Maja Nisevic

Maja Nisevic
Maja Nisevic


Maja Nisevic was born in Vlasenica, Bosnia and Herzegovina in 1985. She finished Bachelor and Master studies in Belgrade at the Faculty of Law. After Bachelor and Master degree, she started with PhD studies in Vienna, Austria. However, after 3 years, she proposed her final PhD research related to the legal problems of block chain technologies under the regime of the General Data Protection Regulation and successfully identified relevant issues in this domain.  In the meanwhile, she was working as Assistant Attorney General. Currently, she is a first year PhD student at the Department of Law at the University of Verona. Main areas of her research are personal and non-personal data in the context of Big Data Analytics, Big Data Age in the context of European Union Law, profiling consumers through Big Data Analytic and interplay between GDPR and Unfair Commercial Practices Directive etc.


PhD candidate: Maja Nisevic
Supervisor: StefanoTroiano
Title: Profiling consumers through Big Data Analytics: The interplay between the GDPR and Unfair Commercial Practice Directive
PhD Programme: European and International Legal Sciences

Even though for a long-time consumer law and data protection law in EU belonged to two different worlds, in the digital economy both are coming together. This PhD topic is addressing that consumer law and data protection law can complement each other, with the aim to offer individuals better protection of personal data in the modern market, with a special focus on GDPR’s Article 22- Automated individual decision making, including profiling by Big Data Analytics.

The age of Big Data is underway. Big Data Analytics as technology phenomena without any discussion opened a new perspective on reality and represent the technological changes that is foundational to how we have tried to understand the world. However, in modern market many traders offer “free services” in exchange for consumer data. Further, the consumer data are being monetize after they are collected through traders’ services. Personal data have become increasingly important for consumer protection policy. Nowadays, personal data are an economic asset. Therefore, present reality should be reflected in the law, which should ensure transparency of online marketplaces, give enforceable rights to consumers, and provide dissuasive sanctions against rogue traders.

EU Unfear Commercial Practice Directive was adopted with aims to achieve a high level of consumer protection, to smoothen the functioning of the internal market and to increase competition in the market and it covers any commercial practice. However, the Unfear Commercial Practice Directive is in part of consumer protection law, therefore, represent piece of legislation that primarily concerned with consumers and their relationship with traders. In conclusion, Unfear Commercial Practice Directive confers mandatory right on consumers as well as it creates a fair legal playing field for economic transaction in the market place.

EU General Data Protection Regulations applies form 2018 and it is a part of data protection law that aims to protect fundamental right when personal data are processed or collected. Even though the GDPR is faced with the digitalization, it was written to be independent of the technological realities. It is, however, directly affecting the Big Data age with its Article 22.

In the context of Big Data age is required additional interpretation of the GDPR’s Article 22 not only from data protection prospective, but also from consumer protection prospective. The GDPR with its Article 22 gives right to individuals not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her as well as right to withdraw their consent in any time. The same right will not exist for individuals if decision based solely on automated processing, including profiling, is necessary for entering into, or performance of, a contract between the individuals and a data controller. It seems that the GDPR is very silent about consequences for possible contractual relation. Contrary, the Unfair Commercial Practice Directive may help to fulfil the gaps in the GDPR’s Article 22, since it can help to provide safeguarding the consumer’s autonomous decision-making process or in situation where profiling is used to influence consumer’s decision-making. In conclusion, the Unfair Commercial Practice Directive might play a role in protecting consumers against privacy- instructive or unfair convincing.

However, there are a lot of questions that deserve further research. It is still questionable whether consenting to processing of personal data may be understand as transactional decision as well as how far contractual obligation could go in the sense of the decision based solely on automated processing, including profiling. More importantly, it is still questionable what kind of law interpretation is suitable in a case of the consumer protection consenting if they are consenting a processing of personal data. The scientific opinions are divided from those who are considered that must be restrictive interpretation of consumer protection in the light of data protection law, to those who are considered that data protection should not apply if there is commercialization of the personal data.

In the end, considering law flexibility for era of digitalization, it is still questionable whether the existing pieces of legislation such as the GDPR’s Article 22 and Unfair Commercial Practice Directive are suitable to protect individual effectively considering individual characteristic and exposure, even if they complement each other. The importance of this research is not related just to legal science, it is important for economy science because in the digital market personal data are economic assets and are used to develop modern services, to profile consumers, and to influence consumers in the end.