From Cells to Codes: The Legal Transformation of Digital Identity, Integrity, and Self-Determination in the Digital Age

Ondrej Hamuľák^*

https://orcid.org/0000-0003-4147-2891

Lusine Vardanyan^*

https://orcid.org/0000-0002-2981-0520

Hovsep Kocharyan^*

https://orcid.org/0009-0005-5533-2605

Od komórek do kodów: prawna transformacja tożsamości cyfrowej, integralności i samostanowienia w erze cyfrowej

1.Introduction

In the digital age, technological developments are changing our understanding of the human body, integrity, and identity (Atoyan et al. 2023, 93). Recent technological advances have opened a new era for our physical nature: they have transformed it into a technological platform. Our physical life, including our body, environment, work and services, is increasingly intertwined with digital technologies and the Internet, creating a harmonious combination of the physical and virtual worlds, thereby posing new challenges to society (Warwick 2015, 79). For example, many people now work from home using video calls and online tools. Shopping has also changed: online shopping allows people to purchase goods from the comfort of their homes. These examples show how digital technologies are becoming a natural part of our lives. Not only do digital technologies have positive consequences, especially in stimulating the transformation of medical research and industry as well as other aspects of social life, but their use also leads to violations of fundamental human rights. Nowadays digital technologies expose privacy and cybersecurity to unprecedented vulnerabilities. In this context, the EU, one of whose main policies and activities is the protection of fundamental human rights for EU citizens and the promotion of human rights worldwide, is faced with the need to develop adequate legal responses to the possible negative consequences of these technologies.

At the same time, there is also the question of the effectiveness of the current EU legal framework for the protection of personal data and personal integrity to fully safeguard (ensure?) the persons from new challenges, as digital technologies generate huge amounts of biometric and behavioral data, as well as create new issues for data management (Andraško et al. 2021, 623). A special feature of digital technologies is the processing of what can be called “live” bits and bytes – that is, digital data that is constantly generated, transmitted, or updated in real time, such as streaming videos (including from video calls or surveillance cameras), real-time sensor data (including health data obtained from medical applications), or real-time messages (for example, voice messages), which can be recognized as components of a person’s personality and which, in turn, raise the question of finding the most effective legal mechanism to protect a person from imperfect and vulnerable software. For example, software that processes this data, such as video streaming platforms, medical applications, or communication tools, may contain bugs, security flaws, or outdated encryption, making them vulnerable to hacking, data leakage, or manipulation (Darwich, Bayoumi 2025).

As digital technologies are increasingly introduced into our daily lives, concepts such as body autonomy, integrity, and identity are being redefined. The growing use of prosthetics, implants, biometric data, and virtual representations is changing not only how we interact with the world, but also how we perceive ourselves. Of course, this study does not provide a comprehensive and specific analysis of all the aforementioned human and technology integrations. However, we recognize that these achievements collectively indicate a broader shift in the understanding of human identity and embodiment in modern society. These changes raise crucial questions about the legal protection of a person’s physical (bodily) integrity and identity, especially in the context of new technologies that blur the boundaries between the physical and digital worlds (Bublitz 2022, 3). The concept of “body as data” represents a new challenge for legal systems traditionally focused on protecting physical bodies from harm (Bygrave 2010, 1–25). As our bodies generate data through biometric sensors, wearable devices, and digital interfaces, the concept of personal (bodily) integrity needs to be redefined to take into account the growing role of data in shaping our personal identity. This shift has serious implications for human privacy, autonomy, integrity, and control over the physical and digital self. The purpose of this research is to explore the evolving relationship between the human body and digital data, examining how this intersection influences legal interpretations and protection of bodily integrity and identity in the digital era. In this regard, the key questions of these research are the following:

1. What challenges arise from the convergence of physical and digital identities in terms of existing legal protections?
2. How might existing or new legal frameworks respond to these challenges?

The study uses a doctrinal method supported by a comparative and analytical review of European and international sources. It examines the main EU laws (the Charter of Fundamental Rights (CFR) and the GDPR), the case law of the European Court of Human Rights, as well as the scientific doctrine of digital identity, integrity and information self-determination. This approach was chosen because the topic concerns the normative development of legal concepts rather than empirical measurement. The purpose of the analysis is to identify conceptual gaps and propose a coherent interpretative framework for integrating digital integrity into existing human rights protection structures.

We argue that the protection of human personal integrity in EU legislation should be designed in such a way as to cover not only the physical body, but also its digital manifestations. In our opinion, the right to information self-determination and the emerging concept of digital integrity together can provide the necessary regulatory framework to ensure personal autonomy and dignity in the digital age.

2. Literature Review

In the legal literature there are a number of research contributions that are devoted to the analysis of existing risks and challenges of human data protection from the perspective of human bodily integrity (Quesne 2022, 37–45; Matwyshyn 2019, 167). In particular, some scholars analyse the existing legal challenges to personal data protection in the EU law from the perspective of the concept of informational self-determination (Thouvenin 2021, 246). Other scholars pay particular attention to the privacy and cybersecurity vulnerabilities and conflicts across regulatory regimes in the context of AI governance and data optimisation (Pauwels, Denton 2018, 230; Hoffiani 2021, 14).

At the same time, there are also some research contributions dedicated to the issues of boundary stability between human and digital bodies, as well as the convergences between human and digital bodies through posthumanist theoretical perspectives in law (Käll 2017, 162). From the point of view of a potential change in the accepted ontology of the body (body as data) and the entry into force of the GDPR (Bygrave 2010, 1–25), the question of how widely the terms “information” and “data” are interpreted within the framework of regulation is becoming more relevant (Purtova, 2018). In this context, as a solution, very few researchers suggest to recognise a new fundamental right – the right to digital integrity, which will help to create fundamental guarantees for data protection in the context of the Internet of Bodies (IoB) (Roussel 2020; Rochel 2020; Mahon 2020; Kuhn 2020).^[1] Of course, we also agree that the right to digital integrity of a person, that is an emerging concept referring to the ability of individuals to maintain control over their digital presence, identity, and interactions in the digital environment, including protection both with and against digital technologies (for example, protection against malicious tracking, surveillance, and identity theft) (Rochel, 2021; Roussel, 2023), has a strong potential in strengthening the protection of a person and their data in the digital world, which was confirmed by our previous research (Vardanyan et al. 2022, 172). In particular, as it was mentioned in the conclusions of the research:

(…) it is necessary to find an alternative foundation for the legal regulation and protection of personal data. We consider that the right to digital integrity can be a new foundation for digital rights, the recognition of which, similar to the right to physical and mental (psychological) integrity, can protect the person from becoming a commodity and reduce the number of cases of violation of human dignity in the digital sphere.” (Vardanyan et al. 2022, 179)

The main difference between the right to digital integrity and the right to data protection is that it is aimed not only at protecting data, but also at protecting the person behind that data, that is, their dignity, autonomy, and the inviolability of their physical and mental integrity in the digital world. Accordingly, the concept of digital integrity is becoming increasingly recognized and is gradually being consolidated in the constitutions of various Swiss cantons, while discussions continue on the inclusion of this fundamental right in the Swiss Federal Constitution (Fratini 2024; Roussel 2023; Kolbe 2023; Barbie 2023).

