Informational Self-Determination: A Convincing Rationale for Data Protection Law? Thouvenin Florent European data protection law rests on the assumption that individuals should have control of personal data about them. This control is often labelled “informational self-determination”. The idea of informational self-determination sounds con-vincing and promising at first. However, a closer look reveals that this idea can hardly serve as a convincing rationale for the European approach to data protec-tion law which aims to regulate all processing of personal data by government agencies and private actors. Rather, an important distinction must be made. Informational self-determination may well be the underlying rationale of the fun-damental right to the protection of personal data as enshrined in Art. 8 of the Charter of Fundamental Rights of the European Union and it may even be quali-fied as a fundamental right in itself. Acknowledging such a fundamental right, however, only means that the state may not require citizens to provide infor-mation about themselves and government agencies may not use such information without a sound legal basis. But since private actors are not bound by fundamen-tal rights, it does not entail that the relation between private actors should be based on the idea of informational self-determination. In fact, a closer look at the most important provisions of the GDPR reveals that only some of them can be based on the idea of control or informational self-determination. Most importantly and contrary to a widespread assumption, most data processing of private actors is not based on data subjects’ consent but on the legitimate interests of the controller. The relation between data subjects and private actors, namely businesses that process personal data about their customers, is therefore hardly ever based on exercising informational self-determination. This factual finding is supported by a normative analysis which demonstrates that the idea of informational self-determination can hardly be reconciled with the principle of private autonomy and the resulting need to provide a justification for the granting of a right that allows one private actor to control the activity of another. If one acknowledges that all social interaction is based on the processing of personal data, that most individuals have little interest in exercising control of personal data about them, and that data is a public good, it is hard to find a convincing reason for the granting of a right to informational self-determination which should govern the relation between private actors. Thus, while informational self-determination may be acknowledged as a fundamental right, it cannot serve as a convincing rationale for an all-encompassing regulation of the pro-cessing of personal data by private actors. Data Protection Law Informational Self-Determination Privacy Protection against Harms Rationale 340 periodical academic journal JIPITEC 12 4 2021 246 256 2190-3387 urn:nbn:de:0009-29-54098 http://nbn-resolving.de/urn:nbn:de:0009-29-54098 thouvenin2021