Since the mid 1990s, lawmakers and scholars have worked on the idea of embedding data protection safeguards in information and communication technology (ICT) with the aim to access and control personal data in compliance with current regulatory frameworks. This effort has been strengthened by the capacities of computers to draw upon the tools of artificial intelligence (AI) and operations research. However, work on AI and the law entails crucial ethical issues concerning both values and modalities of design. On one hand, design choices might result in conflicts of values and, vice versa
, values may affect design features. On the other hand, the modalities of design cannot only limit the impact of harm-generating behavior but also prevent such behavior from occurring via self-enforcement technologies. In order to address some of the most relevant issues of data protection today, the paper suggests we adopt a stricter, yet more effective version of “privacy by design.” The goal should be to reinforce people’s pre-existing autonomy, rather than having to build it from scratch.