This study critically examines the evolving relationship between the right to personal data protection and the concept of personal integrity in the context of rapid digitalization. Although many existing sources consider these rights separately, we emphasize that digital technologies are increasingly blurring the line between them, creating new legal and ethical problems (Solove 2008; Samuelson 2000). Our contribution is to identify specific gaps in the current legal framework and propose a comprehensive approach that considers data protection not only as a matter of privacy, but also as an important component of personal integrity. This will facilitate a more thorough understanding of the existing legal situation in this area of EU law (de lege lata), as well as propose appropriate legal mechanisms capable of protecting a person and his/her data in the context of emerging digital technologies (such as artificial intelligence (AI), big data, the Internet of Things (IoT), biometric systems, and blockchain, etc.) (de lege ferenda). We believe that the right to digital integrity can play a fundamental role in addressing this issue, as it can meet the growing need to protect the autonomy, dignity, and personal data of individuals in a digital environment (Rochel 2021). The fact is that, unlike the commercialization of personal data, which is often driven by commercial and marketing interests, the right to digital privacy prioritizes human dignity and individuality, much like the principles underlying bioethics (Dickens 2020; Papalois, Papalois, 2020; Saed 2011; Rothhaar 2010). Just as bioethics insists on respecting the physical integrity and autonomy of individuals beyond scientific or economic benefits, digital integrity requires that people be treated as holistic beings, not just as data sources or marketing tools, ensuring that their digital selves are protected from exploitation, manipulation, and reduced commercial value (Vardanyan et al. 2022).

New technologies such as artificial intelligence (AI), the Internet of Things (IoT), big data, and biometric systems are blurring the boundaries between the physical and digital selves (Adib Bin Rashid, Ashfakul Karim Kausik, MD 2024). Since these systems collect, analyze, and process personal data, often without full transparency or individual control, traditional data protection rights (such as consent or data minimization) are no longer sufficient. The right to digital integrity goes beyond data protection: it recognizes that a person’s digital presence is an extension of their identity and physical integrity in the digital world (Guillaume, Mahon 2021). This implies the right to control how your data is used, how your digital self is formed, and how to be protected from manipulation, surveillance, and digital exploitation. Thus, we believe that the inclusion of the principle of digital integrity in the future legal framework (de lege ferenda) can provide a more human-centered approach to technology management that is consistent with EU traditions in the field of fundamental rights, in particular the EU Charter of Fundamental Rights (Articles 1, 7, and 8).

It should be noted that the legal analysis of risks and challenges arising from the development of digital technologies, such as, for example, algorithm bias, large-scale data profiling, and automated decision-making, is crucial not only from a philosophical and theoretical point of view, but also from a regulatory and practical point of view. These technologies exacerbate issues related to fairness, transparency and accountability, which are difficult to properly address in current EU data protection legislation (Reis et al. 2024, 74). For example, algorithm bias can lead to discriminatory results that bypass traditional legal protection mechanisms, while automated solutions often lack transparency to provide meaningful user consent or challenge it. Despite the increased attention of scientists, the existing legal literature does not sufficiently cover these specific gaps in legislation, especially with regard to the relationship between data protection and personal integrity (Ben-Shahar, Porat 2021). Therefore, we argue that there is an urgent need for focused legal research to develop more subtle and effective mechanisms that could keep pace with technological progress and protect fundamental rights in practice.

At the same time, the problem of ensuring a high level of personal data protection, as well as effective control over bodily data and choice has recently gained renewed relevance in the context of the EU’s efforts for digital sovereignty. This concept refers to the European Union’s ability to operate independently in the digital sphere, that is, to develop and control its own digital infrastructure, technologies, data and services in accordance with European values, interests and laws, without excessive dependence on foreign (especially non-EU) technologies or platforms. According to the definition of the President of the European Commission, digital sovereignty is the main goal of the EU Digital Decade (Ryan et al. 2024, 4). The protection of fundamental rights and European values is one of the three key features of this concept, used both as a justification for the pursuit of digital sovereignty and as one of its goals in the context of the EU (Roberts et. al. 2021, 4). The digital sovereignty of the person, which refers to the person’s capacity and right to exercise full control over their personal digital data, identity, and online interactions, ensuring autonomy, privacy, and protection from undue interference or exploitation in the digital environment, is one of the three “levels” of the concept of digital sovereignty (Fratini, Hine, Novelli 2024). Thus, the success of the Digital Decade project also depends on ensuring a high level of personal data protection and personal sovereignty (Gábriš, Hamuľák 2021, 112). In our opinion, this represents a fundamental “layer” within the broader concept of digital sovereignty, emphasizing the empowerment of individuals to manage their digital presence in accordance with their rights and values.

The development of digital technologies leads to the formation of “a network of human bodies, whose integrity and functionality rely (...) on the Internet and related technologies, such as artificial intelligence” (Matwyshyn 2019, 77). This development also requires understanding the mechanisms for protecting both data and personal integrity, since the Internet almost always collects and processes special categories of data that do not “lose” connection with the physicality of the person. For example, after a photo or video is taken, they can be copied, published, and saved anywhere without the physical presence of a person. The image exists separately from the human body and can be used for other purposes without its control. In addition, wearable medical devices (such as fitness trackers, smart watches, or continuous glucose meters) continuously collect data on heart rate, sleep patterns, or blood sugar levels (Mansour, Darweesh et al. 2024). This data is processed using cloud platforms and artificial intelligence (AI) algorithms that not only monitor health conditions, but can also be shared with insurers, employers, or other platforms. Similarly, neural implants and brain-computer interfaces (BCIs) used for medical or experimental purposes collect neural activity data that can potentially reveal emotional or cognitive states (Shumao, Yang et al. 2024). Even artificial intelligence systems for emotion recognition, which are now used in education, hiring, and law enforcement, interpret facial microexpressions to determine mental state, blurring the line between physical presence and data extraction. All these examples show that such data does not “lose” its connection with a person after digitization. Rather, they empower the body in the digital space by raising fundamental questions about bodily integrity, autonomy, and ownership of the data obtained about a person’s physical or mental state. Although images are personal data because they identify individuals, they are generally not classified as special categories of data according to the GDPR (Article 9). Special categories of data, such as biometric information, medical records, genetic data, or data revealing racial or ethnic origin, are considered more confidential because they can directly affect a person’s fundamental rights and freedoms (Quinn, Malgieri 2022). These types of data (for example, the same health data) are increasingly being collected using digital devices such as wearable medical technologies, neural implants, and biometric systems that track and record deeply personal aspects of the body and mind. The processing of such data requires a higher level of legal protection due to its close relationship with the physical integrity and autonomy of the individual (article 9), which raises complex issues of consent, control and possession that go beyond traditional data privacy considerations.

