Privacy, Proceduralism and Self-Regulation in Data Protection Law
C. Quelle, 'Privacy, Proceduralism and Self-Regulation in Data Protection Law' (2017) Teoria Critica della Regolazione Sociale; ISBN: 9788857546636
18 Pages Posted: 17 Mar 2018 Last revised: 1 Apr 2018
Date Written: April 7, 2017
Abstract
This paper conceptualizes EU data protection law as a largely procedural regulation of the boundaries between the public and the private. The GDPR regulates the processing of personal data through a number of material and procedural rules, the latter of which accord decisional competence to three actors in particular: supervisory authorities, data subjects, and controllers. These actors are allocated a role in the decision whether or not a certain processing operation is permissible, or whether it constitutes an undue encroachment upon the private sphere of the individuals whose data is being processed. Through the emphasis on the controller’s accountability and the inclusion of a risk-based approach, the GDPR awards greater discretion to corporate controllers. We do not have one big brother to watch over privacy. Instead, we rely on the very entities which are liable to misuse data, expecting controllers to regulate themselves wisely under the watchful eye of both supervisory authorities and individual data subjects.
This SSRN version contains corrections to typesetting errors in the original publication. The page numbers are the same.
Suggested Citation: Suggested Citation