Ethics is seen as a critical resource for data law. But beyond this almost slogan-like truism, the exact functions which ethics might play in data law are often left unclear. This contribution clarifies the ways in which data ethics and data law are intertwined and, on this basis, offers guidelines for practitioners in terms of interpreting the GDPR. Two types of norms allow for modulation between the law and ethics of data. The first type of norms is the ‘principles’ of the GDPR. Ethical resources can be used for the interpretation of these norms using a Rawlsian reflective equilibrium approach. The second type of norms is evaluative judgment norms, the most well-known of which derive from the characteristically risk-based responsibility that the GDPR bestows on controllers. For these evaluative norms, ethical resources could be used in three different functions: as a tool for the identification and assessment of risks, as a resource for improving data controller processes, and as the basis for the codes of conduct foreseen by the GDPR. These three potential modulations between ethics and the law of data help controllers of data make sense of their responsibilities in light of the GDPR’s requirements.

中文翻译：

---

GDPR 中的伦理：应用法律理论的蓝图

道德被视为数据法的重要资源。但除了这个几乎像口号一样的老生常谈之外，伦理在数据法中可能发挥的确切功能往往不清楚。该贡献阐明了数据伦理和数据法相互交织的方式，并在此基础上为从业者解释 GDPR 提供了指导。两种类型的规范允许在数据的法律和伦理之间进行调整。第一种规范是 GDPR 的“原则”。伦理资源可用于使用罗尔斯反思均衡方法来解释这些规范。第二种规范是评估性判断规范，其中最著名的是 GDPR 赋予控制者的基于风险的特有责任。对于这些评价规范，道德资源可用于三种不同的功能：作为识别和评估风险的工具，作为改进数据控制器流程的资源，以及作为 GDPR 预见的行为准则的基础。道德和数据法之间的这三种潜在调整有助于数据控制者根据 GDPR 的要求理解他们的责任。