Despite the fact that the GDPR has two goals, the CJEU has already expressed a position that prioritises interpretating the GDPR provisions in light of protecting the rights of the person over the free flow of data (Vardanyan, Kocharyan 2022, 96). However, a detailed examination of this legal document still indicates some uncertainties that may unlawfully expand the scope of the GDPR and make it possible to recognise it as, according to N. Purtova “the law of everything” (Purtova 2018, 18), including the area that traditionally refers to the right of personal integrity, such as physical and psychological (mental) autonomy, which have historically been considered outside the scope of data protection (Ligthart 2025). This adds to the problematic issue of the relationship between the right to personal integrity and the right to personal data protection.

In this context, it is especially necessary to emphasise the uncertainty of such concepts as “data” and “information,” which only increases the problem of “data” and “body” correlation (Lu, Zhou, Li 2024). In addition to these questions/concerns, it is necessary to consider the ownership of devices imported into the human body as well the use of artificial intelligence (AI), which increases the volume, variety and speed of obtaining information about every aspect of human life and highlights privacy as a global public policy issue remain unresolved. Although biointegrated devices (such as neural implants or subcutaneous chips) have not yet become widespread, their development is accelerating (Abyzova, Dogadina et al. 2023). As they begin to blur the line between man and machine, they raise fundamental questions about the autonomy of the body and the ownership of data that require active legal and ethical consideration. In this regard, the purpose of this article is to examine the legal consequences of this blurring of the boundaries between the body and data, analyzing whether the current EU data protection system sufficiently guarantees personal integrity in a digital context and whether the emerging concept of digital integrity can provide a more adequate legal response.

3. The Development of the Concept of the Body and Its Relation to the Legal Protection of Personal Integrity

If a person’s physical existence is protected by the fundamental rights to prevent any violation of their integrity, then the emergence of the category of “digital person” should lead to the emergence and recognition of rights that should also protect their integrity in the digital world. Indeed, as R. Clarke, D.J. Solove and L. Floridi note, the development of information technology has led to the emergence of a “digital person” (Clarke 1994, 77–92; Solove 2004, 296; Floridi 2009, 153–158). With the help of these technologies, a personal identity is “assembled” from his/her “digital parts.” Moreover, the formula “one person – one identity” no longer reflects reality, as personal identity becomes dispersed, multiple, ubiquitous, decentralised and eternal. Therefore, we must agree with the opinion of those researchers who point out that if people live in a digital format, it should be borne in mind that their integrity extends to this dimension (Roussel 2020). We believe that the existence of a digital person and digital life presupposes the expansion of the legal coordinates of the individual and highlights the need to develop more comprehensive mechanisms for protecting the individual in the digital world.

It is known that the human body has almost always been an unavoidable guideline of legal norms, and mainly based on the naturalistic concept of the body, this suggests a clear distinction between the body and the thing (Shilling 2012, 59). For example, one can see that many fundamental rights, such as the right to life, physical integrity, personal autonomy, freedom from torture, and the right to privacy, are directly or indirectly based on the protection of the body or derive from it (Fertsman 2022). This central role of the body highlights its unique legal and ethical status, distinguishing it from other objects or things. In other words, according to the naturalistic concept, the human body is considered not as a simple thing, but as a unique entity requiring special legal consideration. However, the naturalistic concept of the body as a whole, distinct from the environment, is deconstructed – mainly in modern postmodern philosophy and critical legal studies. For example, postmodern scholars challenge this traditional view to emphasize how the body is intertwined with social, cultural, and technological contexts (Russo 2019). This deconstruction aims to question the rigid dualism of mind, body, and environment and better explain the changing, interconnected, and dynamic nature of incarnation. The goal is to provide a deeper understanding of identity, autonomy, and integrity, especially given that advances in digital and biointegrated technologies are blurring the boundaries between human and machine, as well as raising new ethical and legal issues that a naturalistic concept cannot fully solve.

Bert-Jaap Koops argues that the traditional differences between physical and non-physical methods of impact on human body (for example, physical bullying or cyberbullying), between human bodies and things, and between the external and internal parts of the human body, must be rethought (Koops 2014, 6). In particular, traditionally the distinction between the outer and inner parts of the human body was based on visibility and accessibility. For example, external parts (such as skin, limbs, or facial features) are visible and interact directly with the environment, while internal parts (such as organs or tissues) are hidden inside the body and are usually protected by its external structure. This separation has influenced legal and ethical frameworks, such as the distinction between surface contact and invasive medical procedures. However, technological developments such as biointegrated devices, neural implants, and advanced surveillance are blurring this line, making it increasingly difficult to clearly distinguish between what is considered “external” and “internal.” These blurred boundaries challenge existing legal categories and require a rethink of the concept of physical integrity in the digital age. They all stem from the assumption that the human “body” is physically separated from the environment and represents a convenient concept of marking boundaries, allowing distinguishing levels of intervention (for example, skin touching (physical contact in public or by government officials), body scanning at airports (millimeter-wave scanners), facial recognition cameras in public places, biometric data collection (for example, fingerprint scanning, vaccination or injections, etc.).

Due to the deconstruction of naturalistic theory, some scholars are calling for a rethink of the moral and legal boundaries of human personality in legal terms (Rich et al. 2012, 1–6). The issue of body protection is closely linked to discussions around the scope of the right to personal integrity and one of the most sensitive rights to the choice of body concept (Viens 2013; Bublitz 2022; von Arnauld, von der Decken, Susi 2020). Therefore, it is not surprising that along with the problematisation of the naturalistic concept, some scholars even advise abandoning the right to personal integrity (Viens 2020, 363–377). In our opinion, this approach is not necessarily related to the sensitivity of the right itself, but also to concerns about its conceptual vagueness, overlap with other rights, and its limited usefulness in solving complex problems of modern biomedicine and digital technologies. In this scientific contribution, we will briefly consider this right in the context of the relationship between its scope and the boundaries of the physical body, in order to identify the potential for possible application to the protection of digital body data.

From the very beginning of the analysis, the ambiguity of this relationship is revealed, as the right to personal (bodily) integrity protects the embodied personality, rather than the body viewed solely as a physical object. To be clear, legal scholars support this interpretation, recognizing bodily integrity as a means of protecting the individual, and not just its shell (Bublitz 2014; Mantelero 2020). In particular, if we turn to the legal experience of Germany, we will see the following: the German Federal Court (Bundesgerichtshof) ruled that sperm extracted from the body and frozen for fertilization can be considered as a part of the human body, because it is protected as not a material substance, but the existence and formation of a personthat materialises in the human body (Bundesgerichtsh of 09.11.1993 – VI ZR 62/93, BGHZ 124, 52; Neue Juristische Wochenschrift 1994, 127). At the same time, in the legal practice of the United States, beatings do not require actual touching of the human body and contact with clothing or objects closely related to the human body is sufficient.

