Exploring the Synergies between Non-Discrimination and Data Protection: What Role for EU Data Protection Law to Address Intersectional Discrimination?

In the European Union (EU), anti-discrimination policies have developed an intersectional dimension in recent years, the traditional sectorial approach having neglected differences in terms of gender, race, age, social status, ability, sexual orientation, etc., within a given vulnerable or marginalised group. In parallel, European data protection law has been reformed and enriched with new instruments, including the General Data Protection Regulation (GDPR). Considering that the collection and analysis of information that affects oppression dynamics ground the operationalisation of the intersectionality principle, European data protection law could play a pivotal role in enabling it. Nowadays, the GDPR grants specific protection to some special categories of data (which include racial or ethnic origin, genetic data, data concerning health or data concerning a natural person's sex life or sexual orientation, etc.) that, to a certain extent, overlap with the information that ought to be disaggregated in accordance with the intersectionality principle. The processing of these data is forbidden unless one of the exceptions foreseen in Article 9(2) GDPR applies. Yet, are these exceptions framed in a way to promote or undermine intersectionality? And, in general, what is the approach followed by EU data protection law towards intersectional discrimination matters? Building upon a review of data protection and anti-discrimination laws and legal literature, as well as policy documents, this paper will explore the interrelationships between the EU data protection law (in particular, the GDPR) and anti-discrimination law. After briefly sketching the specific challenges raised by intersectional discrimination, it delves into EU data protection law's understanding thereof, and compares the notions of sensitive data and protected grounds. Considering the importance of processing sensitive data to prevent and address (intersectional) discrimination, it will illustrate the rules applicable to sensitive data. It will then question the sufficiency of some of the exceptions ex Article 9(2) GDPR, focusing on the so-called 'substantial public interest exception', deemed the most relevant for intersectionality matters. Finally, it reflects upon the enforcement mechanisms set by the GDPR. [ABSTRACT FROM AUTHOR]