| dc.description.abstract | The processing of personal data has been one of the most widespread uses of computers ever since the invention of the first electronic tabulator. The issue of data protection has bubbled to the surface at several points in history as different publics have been indirectly affected by the use of technology to gather, process and share personal data with, or without individual consent. In 2012 the European Commission set out to reform the data protection framework in Europe by proposing a Directive and a Regulation for the protection of personal data. This thesis examines how the issue of data protection emerged, and how data protection was put on the agenda in Europe. In particular, this thesis considers how the European Commission and other actors have attempted to frame and reframe the controversies of the General Data Protection Regulation (GDPR) in order to reach a consensus on the proposed legislation. According to the European Commission the GDPR is the most lobbied piece of legislation in the European Union. This is a qualitative study that applies STS-resources within the study of controversies, issue formation and risk to understand how the GDPR comes into being in the context of the technological progress in the ICT-field. My empirical material is a combination of interviews with key actors within the European Parliament, the European Commission and both non-governmental and business lobby, as well as analysis of lobby documents, proposed legal texts and media coverage of the process. The way the existing institutions have proved unable to deal with the issue, combined with how the technological advancements have paved the way for even more invasive use of technology has sparked public involvement in the political processes. The different understandings of the controversy, and how data protection affects society and economic performance has caused many actors to get involved, causing a hot situation where everything from scientific facts to perceptions of good and bad are disputed. By looking to theories of risk and reflexive modernity I also show how the introduction of data protection can be seen as a way of handling the unintended consequences of technological progress within ICT, and how the GDPR is an attempt at managing technology and mitigating risks. | eng |