The ‘essence of the plaintiff grievance consists in the offence to the dignity in the (…) invasion of the inviolability of the person and not in any physical harm done to his body, so it is not necessary that plaintiffs actual body be disturbed (…) contacts with anything so connected with the body as to be customarily regarded as part of the other’s person and therefore as partaking of its inviolability is actionable as an offensive contact with his person. There are some things such as clothing or a cane or, indeed, anything directly grasped by the hand which are so intimately connected with one’s body as to be universally regarded as part of the person. (Judgment of the Supreme Court of Texas, Fisher v. Carrousel Motor Hotel, Inc., 424 S.W.2d 627 1967)

In our opinion, the above-mentioned judicial practice illustrates the most important principle: physical integrity is not limited to protecting the body as a simple physical object, but extends to protecting the personality and dignity that the body expresses and embodies. These interpretations show that the law protects the body to the extent that it represents a person, including individuality, autonomy, and personal dignity. This broader legal understanding of bodily integrity recognizes that the body functions as a vessel or expression of personality, not just as a biological entity. This conceptual shift is directly relevant to the topic of this article, which examines how the traditional legal framework regarding physical integrity is being threatened by digital technologies that increasingly expand data and present the body in new forms. In particular, in the digital age, biometric data, wearable sensors, neural implants, and virtual avatars act as modern additions to the body and personality. If legal remedies already recognize that physical integrity is linked to personality, then it follows that these remedies should logically extend to digital representations and data flows that embody or reveal aspects of personality. Thus, this expanded understanding of bodily integrity supports the main statement of the article: legal systems must evolve in such a way as to eliminate blurred boundaries between physical bodies and digital personalities, ensuring the protection of not only the physical body, but also its digital manifestations. We argue that this shift is necessary in an era when the physical and digital are becoming increasingly inseparable. If legal systems already recognize that the body is more than just matter, then it is logical and necessary to extend measures to protect physical integrity to the digital sphere, where personality is increasingly represented and expressed through data. Based on this, it logically follows that the protection provided to the body should also cover its digital manifestations – biometric data, avatars, neural implants – which increasingly express and shape personality and identity.

In addition, in the modern digital environment, such forms of close communication and representation are realized through biometric identifiers, avatars, neural interfaces, and continuous data flows – all of which reflect, express, and increasingly shape a person’s identity. These digital functions are not neutral nor external tools; they are deeply ingrained in how people present themselves, make decisions, communicate, and how they are perceived by others. For example, biometric data such as facial recognition or fingerprint scanning is not only unique to a particular person, but can also be used to track, classify, or manipulate that person in various contexts. Virtual avatars in games, workspaces, or on social platforms often act as intermediaries for human presence and activity. As these digital forms become increasingly integrated into our lives, their disruption or misuse can have serious consequences for autonomy, dignity, and identity, comparable to physical impairments.

Moreover, when considering violations of Article 3 of the European Convention on Human Rights (hereinafter – “Convention” or “ECHR”), the case law of the ECtHR also establishes the possibility of such violations of the bodily integrity even without direct contact with the human body. This allows for the possibility that the right to personal (bodily) integrity may not fully correspond to the volume of a biological (physical) body (for example, see the judgment of the European Court of Human Rights of 22 September 2020, Vasilyev and Others v. Russia (application no. 38891/08)); the judgment of the European Court of Human Rights of 10 January 2012, Harutyunyan v. Russia (application No. 48977/09) and the Judgment of the European Court of Human Rights of 10 October 2001, Price v. The United Kingdom (Application No. 33394/96). In other words, the judicial practice of the ECtHR interprets the scope of the right to personal integrity in such a way that it does not coincide with the naturalistic concept of the body, thereby indicating the possibility of protecting not only the bodily components of a person. This, in turn, becomes the basis for the emergence of new concepts (such as, for example, the concept of the body as the embodied human subjectivity or the concept of extended subjectivity) and difficulties in understanding human physicality and its boundaries (such as, for example, defining the exact boundaries between physical and digital selves), as well as their legal protection, which will be discussed in more detail below.

4. The Concept of the Body as the Embodied Human Subjectivity

Оne of the concepts of the human body in the literature is the concept of embodied subjectivity (Halák 2016, 26–40). According to these phenomenological ideas, human bodies are not just material objects, but living bodies, places of subjective experience and a peculiar way of existence in the world (Herring, Wall 2017, 566–588). For clarity, within the framework of Cartesian dualism, René Descartes, as is known, separated the mind (res cogitans) and the body (res extensa) – the body was considered as an extended mechanical object separate from the conscious mind. From this point of view, the body was often reduced to something instrumental rather than essential to the personality (Wee, Pelczar 2008). As opposed to that, the integrity of an individual is understood as the natural order of their life, formed from everything they have experienced, and which can be described in the form of a human life story. This approach allows us to perceive an individual without detaching them from their life reality, taking into account their personal experience, self-understanding, and self-identification, as well as the totality of their actions, will, principles, views, and life positions. In other words, the concept of personal (bodily) integrity connects a person’s subjective experiences with their existence.

Considering the problems of defining human physicality, modern inter-disciplinary studies identify at least three important subjective elements: “body image,” “body schema,” and “body model” (Balogh 2014, 7; Roel Lesur et al. 2018, 94–105). In general, the problem of defining “human physicality” lies in the complexity of the body as a biological and empirical phenomenon (Ibragimova, 2021). The subjective elements – body image, body diagram, and body model – show that physicality is not only flesh and bones, but also how these flesh and bones are perceived, used, and understood by oneself and others (Sattin, Parma et al. 2023). People have a conscious idea of their body, as well as beliefs, feelings, and attitudes about it. Moreover, bodily sensations are spatially structured and experienced as localised in the human body (Skrzypulec 2023, 142). This sphere is called the somatosensory system, and it forms the phenomenological boundary of the human body (De Vignemont 2007, 428). Moreover, this boundary can be expanded to also cover external objects. The variety of body images with different degrees of plasticity is connected with a diverse human experience (De Vignemont, Farne 2010, 203–211). We think that the difference in experience leads to different assessments as to whether one or the other given is a part of their body. This, in turn, leads to a perhaps surprising realisation: the postmodern views that suggest that the boundaries of the body are not fixed are indeed true.

One might reasonably ask, what should the law do about this? The law should go beyond rigid, purely physical definitions of the body and include an understanding that the boundaries of the body can extend to tools, technologies, or digital extensions (the “body model” includes external objects as part of a person’s bodily experience). This means that legal protection may be required not only for the physical body, but also for related digital or prosthetic devices. For example, if someone perceives an external object (for example, a prosthetic limb, a virtual avatar, or biometric data) as a part of their body, the law must protect its autonomy and the rights associated with these additions – for example, to control the collection, storage or use of biometric or emotional data.

Despite the fact that the GDPR represents a significant step in regulating the protection of personal data, it remains fundamentally limited in solving complex problems related to the digitization of personal integrity. The emphasis on data regulation, transparency, and consent often reduces personal information to simple “content” that needs to be managed, rather than taking into account the embodied and subjective nature of the human person.

Moreover, GDPR mechanisms tend to focus on compliance with legal requirements and risk management, which many companies use more as a marketing tool than as a real basis for protecting the autonomy and dignity of individuals. In practice, GDPR can facilitate the commercialization of biometric data under the guise of privacy protection, allowing market-oriented actors to exploit “digital integrity” without fully considering its profound implications for physical autonomy and psychological experience. Consequently, although the GDPR provides important protections, it does not take into account the fluid, technologically driven boundaries between the body and the individual, which requires new legal approaches that more adequately recognize and protect the expanded, embodied nature of identity in the digital age. In other words, the law should expand its understanding of physical integrity to include the subjective, dynamic, and technologically enhanced nature of the body, creating protections that support autonomy, dignity, and privacy in both the physical and digital realms.

