The emerging paradigm of digital vulnerability
In recent decades, the concept of vulnerability has emerged in many post-industrial societies to signify the growing fragility of human beings, economies, infrastructures, and ecosystems in the contemporary world. The notion of ‘vulnerable subject’, in particular, has become a powerful and dynamic concept that explains how all individuals, including those who do not belong to traditionally protected categories, are universally vulnerable due both to their physical bodies and their inevitable dependence on social relationships and institutions (M.A. Fineman, 2008). From the legal perspective, acknowledging the inevitability of our relational and embodied nature (ontological vulnerability), as well as our necessarily situated and unpredictable existence (situational/contextual vulnerability), enable the development of responses that, if not paternalistic or stigmatizing, can link rights, duties, and remedies to the fluid and multi-layered nature of the human being.
In Europe, the idea of vulnerability, and in particular the idea of vulnerability in the digital environment, has entered the domain of private law primarily through debates on consumer protection. In European legal terminology, vulnerability is therefore mainly associated with the state of structural asymmetry of consumers in the digital marketplace and with emerging forms of weakness resulting from the growth of the data- and algorithm-based economy (C. Crea & A. De Franceschi, 2024). This notion of digital vulnerability highlights how the ever-increasing power of technology to collect data and channel customer behavior has favored corporate strategies – such as data harvesting and data mining, dark patterns, targeted advertising, price optimization, and algorithmic personalization – that pose high risks of harm, along with new forms of consumer commodification in the context of digital consumption (C. Leone, 2022). For this reason, many scholars argue that online strategies targeting consumer vulnerability should be banned altogether or automatically considered unfair (H-W. Micklitz et al., 2024; C. Riefa, 2022). Some have even proposed establishing a presumption that all consumers are vulnerable in the digital realm (N. Helberger et al., 2021).
Blindspots in the European legal discourse. The digitally vulnerable subject beyond the consumer/trader divide
There is no doubt that the complex genealogy of the notion of digital vulnerability, along with its multidisciplinary and multidimensional nature, contributes to critically deconstructing, fragmenting, and reshaping new images of the consumer. From such a perspective, the idea of digital vulnerability has the potential to extend protection to the so-called under-average consumer and to challenge some of the conventional paradigms arising from the EU neoliberal approach to consumer protection (L. Kramer, 2021), the ‘original ambivalence of the European integration project’ (M. Bartl, 2014), and the increasingly powerful underlying ‘spell’ of the internal (digital) market (D. Caruso, 2012). Under this spell, dominant EU narratives and legal policies continue to assume that individuals ought to be (digital) market actors. From this perspective, consumers essentially aim to buy goods or services (mostly online) and are rights holders deserving protection insofar as they engage in acts of consumption. The (digital) market thus becomes the sole environment in which human beings, and occasionally the many facets of their vulnerability, can gain legal visibility. This process of ‘prisoning’ persons within the market and exploiting them to achieve new digital market goals in a more globalized scenario is coupled with victimization strategies, where consumers need to be protected from tech providers/deployers/corporations, and empowered with new informational, (sometimes) procedural, and (rarely) substantive rights.
By relying on these assumptions, European debate on consumer digital vulnerability misses a substantial part of the picture. While the lion’s share of toxic interactions in the digital realm is undoubtedly managed by service providers that exploit people’s vulnerability, this focus on consumers obscures all forms of (exploitation of) vulnerability that occur in digital relationships with no (or at least an) unclear commercial character. Some of this exploitation occurs in asymmetrical relationships, while other forms involve peer-to-peer (an EU-minded consumer lawyer would say ‘C2C’) relationships: suffice it to recall the various scams, fake news, cyber-bullying, revenge porn, social media shitstorms, disinformation campaigns, fake news spreading, and dangerous challenges on TikTok. In all these situations, the binary opposition between ‘vulnerable consumer’ vs ‘trader’ does not adequately address the complexity of human interactions in the digital ecosystems. The idea of consumer vulnerability does not cover all the many possible sources and layers of asymmetry, injustice, and inequality that can affect human beings far outside the traditional categories of vulnerable subjects such as minorities, minors, the elderly, and the disabled, as mentioned in the EU’s Charter of Fundamental Rights) and that may coexist with the imbalance of power in digital interactions. Despite apparent legal consensus on the challenges ‘digitization’ poses to human rights, and despite the EU agenda for digital fairness, the EU’s current recipe still relies on a formal, market-based dichotomy that does not capture the many fragmentations of the subjectivity and does not take into account the inherent intersectionality of digital vulnerability (G. Malgieri, 2023). As such, the current approach remains unable to effectively achieve equality and social justice on the one hand, and to overcome the abuse of consumerism and the dominant logic of capital on the other hand (K. Pistor, 2019).
A strategic case: from digital interdependency to digital fairness among human beings
A perhaps extreme case of interpersonal and social injustice may help to illustrate the above-mentioned gaps in European legal discourse, revealing its blindness to certain issues and the urgency of finding solutions.
