Discussion about vulnerable individuals and communities spread from research ethics to consumer law and human rights. According to many theoreticians and practitioners, the framework of vulnerability allows formulating an alternative language to articulate problems of inequality, power imbalances and social injustice. Building on this conceptualisation, we try to understand the role and potentiality of the notion of vulnerable data subjects. The starting point for this reflection is wide-ranging development, deployment and use of data-driven technologies that may pose substantial risks to human rights, the rule of law and social justice. Implementation of such technologies can lead to discrimination systematic marginalisation of different communities and the exploitation of people in particularly sensitive life situations. Considering those problems, we recognise the special role of personal data protection and call for its vulnerability-aware interpretation. This article makes three contributions. First, we examine how the notion of vulnerability is conceptualised and used in the philosophy, human rights and European law. We then confront those findings with the presence and interpretation of vulnerability in data protection law and discourse. Second, we identify two problematic dichotomies that emerge from the theoretical and practical application of this concept in data protection. Those dichotomies reflect the tensions within the definition and manifestation of vulnerability. To overcome limitations that arose from those two dichotomies we support the idea of layered vulnerability, which seems compatible with the GDPR and the risk-based approach. Finally, we outline how the notion of vulnerability can influence the interpretation of particular provisions in the GDPR. In this process, we focus on issues of consent, Data Protection Impact Assessment, the role of Data Protection Authorities, and the participation of data subjects in the decision making about data processing.

关于弱势个人和社区的讨论从研究伦理学到消费者法和人权。许多理论家和实践者认为，脆弱性框架允许制定替代语言来表达不平等，权力不平衡和社会不公正的问题。在这种概念化的基础上，我们尝试了解易受攻击的数据主体的概念的作用和潜力。这种思考的起点是广泛开发，部署和使用数据驱动技术，这些技术可能对人权，法治和社会正义构成重大风险。实施此类技术可能导致歧视性歧视不同社区，并在特别敏感的生活环境中剥削人们。考虑到这些问题，我们认识到个人数据保护的特殊作用，并呼吁对其进行感知漏洞的解释。本文做出了三点贡献。首先，我们研究脆弱性的概念如何在哲学，人权和欧洲法律中被概念化和使用。然后，我们面对这些发现，并在数据保护法律和话语中存在和解释脆弱性。其次，我们从该概念在数据保护中的理论和实际应用中发现了两个有问题的二分法。这些二分法反映了脆弱性的定义和表现形式之间的紧张关系。为了克服由这两个二分法引起的局限性，我们支持分层脆弱性的想法，该想法似乎与GDPR和基于风险的方法兼容。最后，我们概述了脆弱性的概念如何影响GDPR中特定条款的解释。在此过程中，我们重点关注同意，数据保护影响评估，数据保护机构的作用以及数据主体参与有关数据处理决策的问题。