Abstract

The emergence of big data and machine learning has allowed sellers and online platforms to tailor pricing for customers in real-time, but as many legal scholars have pointed out, personalised pricing poses a threat to the fundamental values of privacy and non-discrimination, raising legal and ethical concerns. However, most of those studies neglect affinity-based algorithmic pricing, which may bypass the General Data Protection Regulation (GDPR). This paper evaluates current data protection law in Europe against online algorithmic pricing. The first contribution of the paper is to introduce and clarify the term “online algorithmic pricing” in the context of data protection legal studies, as well as a new taxonomy of online algorithmic pricing by processing the data types. In doing so, the paper finds that the legal nature of affinity data is hard to classify as personal data. Therefore, affinity-based algorithmic pricing is highly likely to circumvent the GDPR. The second contribution of the paper is that it points out that even though some types of online algorithmic pricing can be covered by the GDPR, the data rights provided by the GDPR struggle to provide substantial help. The key finding of this paper is that the GDPR fails to apply to affinity-based algorithmic pricing, but the latter still can lead to privacy invasion. Therefore, four potential resolutions are raised, relating to group privacy, the remit of data protection law, the ex-ante measures in data protection, and a more comprehensive regulatory approach.