation and black letter law.
Chapter III showed how the current privacy paradigm conflicts with new technological developments, such as, for example, Big Data processes. First, it showed that claiming individual rights is increasingly difficult for natural persons in the age of Big Data. Second, it stressed that these types of processes increasingly go beyond individual interests, and instead tend to affect general and societal interests. Third, it pointed out that the method of balancing is oft en difficult to apply in cases concerning Big Data processes. Fourth, it argued that solely relying on black letter law does not allow for an adequate regulation of Big Data processes. Chapter III also showed that alternatives to the current privacy paradigm have been developed, both in the literature and in case law. Although some of these alternatives are insightful and provide useful building blocks, they do not lay down a fully developed and theoretically grounded alternative privacy paradigm that overcomes the difficulties faced by the current privacy paradigm.
Chapter IV argued that such a foundation may be found by turning to virtue ethics, especially through its reinterpretation by Lon L. Fuller. This chapter demonstrated that a virtue-based approach may provide alternatives to each of the four points mentioned. Virtue ethics does not focus on the rights of the patient, the data subject, but on the obligation on the agent to be virtuous, in this case the state.