Two-sided control
What was promised by the GDPR (Art. 80 and Rec. 142) is now a reality!
Following Schrems’ filing of 422 complaints to ten EU Data Protection Authorities yesterday for cookie-related violations, it is now clear that the data protection compliance posture of companies will be checked not only by Supervisory Authorities but also – de facto and actively – by privacy organisations and associations patrolling the internet to proactively find potentially unlawful data processing practices and reporting them to the Authorities.
Ratio: In the past, users/data subjects did not enforce their rights due to a lack of time/knowledge. This shortcoming has now been resolved by collective and organised activism.
Take-away: We have reached a point of no return, so companies should be seriously prepared to properly handle interactions and complaints from privacy organisations/associations, acknowledging that data protection is not just a compliance matter, but a business requirement in the competitive data-driven economy.
| More blogs on Law Blogs Maastricht |
-
P. BalboniMore articles from P. BalboniPaolo Balboni is Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. He graduated with a degree in Law from the University of Bologna (Italy) in 2001 and completed his Ph.D.
Other blogs:
Also read
-
This blog post is a re-elaboration of my interview this morning with Luca Bertuzzi, Digital & Media Editor from EurActiv, available here.
-
Over the last 20 years, access to cheap computational capacity has increasingly led to the harvesting of more and more personal data, without having to worry too much about costs related to data storage and processing activities.
-
Survey on the Maastricht University Data Protection as a Corporate Social Responsibility (UM DPCSR) Icons Version 1.0 to facilitate users’ understanding of how their data is used.
