Is free will an illusion? Determinist philosophers might think so. Ancient Greek thinkers Leucippus and Democritus were two of the first to theorise that all processes in the world were due to a mechanical interplay at an atomic level, precluding the idea of human beings exercising any kind of free will in a universe operated by deterministic forces.
Aristotle, however, stated that we have the power to do or not to do, and free will can exist when we are aware of the particular circumstances of our actions. However, he still left unanswered the question of defining the choices we make based on causes outside of our control.
In later centuries compatibilism philosophy took a different tack, arguing that actions can have an outside cause, and still be free, as long as they aren’t coerced.
Thomas Hobbes, of the classical compatibilism school of thought, argued that liberty is the absence of all impediments to action. Immanuel Kant, on the otherhand, went further, arguing free will requires more than just free action – a person must also be free to will a different outcome, in order to exercise true free will.
Now, in 2019, the Dutch data protection authority has also waded into this ancient philosophical debate by clarifying the meaning of free will when it comes to data protection law.
GDPR – data must be freely given
GDPR requires that consent, one of the conditions for processing personal data, be freely given. In defining what this means, GDPR makes some pretty Kantian statements. The regulation implies freely given must mean real power to make a choice, without the person experiencing any pressure to make a decision or suffering any negative consequences as a result.
GDPR even takes into account the balance of power between the data subject and the data controller, essentially banning consent when requested by a more influential party – a public authority or a person’s employer for example. An imbalance of power, GDPR states, precludes the data subject being able to make a free choice, and thus corrupts their ability to exercise free will.
Furthermore, any pressure or influence placed on a person while obtaining their consent proves a lack of free will, and so makes such consent invalid. Thus, when a contract for services demands consent, this is not free will. Even Aristotle would take issue with the false choice offered by many companies in the internet age – if a person must give consent in order to use or access a service, it is not free will they are exercising, but a deterministic action based on causes outside of their control.
The freedom to accept or reject website cookies?
Everyone accessing a website today faces these same philosophical quandaries. Agreeing to accept cookies, the software which tracks users online, is the price of entry to many websites. If you don’t want your cookies tracked, many sites will say, you are free to leave the website and never return.
In March 2019, this was ruled incompatible with the concept of free will as defined in GDPR. Paraphrasing three millenniums of philosophical thought, the Dutch data protection authority said: “permission is not ‘free’ if someone has no real or free choice.”
They went on to say there is no problem with cookie tracking software collecting user data and analysing how visitors use a website, but permission must be sought from the user to do so. Agree or leave is not an example of a free choice. Even the ancient Greeks knew that.
VinciWorks’ GDPR training suite
VinciWorks has a GDPR training suite that enables organisations to train their entire staff on GDPR. From basic training for general staff to modular training that can be instantly customised to suite different roles and industries, VinciWorks has the training to help businesses maintain a high level of GDPR compliance. We will also be releasing new GDPR refresher training and advanced courses shortly. You can register to receive updates on the training here.