Among some data protectionists, social scientists and also early representatives of data protection ideas, the view is widespread that data protection serves above all to prevent organisational imbalance of (informational) power. The aim of data protection would be then to make information technology socially controllable. The protection of rights and freedoms in the processing of personal data could only be guaranteed if processing takes place under specific conditions and thus is controlled. Under social conditions, where knowledge is power, processing left to the discretion of organisations would mean arbitrary exercise of power. According to this view, unconditional data processing is contrary to the right to free development of the personality, which presupposes freedom and reliability. Therefore, data processing should only be permissible if it serves a legitimate purpose and is thus approved by society. That is why data processing should only take place under controlled conditions.
There are no direct points of reference for this view in the GDPR. However, its representatives claim to be able to derive it from the legal purpose and a number of different provisions of the GDPR: Art. 1, 5, 25, 32, 34, 35 as well as chapter 2-4 and Rec. 4 and 11 GDPR