Indeed, the human body currently has many boundaries, such as, for example:

• physical (biological) (meaning the biological structures of the body – skin, limbs, and internal organs – which traditionally defines where a person “begins” and “ends”),
• mental (encompassing the psychological and emotional aspects of bodily experience, such as internal perception of pain, anxiety, or body image disorders such as dysphoria that affect how a person relates to their own body – Picasso’s ear),
• social (shaped by cultural, gender, and racial norms that dictate how to handle the body, discipline it, or make it visible in society – for example, through a dress code, surveillance, or social expectations regarding appearance),
• technological (they appear when external devices are perceived as extensions of the body, such as prosthetic limbs, pacemakers, wearable health monitoring devices that blur the line between a person and a machine),
• digital (they are formed, for example, using, biometric profiles, facial recognition recordings, digital avatars, or emotion tracking algorithms that abstract and recreate physical identity in digital systems, often without full awareness or control of the subject).

They all reflect different aspects of our body’s perception, representation, and regulation. Taken together, these intersecting and changing boundaries show that the body is no longer a fixed, purely biological unit, but a dynamic and multifaceted construct shaped by life experience, technology, and social context.

Based on this idea, Jonathan Herring and Jesse Wall justify the right to personal integrity as the basis of subjectivity or as a point of integration between subjectivity and objectivity (Herring, Wall 2017, 566–588). What a person goes through in their body and daily life really matters to their overall life experience. Therefore, the boundary between what is captured by bodily integrity and what is not is determined not by objective and physiological facts, but by whether the bodily component is a point of integration of subjectivity and objectivity of a person (Herring, Wall 2017, 566–588). In practice, the definition of this point of integration includes both subjective understanding (personal stories, life experiences) and objective recognition (legal, medical or social framework). For example, with gender dysphoria, the biological body may come into conflict with its inner sense of self. In this case, bodily integrity is not only the physical body, but also how it supports or undermines a person’s subjectivity. With the advent of prosthetics or wearable technology, the boundaries of the body are expanding. In our opinion, a device is not “just a tool”: it becomes part of how a person lives, moves, and communicates with others. It also combines subjective usage and objective form.

Stephen Hawking’s life is a prime example of how the integrity of the body goes far beyond the physical or biological form. Hawking was diagnosed with ALS, and he gradually lost almost complete control of his muscles, but his personality, activity, and intellectual presence were preserved and even enhanced by technical means. His communication, mobility, and interaction with the outside world depended on devices such as a speech-generating computer and a wheelchair, which became integral parts of his body. These technologies were not just external tools; they were part of how he perceived the world (subjectivity) and how the world perceived and interacted with him (objectivity). Hawking’s case shows that the boundaries of the body are not fixed on the skin, but can be expanded, revised and integrated through life experience and external mediation. Thus, from the point of view of Herring and Wall, his bodily integrity was not limited to his biological state, but included technological systems that supported his autonomy and identity. To deny the role of these technologies in defining his personality would be to ignore the point of contact between his subjective experience and the objective reality of his existence.

At the same time, the applicable concept of subjectivity remains uncertain, but the conclusion remains clear: the right to personal (bodily) integrity protects human subjectivity. But the following question arises: what are the limits of such subjectivity? The fact is that the existing concepts of personal (bodily) integrity do not take into account all new technological possibilities that are beginning to become an integral part of the human body. At the same time, the applicable concept of subjectivity remains uncertain, but one conclusion is clear: the right to personal (bodily) integrity has historically served as a guarantee of human subjectivity. However, this traditional concept may be too restrictive at the moment. As new technologies are increasingly integrated with the human body – through biometrics, wearable devices, neural interfaces, and other forms of digital embodiment – the boundaries of subjectivity are expanding beyond the purely physical. An important question arises: what are the limits of such subjectivity today? The existing legal concepts of physical integrity have not yet fully taken into account these technological extensions of personality, which underlines the need to revise or expand the scope of the concept of personal integrity in accordance with modern realities.

At the same time, the same Article 3 of the Charter on Fundamental Rights (CFR) does not fully correspond to the realities of the digital world, which, in turn, poses new challenges to EU law (Vardanyan et al. 2024). Although Article 3 of the Charter protects the right to personal integrity, especially in medical and biological contexts, it still focuses on the physical body and does not explicitly address the forms of intrusion, manipulation or harm that occur in the digital environment. As digital technologies increasingly mediate and expand human identity through biometric data, digital profiles, and artificial intelligence-generated representations, the scope of personal integrity must expand to include the digital dimension of personality. The current legal framework lacks adequate tools to address issues such as digital identity theft, document forgery, unauthorized biometric surveillance, and emotional or psychological harm caused by digital means, phenomena that challenge traditional notions of physical and mental integrity.

Under these conditions, modern technological changes require an expanded understanding of the concept of “physicality.” However, it should be noted that the term “physicality” is not a clearly defined legal concept in EU law or judicial practice. It is more often used in philosophical, sociological, or bioethical discourse to denote the embodied, material dimension of human existence. In the legal context, especially in EU legislation on fundamental rights (for example, the Charter of Fundamental Rights), the focus is most often on “physical integrity.” This is due to the fact that the introduction of digital technologies is already calling into question traditional approaches to bodily integrity, and the transition from a biological body to an expanded (technologically improved) body opens up new ethical and legal issues that require legal reflection and adaptation. For example, brain-computer interfaces (such as Elon Musk’s Neuralink) blur the line between thinking and digital communication, raising questions about the sanctity of mental life and consent (Lavazza, Balconi et. al. 2025; Burwell, Sample et. al. 2017). Wearable medical devices (such as insulin pumps or heart monitors connected to the Internet) constantly collect and transmit biometric data, making the body partially dependent on external, potentially vulnerable digital systems. Prosthetic limbs integrated with artificial intelligence or controlled by neural signals challenge generally accepted definitions of what constitutes a “body” for legal protection purposes. Even microchip implants used for identification or access control are increasingly combining the physical and digital selves, raising concerns about surveillance, autonomy, and the body’s freedom of action (Maras, Miranda 2023). These changes suggest that the legal framework should be adapted to ensure the physical integrity of not only the biological body, but also its digital and technological extensions.

