Exploring the synergies between non-discrimination and data protection: what role for EU data protection law to address intersectional discrimination?

In the European Union (EU), anti-discrimination policies have evolved towards an intersectional dimension in the last years, the traditional sectorial approach being insufficient by neglecting the differences in terms of gender, race, age, social status, ability, sexual orientation, etc. within the same vulnerable group. In parallel, European data protection law has been reformed and enriched with new instruments, including the General Data Protection Regulation (GDPR). Considering that the collection and analysis of information that affects oppression dynamics ground the operationalisation of the intersectionality principle, European data protection law could play a pivotal role in enabling it. Nowadays, the GDPR grants specific protection to some “special categories of data” (which include racial or ethnic origin, genetic data, data concerning health or data concerning a natural person’s sex life or sexual orientation, etc.) that, to a certain extent, overlap with the information that should be disaggregated in accordance with the intersectionality principle. The processing of these data is forbidden, unless one of the exceptions foreseen in Article 9(2) GDPR applies. Yet, are these exceptions framed in a way to promote or undermine intersectionality? And, more in general, what is the approach followed by EU data protection law towards intersectional discrimination matters? Building upon a review of data protection and anti-discrimination laws and legal literature, as well as policy documents, the contribution will explore the interrelationships between the EU data protection law (in particular, the GDPR) and anti-discrimination law. After briefly sketching the specific challenges raised by intersectional discrimination, I will delve into EU data protection law's understanding thereof, and compare the notions of sensitive data and protected grounds. Considering the importance of processing sensitive data to prevent and address (intersectional) discrimination, I will illustrate the rules applicable to sensitive data. I will then question the sufficiency of some of the exceptions ex Article 9(2) GDPR, focusing on the so-called "substantial public interest exception", deemed the most relevant for intersectionality matters. Finally, I will reflect upon the enforcement mechanisms set by the GDPR.