Moderní regulatorní metody ochrany osobních údajů
Title in English | Modern regulatory methods of personal data protection |
---|---|
Authors | |
Year of publication | 2020 |
Type | Monograph |
Citation | |
Description | Monograph Modern regulatory methods of personal data protection studies general questions related to legal regulation of personal data protection. The book is based on the four major principles that guide personal data protection: a) the material and functional independence of the right to protection of personal data as a fundamental right; ii) the pragmatic necessity of personal data processing for the functioning of a modern society; iii) the guarantee of a high level of personal data protection, also providing for a strong role of the data subjects’ rights; and iv) the necessity of a preventative approach to personal data protection. In accordance with these principles, the book identifies that a fundamental problem of the previous regulation (Directive 95/46/EC and Act no. 101/2000 Sb.) was its lack of internal flexibility, as there was no option for functional granularity and scalability of duties of the data controller. The book also analyses two approaches to overcoming this shortcoming, which used to be applied in the past. The first one meant interpreting the defining provisions of the regulation restrictively and limiting its scope so that it did not apply in cases in which enforcing the full scope of the duties would not be proportional because of their nature. The second one meant that the supervising authorities decided ad hoc not to enforce the regulation in cases which were problematic in this way. However, the book rejects both these approaches to solving the issue of insufficient granularity and scalability of duties of the data controller. In the key part of the book, the author provides an analysis of performative regulation; a modern regulatory method chosen by European legislator as the foundation regulatory framework in the General Data Protection Regulation (no. 2016/679). The performance-based regulation in the GDPR is based on combining the controller accountability principle with a risk-based approach. That allows the GDPR to provide a sufficiently flexible framework of duties, allowing for their granularity and scalability. In the conclusion, the author discusses the advantages of this regulatory method, and comments on the challenges and obstacles that performative regulation poses for the interpretation and application of the GDPR. |
Related projects: |