Privacy and data protection are two fundamental rights. As complex concepts, they lend themselves to various interpretations aimed at protecting individuals. In this paper, I explore the concepts of ‘privacy’ and ‘data protection’ directly related to the protection of ‘identity’. I argue that the ability for privacy and data protection law to protect identity is being challenged by recommendation systems. In particular, I explore how recommendation systems are continuously influencing people based on what can be predicted about them, while the legal tools that we have do not fully protect individuals in this regard. This paper aims at breaching this gap, by focusing on the study of Porcedda, who examines four different notions of privacy related to identity under article 7 of the European Charter of Fundamental Rights. Through the huge capacity for analytics that draws on a lawful combination of consent and non-personal data, this paper examines why data protection regulation does not, in fact, fully protect individuals. In this paper it is explored how the notion of privacy, understood as the protection of identity, is especially relevant to understand the limitations of data protection law, and I explore postphenomenology to help us better contextualize the relationship between identity and recommendation systems.
