- Replacement of Directive 95/46 – not apt for information society
- GDPR – strict law, high DP standards
GDPR = General Data Protection
... [Show More] Regulation
The GDPR is in essence trying to cure this dilemma. Before the GDPR, we had the Data
Protection Directive 95/46, which looked at the online environment as a waiver of all privacy
rights as soon as you entered the online/internet world. In other words, the directive wasn’t apt
to adapt to situations in an online environment and with regards to new technologies. We know
that in 95 some people were using the internet, but not that many. The provisions were very
obsolete, and the reform of the directive has been on the agenda for quite some time. Then the
negotiations for the new law, started sometime around 2012 to actually put new legal
framework into play, which would be more adaptable to this new situation.
Hence the GDPR despite not being the most modern instrument that exists out there it is
definitely appropriate for the online environment. But if you look at new more recent
technological developments like machine learning, algorithms, data mining, etc. then the
GDPR has a little bit of a problem, especially when it comes to the question regarding big data.
The GDPR is already a little bit obsolete, because technological developments go on so fast.
GDPR is quite a strict law, it offers a very high level of protection compared to other laws, for
example, laws in the US or other countries. In the negotiation process, there was a lot of
lobbying on behalf of big telecommunication companies, but the fact that we have this outcome
now, the GDPR shows that this lobbying wasn’t very successful. On the other hand, in the US
subsequent to the lobbying of big tech companies, it led to no regulation, which means that
they’ll have to make a self-regulation. In contrast, the EU legislator, luckily was immune to
the lobbying efforts.
Running joke is that it is not a General data protection regulation but a Global one since it has
a very broad territorial scope and companies are fearing it very much. It contains rules that
protect natural persons with regard to the processing of personal data and the free movement
of (non-)personal data. The reason why free movement is covered is because collection of data
for companies is rather important especially in the field of advertising for instance. The
regulation is an instrument that also aims at protecting Fundamental/Individual Rights, in
particular relatable to data protection, nevertheless still lacking grounds for big data. The
GDPR has entered into force since 25th May 2016, but will only be applicable as of 25 May
2018.1
Basic principles – Article 5
1. Lawfulness, fairness, transparency – They are three different, yet interconnected things in
one principle.
1 GDPR, Art. 99
S [Show Less]