5. Extended Human Subjectivity: The Hierarchy of Offline/Online Realities

In a broad sense, personal (bodily) integrity can be seen as the right to self-determination beyond our own physical boundaries. As an argument, one could argue that bullying someone online is just as harmful as bullying offline, since threats to physical security become the basis for the illegal use of personal data. For example, if we look at the example of pornography without consent or “revenge porn,” the victims’ experiences coincide with those of actual sexual violence (Hearn, Hall 2022; Patella-Ray 2018, 786–791). That is, victims’ own descriptions of harm tend to focus on issues of physical violence and loss of self-determination. In this context, we would like to mention the case of Söderman v. Sweden, in which the ECtHR ruled that intrusive photography constitutes a violation of personal integrity. In other cases concerning photographs, the Court stated that the image of a person is one of the main attributes of their personality, since it reveals the distinctive characteristics of a person and distinguishes them from their kind (Judgment of the European Court of Human Rights of November 12, 2013, Söderman v. Sweden, no. 5786/08).^[2]

At the same time, the introduction of information technologies combined with biometric systems to identify individuals whose personal integrity is “digitised” (i.e., transformed into a digital form, where parts of a person’s physical, emotional, or psychological self are represented, stored, processed, and often used by digital systems), deprives people of the opportunity to selectively represent themselves and makes it difficult to protect their human rights, especially in a situation where “digitised integrity” becomes the object of market-oriented powers. To be clear, “digitized integrity” is a state in which a person’s physical, mental, and identity-related characteristics are captured, represented, and digitally processed using technologies such as biometric systems, health trackers, artificial intelligence for emotion recognition, or brain-computer interfaces. This means that key aspects of personal integrity traditionally associated with the physical self are now becoming apparent, indirect, and potentially manipulated in the digital environment, creating new challenges for autonomy, dignity, and legal protection.

Instead of perceiving the images of a person as “content,” we tend to view them more as “digital prosthetics,” i.e. extensions of ourselves, our will, and our activities. We should understand that they (“digital prostheses”) not only represent us, but also personify us. That is why A.R. Stone notes that our close relationship with new technologies that mediate our interactions forces us to rethink the boundaries of where our selves begin and end (Stone 1994, 14). Stone even describes this inclusion of objects in personality as “split subjects.” For clarity, the term “split subjects” refers to the fragmentation of the self that occurs when individuals are mediated, expanded, or represented through technology. In this context, the “subject” (that is, the personality) is no longer a single, integral entity, but rather is divided into various representations and technological extensions what we call “digital prostheses.” Similarly, the Cyborg Manifesto states that the “bodies are maps of power and identity,” whose blurred boundaries represent “a kind of disassembled and reassembled, postmodern collective and personal self” (Haraway 1991, 163). Does this make us rethink where our personality begins and ends? Someone might ask, what does this mean for the law and the protection of human rights? The answer is that traditionally the law protects an “individual” – a physical being with bodily integrity, identity, and rights. But when personal integrity becomes fragmented digitally, this protection becomes insufficient. In this framework, the law should begin to consider digital images (for example, biometric profiles, emotional states, digital doubles, avatars) not just as “data,” but as a legal extension of personality.

As S. Casini points out: “Our bodies are scanned, probed, imaged, sampled, and transformed into data by clinicians and technologists” (Casini 2021, 312). We believe that the problem lies deep down – in the ontological shift in the concept of the body, which is the result of the development of various technologies that conceptually challenge the difference between body, data and information. This in turn blurs the clear line between biology and technology. As Michio Kaku correctly points out, even after people die, their body can be revived from their genome, and their consciousness can be restored from their connectome. For clarity, a connectome is a complete map of all the neural connections in the brain, something like a detailed diagram of how neurons connect to each other. It is the structural basis of the brain’s functioning and, possibly, the encoding of thoughts, memories, and personality. The connectome concept is well known in neuroscience. There are even major research projects, such as the Human Connectome project, aimed at mapping these connections in detail. However, this part is highly speculative and is currently science fiction. Although some theorists (for example, Michio Kaku, Ray Kurzweil, and others from transhumanist circles) suggest that one day it may be possible to reconstruct the mind using a connectome, this is far beyond modern possibilities, but it cannot be ruled out. The possibility that we can still continue to live as information pushes us to the conclusion that we are nothing but information (Kaku 2024).

At the same time, various human enhancement (HE) projects serve as another reason for revising the ontology of the human body (Lawrence 2013, 254–278). The modern understanding of the human body is moving away from the idea of its staticicity and immutability, which characterised it earlier. For example, this is confirmed by modern research in the field of posthumanism and feminist theory. In particular, some scholars (Shildrick 2002; Braidotti 2013) note that modern approaches increasingly challenge earlier biomedical or philosophical models, which typically viewed the human body as fixed, biologically determined, or unchangeable. These new views reflect a shift towards understanding the body as mobile, changeable, and closely related to technology. Instead, the human body is already seen as an object that can be modified and improved using various technologies and devices.

In particular, new technologies make it possible to overcome the physical or mental limitations of the human body, temporarily or permanently expanding its abilities and characteristics. The accumulation of human biological samples in biobanks and the growing adoption of biometric technologies are also “informatising” the human body by converting its characteristics into processed digital data. In turn, the need for identification/verification of individuals is the reason for the expansion of the introduction of biometric technologies, which have a clear overall effect: the transformation of certain aspects of physical existence into electronic data and information amenable to digital processing. All the developments we have mentioned undoubtedly challenge the conceptual separation between the human body, on the one hand, and information about it, on the other. In this regard, Irma van der Ploeg convincingly suggests that this should be seen as something deeper than creating another example of collecting “personal information,” as it is most often done (Van Der Ploeg 2005, 57–74). Rather, the human body is involved in the process of co-evolution with technology, in particular with information technology. In these conditions, a new conceptualisation of bodily existence and a new ontology of the body appears: the body as information (Van Der Ploeg 2005, 57–74).

In the digital age, people face various forms of online violations or “digital intrusions,” such as unauthorized data collection, surveillance, or manipulation that challenge traditional notions of personal boundaries. These digital intrusions can affect not only privacy, but also a person’s sense of physical integrity, as they blur the boundaries between the physical and the digital self. While respect for personal (bodily) integrity is well established in the offline world, similar protections are often lacking in the digital environment. Because the physical and sensory limitations that protect us offline are difficult to replicate online, the emotional and psychological impact of digital intrusions is often overlooked. Therefore, it is important to develop a new balanced approach that guarantees personal integrity in both the physical and digital spheres.

Nevertheless, one of the potential ways to understand the impact of digital interference still remains the prism of personal (bodily) integrity. And while respect for personal (bodily) integrity may have become the norm in our physical (offline) world, the digital sphere has not followed this course at all. Because our physical boundaries and sensory processes are so difficult to transfer to the digital realm, the connection between everyday online intrusions and our emotional well-being is often ignored, which requires a new balanced approach highlighting significant gaps in existing legal remedies. This study argues that current laws should evolve in such a way as to recognize and eliminate this intangible but real harm, while ensuring adequate protection of personal integrity, including emotional and psychological aspects, in the digital age.

6. The Relationship Between Physicality and Human Data: Are We Our Data?

In her article for Deep Dives, Sara Wong says that our primary language for conceptualising data is privacy, which treats our personal information as separate from us, as a piece of property that can be measured, discussed, sold, and reused (Wong 2020). But in fact, she argues, data does not belong to us in the same way as our physical objects (for example, a house or a car): data is us. The researcher emphasises: “It is like a quantum particle that can exist in two places at the same time, as both a representation of who you are and also a commodity that can be sold” (Wong 2020). Moreover, S. Wong also emphasises that in our age, individuality is mediated by digital technologies (Wong 2020). One can say that because of this, the digital footprints of our bodies are no longer just content: they are an extension of our free will. Any intrusion into this integrity (and therefore into our sense of wholeness) can be devastating, regardless of whether it happens to our physical bodies or our “data bodies.”

