Co-regulation in EU personal data protection: The case of technical standards and the privacy by design standardisation ‘mandate’

Research output: Contribution to journalArticleScientificpeer-review

463 Downloads (Pure)

Abstract

The recently adopted General Data Protection Regulation (GDPR), a technology-neutral law, endorses self-regulatory instruments, such as certification and technical standards. Even before the adoption of the General Data Protection Regulation, standardisation activity in the field of privacy management and data security had started proliferating. In 2015, the European Commission issued the first standardisation request to the European Standardisation Organisations to develop privacy management standards based on art. 8 of the EU Charter of Fundamental Rights. The article argues that there is an emerging shift from traditional top-down regulation to the inclusion of bottom-up co-regulation tools in the EU data protection legislation. The aim of this contribution is to examine standardisation as a form of co-regulation in the data protection context and draw preliminary conclusions on a potential role of standardisation in relation to (data protection) law.
Original languageEnglish
JournalEuropean Journal of Law and Technology
Volume8
Issue number1
Publication statusPublished - Mar 2017

Keywords

  • technical standards
  • Internet of Things
  • personal data
  • co-regulation
  • self-regulation
  • privacy by design
  • technology neutrality

Fingerprint

Dive into the research topics of 'Co-regulation in EU personal data protection: The case of technical standards and the privacy by design standardisation ‘mandate’'. Together they form a unique fingerprint.

Cite this