Amine Khelif’s victory in a boxing match against Angela Carini at the 2024 Paris Olympics ignited a global debate fueled by accusations regarding Khelif’s gender identity and fairness in sports. Despite complying with IOC regulations, Khelif became the victim of a wave of transphobic and sexist abuse online. The controversy, amplified by public figures such as J.K. Rowling (whose comments on X received more than 11.8 million views), highlighted wider issues of social injustice and discrimination. In response, Khelif filed a legal complaint against social media platforms, prompting an official investigation into hate crimes and cyber harassment in France.
Khelif’s case demonstrates at least three crucial issues. First, digital vulnerability is universal and particular, since it affects everybody, it never (or very rarely) exists in isolation, and it very often combines and intersects with other multi-layered causes of vulnerability. Second, digital vulnerability is invariably explored in B2C relationships, but may be exploited even outside of a commercial (or of a state-citizen) relationship. Third, digital vulnerability is often abused (needless to say: thanks to the intermediation of search engines, platforms and social media) by other human beings.
This brings us to a paradox that is inextricably associated with the human condition in the digital sphere beyond the structural asymmetrical field of commercial transactions, i.e., the opposition between dependence and independence, between vulnerability and autonomy. In the digital context that exists beyond commercial relationships, individuals enjoy both a reduced level of autonomy (‘hypo-autonomy’, compared with the hyper-autonomy of companies), and broad agency in their peer-to-peer relationships with other individuals (I. Domurath, 2024).
On the one hand, people’s hypo-autonomy stems from their subjection to the online architecture/design, business strategy and private governing power of digital service providers. Under the current EU framework (such as the Unfair Commercial Practice Directive and Digital Service Act), digital service providers are required to take appropriate measures to assess and reduce the risk of injuries regarding individuals, but are also largely immune from liability when harm occurs. Under this legal framework, people matter insofar as they are consumers (and occasionally vulnerable consumers) who deserve protection within the universe of consumption or, at best, post-consumption (M. Grochowski, 2024).
On the other hand, human beings enjoy a broad freedom/power of action that allows them to misuse and weaponize their access to digital tools – more or less consciously – against their digitally vulnerable peers, such as in the case of the shitstorm of fake news that hit Khelif. This broad freedom/power of action is often strengthened by the anonymity provided by the use of online avatars and the crowd of other abusers. This is the core and conundrum of digital vulnerability of persons: everyone is, at the same time, both digitally vulnerable (hypo-autonomous) and digitally autonomous when interacting with other individuals since anyone can cause harm to their peers (and, in turn, be harmed by them). This form of coincidentia oppositorum (G. Teubner, 2003) arising from the complex notion of digital vulnerability generates new and complex power dynamics that we can better explain in terms of the interdependency of digital vulnerability. Drawing on the concept of intersectionality, which travelled from US to Europe and is one aspect of the agenda for a more radical approach to European private law (K. Crenshaw, 1989; M. Hesselink & T.S. Len, 2024), the interdependency of digital vulnerability is meant to signify the importance of human beings beyond their consumer status, the intersectional character of digital vulnerability, and the circumstance that, in the digital world, all human beings are potentially both agents and victims of abuse. A notion of digital fairness that extends beyond the traditional consumer-victim paradigm must embrace the interdependency of digital vulnerability.
Taking digital vulnerability seriously in private law: no rights without duties
Faced with these theoretical assumptions, the crucial question is this: What is to be done? What can private law do to effectively recast digital vulnerability?
In our view, there is little doubt that the obligations of digital service providers should be extended well beyond the current limits of the EU legal framework. Digital service providers are the first and foremost offenders of the vulnerability of the masses, and, as such, should be prevented from continuing to profit from the structural power asymmetry of their position.
But strengthening the obligations and the rules regarding the liability of digital service providers is only part of the solution. If we embrace the idea that all human beings are digitally vulnerable and have the right not to be abused, we also need to assume that all (digitally vulnerable) individuals owe a duty of care to their peers when interacting in the digital context. Such a duty of care implies the obligation to respect and protect others and their dignity from moral, economic, and social harm within the digital ecosystem. It should co-exists with (neither excusing nor diminishing) the liability of digital service providers that enable peer-to-peer abuses to occur.
In other words, implementing digital solidarity and pursuing social justice and equality in European private law should require the (universal and particularistic) digital vulnerability of all human beings to be protected, as well as the recognition of obligations and duties on both the corporate actors that govern and shape digital ecosystems and online architectures and all the members of society who use digital technologies. Of course, since “all individuals are vulnerable […] but some individuals have more layers of vulnerability” than others, both the legal safeguards and the duties must be proportional to the “quantity and quality of layers” (G. Malgieri & J. Niklas, 2020). Defining how this could happen exceeds the scope of this entry, yet, in our opinion, defining how this might happen is a task that the agenda for a new private law could, and actually should, address.
Art by Tomoko Nagao
Il quarto stato with motta, campari, pirelli, armani, prada, chicco, alitalia and visa at piazza duomo
2016 Digital contents
© 2024 TOMOKO NAGAO
