Summary Privacy and data protection law 2021 VERY USEFUL

WHAT IS THE GDPR AND BASIC PRINCIPLES - Replacement of Directive 95/46 – not apt for information society - GDPR – strict law, high DP standards GDPR = General Data Protection Regulation The GDPR is in essence trying to cure this dilemma. Before the GDPR, we had the Data Protection Directive 95/46, which looked at the online environment as a waiver of all privacy rights as soon as you entered the online/internet world. In other words, the directive wasn’t apt to adapt to situations in an online environment and with regards to new technologies. We know that in 95 some people were using the internet, but not that many. The provisions were very obsolete, and the reform of the directive has been on the agenda for quite some time. Then the negotiations for the new law, started sometime around 2012 to actually put new legal framework into play, which would be more adaptable to this new situation. Hence the GDPR despite not being the most modern instrument that exists out there it is definitely appropriate for the online environment. But if you look at new more recent technological developments like machine learning, algorithms, data mining, etc. then the GDPR has a little bit of a problem, especially when it comes to the question regarding big data. The GDPR is already a little bit obsolete, because technological developments go on so fast. GDPR is quite a strict law, it offers a very high level of protection compared to other laws, for example, laws in the US or other countries. In the negotiation process, there was a lot of lobbying on behalf of big telecommunication companies, but the fact that we have this outcome now, the GDPR shows that this lobbying wasn’t very successful. On the other hand, in the US subsequent to the lobbying of big tech companies, it led to no regulation, which means that they’ll have to make a self-regulation. In contrast, the EU legislator, luckily was immune to the lobbying efforts. Running joke is that it is not a General data protection regulation but a Global one since it has a very broad territorial scope and companies are fearing it very much. It contains rules that protect natural persons with regard to the processing of personal data and the free movement of (non-)personal data. The reason why free movement is covered is because collection of data for companies is rather important especially in the field of advertising for instance. The regulation is an instrument that also aims at protecting Fundamental/Individual Rights, in particular relatable to data protection, nevertheless still lacking grounds for big data. The GDPR has entered into force since 25th May 2016, but will only be applicable as of 25 May 2018.1 Basic principles – Article 5 1. Lawfulness, fairness, transparency – They are three different, yet interconnected things in one principle.