In this regard, we argue that the protection of identity in the digital world is more important than the protection of personal data per se. We believe that although personal data protection laws (including the GDPR) are primarily aimed at controlling the collection, storage, and use of individual data, they often overlook the broader and deeper implications of how this data shapes, constructs, and sometimes distorts a person’s digital identity. Identity includes not only individual data, but also the narrative, personality, and integrity of the person behind that data (Hnit, Almanna 2025). Thus, in our opinion, protecting the individual means protecting individuals from manipulation, distortion of information, and intrusions that affect their autonomy, dignity, and social existence in the digital environment. This shift from data protection to personal data protection requires the creation of a legal framework that takes into account the dynamic, interconnected and embodied nature of personal data, ensuring that people retain control over how their digital selves are formed, perceived and used.

The development of modern digital technologies enables creating a person’s identity from their “digital parts” based on evolving marketing practices, regardless of their actions or consent. In the conditions of opaque data processing, the unlimited possibility of data controllers in obtaining such data using the “consent myth” means consent to profiling, on the one hand, and consent to fragmentation of the digital self, on the other (Vardanyan et al. 2022). It should be noted that the idea that people consciously consent to the collection and use of their personal data, especially in a digital environment, is increasingly being criticized as a myth. Theoretically, consent is the cornerstone of the GDPR, designed to ensure individual autonomy and control (Article 6). However, in practice, this is often not a genuine expression of conscious will. First, most consent mechanisms are built into strict legal privacy rules that are difficult or impossible for ordinary users to understand. Research consistently shows that users do not read these rules (for example, privacy policies, cookie policies, terms and conditions available on the website, etc.), and even when they do, it is difficult for them to understand the consequences of adopting complex and opaque data processing methods (Solove 2013; Nissenbaum 2010). Secondly, consent is usually presented in a binary “take it or not take it” format, for example, in the form of banners with cookies or terms of service, which do not provide a real choice. In many cases, users must consent to extensive data processing in order to access basic services, which makes consent compulsory rather than voluntary. This is especially problematic when there is an asymmetry of power between data subjects and large platforms (Padden, Öjehag-Pettersson 2021). Third, data processing systems are opaque and constantly evolving, especially with the use of artificial intelligence and algorithmic profiling. Users often have no real idea of how their data will be used, combined, or what conclusions will be drawn from it, making it impossible to provide meaningful, informed consent (Bergemann 2018; Gefenas, Lekstutiene et al. 2022). This includes data used for profiling, behavioral targeting, or emotional surveillance – processes that remain invisible to the user. Finally, even when consent is technically obtained, it often serves as a legal shield for data controllers rather than a mechanism to protect users. This instrumental use of consent supports what may be called as the “consent myth” – the illusion that users have control, while in fact they are subjected to widespread surveillance and manipulation under the guise of choice (Vardanyan et al. 2022; Zuboff 2019).

At the same time, the same digital technologies have given people the opportunity to project their identity in the digital space, for example, through the right to be forgotten (de Andrade 2012, 65–97). This right allows a person to develop self-images containing elements of their personality, as well as enter into specific interactions with other people in the framework of another aspect of human existence in the digital world. As one can see, personal data became the “building blocks” of a person’s digital life, as well as integral elements of their digital identity (Lupton 2018, 339–354). We believe that ensuring the legal protection of only personal data without proper protection of the person themselves, is an incorrect approach. And we argue that proper protection involves moving from a narrow approach to a more holistic legal recognition of digital identity. This means not only protecting individual pieces of personal data, but also protecting the ways in which these pieces of data create and express a person’s identity in the digital space. This requires a legal framework that takes into account the autonomy, dignity, and continuity of the digital self, including the rights to correct, curate, or erase part of one’s digital footprint – not only to protect privacy, but also to support self-development and identity in relationships. Moreover, proper protection should also address the asymmetry of power between individuals and digital platforms (data controllers), ensuring that individuals retain meaningful control over how they are represented, profiled, or marketed in the digital environment. Ultimately, it is the person behind the data, not just the data itself, that should be at the center of legal and ethical attention.

Moreover, we argue that even if the digital identity exists beyond the biological (physical) body of the human being, it is not external to the human being itself. Today, human existence, along with physical attributes, includes digital representations of these attributes. This reflects one of the contemporary anthropological understandings associated with the human body, which has traditionally been perceived as a “container” of human identity and integrity. However, in the context of the digital world, personal data itself has become such a “container.”

At the same time, the dematerialisation of the subject is not complete (Kim 2001, 87–111). In other words, a person does not completely move into another space-time dimension, but rather an extension or overlap where aspects of our identity and experience coexist with and are inseparable from our embodied physical selves. For example, Instagram and Facebook accounts often remain active even after the person’s death. People can still see his/her photos, messages, posts, and memories. But this does not mean that this person has completely moved into a new digital world: online presence is just a copy or reminder of them, not of a real, living person. In this regard, the “digital” self can reflect the physical self with certain distortions, edits, and/or filters, while portable and even wearable technologies combine with or expand our physical bodies to generate continuous data related to our physical presence in the world (Kasket 2019). However, the biological body does not disappear, but feelings, consciousness, actions and will pass into the digital world. In particular, free will and subjectivity, which were previously closely related to the physical body, are now no longer limited to the body, but rather exist in the interaction of multiple media, including technological devices and mass media. Some scholars even talk about divided subjects (“dividuals”) to describe the situation (Linkenback, Muslow 2020, 323–344). This approach reflects the evolution of ideas about subjectivity and free will in the digital age, where a person’s interaction with the outside world takes place not only through their physical body, but also through digital media.

As we can see, subjectivity is becoming more expanded, separating from the traditional boundaries of the body and penetrating into new digital spaces. A person begins to experience their own existence not only through their body, but also through their “digital prostheses.” Thus, the subject goes beyond the concept of a “single” subject (individual), which is generally accepted in the theory of law. In practice, this means that the traditional legal understanding of a person as an individual is no longer fully applied. Today, human identity extends to various digital platforms, devices, and online interactions – what we might call “digital extensions” of personality. Because of this, the law faces new challenges in determining who is responsible for actions taken online, how to protect personal rights when personal data is fragmented, and how to ensure personal integrity in both the physical and digital worlds. Legal systems need to adapt to this reality by developing new frameworks that take into account the complex, interconnected nature of modern subjectivity, rather than relying solely on the idea of a fixed individual subject. This shift could affect everything from data protection and privacy laws to issues of responsibility in the digital world. For example, when someone posts content on social media through a shared or hacked account, it becomes difficult to determine legal responsibility – who exactly is the “person” behind this action? Similarly, a person’s personal data can be scattered across multiple platforms, making it difficult to comprehensively protect their privacy and personal data. Another example is the use of avatars or digital characters in a virtual environment or online games, where the line between a real person and their digital representation is blurred, raising questions about the rights and protection of these “digital personalities” (Zimmerman, Wehler, Kaspar 2023).

