Data protection: a risk regulation? Between the risk management of everything and the precautionary alternative

This contribution studies the links between data protection and the notion of risk. It enriches trad- itional data protection legal scholarship with insights from the risk and regulation literatures.
The first movement is an analysis of data protec- tion as a legal framework for the regulation of risks, as opposed to classical explanations in terms of informational privacy.
The second movement tries to link an under- standing of data protection as risk regulation with the so-called risk-based approach. The hypothesis put forth is that such articulation is underpinned by the shift from the regulation of risk to the regu- lation through risk (the risk management of everything). A discussion of the main dangers and shortcomings of this approach follows.
The last movement mobilizes the precautionary principle as an alternative. If data protection is a risk regulation, then it can allow for alternative approaches to the regulation of risks. And if yes, how? Tentative answers are provided.

Keywords:Data Protection, Risk-based approach, Precautionary Principle