Two-sided control

What was promised by the GDPR (Art. 80 and Rec. 142) is now a reality! 

Following Schrems’ filing of 422 complaints to ten EU Data Protection Authorities yesterday for cookie-related violations, it is now clear that the data protection compliance posture of companies will be checked not only by Supervisory Authorities but also – de facto and actively – by privacy organisations and associations patrolling the internet to proactively find potentially unlawful data processing practices and reporting them to the Authorities. 

Ratio: In the past, users/data subjects did not enforce their rights due to a lack of time/knowledge. This shortcoming has now been resolved by collective and organised activism. 

Take-away: We have reached a point of no return, so companies should be seriously prepared to properly handle interactions and complaints from privacy organisations/associations, acknowledging that data protection is not just a compliance matter, but a business requirement in the competitive data-driven economy.

 More blogs on Law Blogs Maastricht

P. Balboni

Paolo Balboni is Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. He graduated with a degree in Law from the University of Bologna (Italy) in 2001 and completed his Ph.D. in Comparative Technology Law at Tilburg University (The Netherlands) in 2008.

Also read