Moreover, human experiences, regardless of whether they occur in digital (online) or offline space, feel like they are in a single reality, so we consider artificial dividing lines between offline and online worlds to be untenable from the point of view of common human experience. In the latter case, the division between “online” and “offline” does not fully convey our life experience: the modern world manifests itself in both analog (offline) and digital formats, and neither of them has the exclusive status of reality (Rey, Boesel 2014, 173–188). Of course, within this framework, one could ask: why do we need special rights to digital identity at all, instead of simply redefining identity? Although today the human experience does organically combine online and offline aspects into a single reality, the specific problems and risks associated with the digital environment require separate consideration. Digital identity rights exist because the ways in which personal information, its presentation, and interaction occur online are fundamentally different from offline contexts, such as the ease of data replication, manipulation, and permanent storage beyond the user’s control. Thus, rather than abandoning the concept of identity or completely combining it with autonomous identity, digital identity rights aim to address these unique challenges by providing individual protection that takes into account how identity is created, expressed, and potentially violated in the digital space. In other words, it is important to rethink identity, as well as create a legal framework that meets the new conditions and vulnerabilities that arise in the digital sphere.

Such a total interweaving of online and offline does not only mean that we cannot escape one “world” by moving to another. This also means that in our unique world, there is simply no way to avoid the influence of both one’s physical body (for example, by transferring oneself to cyberspace) and digitally mediated interactions (for example, by disconnecting from the network). Within the framework of a single world, the subject (person) acts and moves towards understanding his/her being. Therefore, the formation of a person, his/her being, his/her development is impossible only offline. Otherwise, a part of a person’s personality is amputated, and freedom of will is limited. This points to the concept of expanded subjectivity, which emphasises the continuity of the subject’s experience, even when the person (subject) expands their freedom of action and embodiment on multiple media. All the experiences of the subject (person), regardless of how they are mediated, are always inextricably linked.

However, the idea that the experiences mediated by digital technology is also a part of “real life” still causes resistance. In particular, digital systems are perceived as dangerous because “the agency/body coupling so diligently fostered by every facet of our society is in danger of becoming irrelevant” (Stone 1994, 14). In this context, we argue that there needs to be a rethinking of subjectivity – one that recognizes the existence of a person in both physical and digital dimensions in order to be able to ensure equal treatment of all aspects of the subject (personality). The modern subject today lives in a double structure of experience, where physical and digital realities are interconnected like two sides of the same coin. According to Vardanyan et al. (2022, 170), these aspects cannot be separated, and therefore it is impossible to legally protect one of them while ignoring the other. This duality requires a legal and ethical framework in which both aspects are given equal importance. By not recognizing the digital presence of a subject as an integral part of their embodied self, legal systems risk undermining the integrity and autonomy of the individual. This is where the right to digital identity and personal integrity becomes important. This ensures that the digital self is not seen as secondary or disposable, but as an integral part of a person’s life experience, equally deserving of protection (Vardanyan et al. 2022, 170). The new (digital) dimension is increasing pressure on the law, as the massive exchange of personal information that has occurred with the widespread adoption of the digital platforms, services and infrastructures, has made individuals more vulnerable.

7. Conclusion

The research shows that blurring the boundaries between personal (bodily) integrity and the digital self requires a review of the legal protection of the individual. Modern technologies, including biometrics, wearable devices, and digital profiles, are merging the physical body with data, creating a new ontology of “body as data” (Bygrave 2010, 1–25). The traditional right to personal (bodily) integrity is focused on protecting the physical body, but it does not take into account the threats that arise in the digital environment. Digital intrusions, digital identity theft, and data manipulation threaten individual autonomy in the same way that physical attacks do. This requires rethinking existing legal categories, including the protection of digital identity in the sphere of personal rights, and developing new legal regulation mechanisms that take into account digital physicality (for example, via digital identity wallets). To be clear, digital identity wallets can serve as secure digital tools that will allow individuals to store, manage, and share personal data and credentials (such as identity cards, driver’s licenses, or medical records) in a controlled manner while maintaining privacy and control over one’s integrity. In our opinion, this technical mechanism could help protect the digital self, that is, aspects of identity and integrity that currently exist as data (for example, biometric profiles, medical records from wearable devices, etc.).

The increasing convergence of digital and physical identities necessitates a reassessment of legal protections concerning bodily integrity, identity, and autonomy. Traditional legal frameworks struggle to address the emerging challenges posed by the transformation of human bodies into sources of biometric and behavioral data. While the GDPR provides a foundational level of personal data protection, its broad interpretation and limitations highlight the need for further refinement. Legal uncertainties surrounding the concepts of “data” and “information,” as well as questions of ownership over embedded technologies and AI-driven identity profiling, further complicate regulatory responses.

The notion of the “body as data” underscores the need to protect digital identities not merely as personal data but as integral components of personhood. In light of this, the right to informational self-determination should be recognised and strengthened to ensure that individuals retain agency over their digital representations (Thouvenin 2021). Additionally, the increasing integration of digital technologies into daily life calls for expanded legal definitions of subjectivity and integrity, ensuring that digital extensions of the self are adequately protected (Custers 2022).

The research suggests that failing to recognise the interconnected nature of online and offline realities risks undermining fundamental rights and personal autonomy. The evolution of digital identities and the emergence of a “digital person” (homo digitalis) demand the development of more comprehensive legal frameworks that safeguard the individual from identity fragmentation, unauthorised exploitation, and market-driven digital profiling. As technological advancements continue to challenge traditional legal notions, the law must evolve to address these new realities, ensuring a balance between innovation and fundamental human rights protection.

In response to these challenges, new rights and redefinitions should include recognition of the right to digital privacy, which will protect people from unauthorized manipulation and harm to their digital selves, similar to physical integrity. At the same time, the right to informational self-determination should be recognized and expanded in order to give people real control over their biometric and behavioral data, including profiles and conclusions based on artificial intelligence. In addition, the legal recognition of digital identity – “homo digitalis” – is essential to prevent identity fragmentation and to recognize the inseparability of physical and digital experiences. These changes require the creation of a unified legal framework that would combine the means of protecting both physical and digital identification data, eliminating non-physical damage such as reputational damage and emotional distress caused by digital intrusions. Ultimately, these new legal constructs will be vital to preserving personal autonomy, dignity, and integrity in an era when digital and physical selves coexist and constantly interact.

To sum up, the answers to our research questions posed in the introduction are as follows:

1. The convergence of physical and digital identification data reveals gaps in the existing EU legal protection, as the current regulations (GDPR, Article 3 of the CFR) are still based on the physical concept of integrity.
2. These problems can only be solved by recognizing the right to informational self-determination and the right to digital integrity as complementary aspects of human autonomy and dignity in the digital world. Together, they can provide a solid foundation for personal protection in both physical and digital reality.

Acknowledgments. This work is funded by the project no. IGA_PF_2025_010 „Protecting Human Dignity in the Digital Transformation Era: Shaping the Digital Dignity Concept“ funded by Palacký University Olomouc specific research projects.