This paper aims at evaluating the relevance of using the CE marking process to enforce Data Protection by Design principles suggested by Article 23 of the proposed General Data Protection Regulation in connected devices involved in the Internet of Things. The CE marking is a conformity assessment process has been designed by the European Commission during the 1980s to allow manufacturers to voluntarily demonstrate their compliance with mandatory regulations on safety, health and environment. This process offers some interesting features for the enforcement of data protection rules in products especially in the context of the globalization of trade. It promoted a co-regulation process between public and private stakeholders and contributed to the spreading of European technical standards worldwide. However, it does not fully address data protection issues raised by the IoT and it has been criticized for its lack of reliability. Moreover, this process has never been designed to include an unlimited list of requirements and adding data protection requirements could undermine it. Another option might be to transform the CE marking in an overarching European mark housing different certification schemes dedicated to the compliance of products. This option might preserve the existing process and offer the opportunity to set up a scheme arranged according a similar process but dedicated to the enforcement of Data Protection by Design principles.
|Title of host publication||Data protection on the move|
|Editors||Serge Gutwirth, Ronald Leenes, Paul De Hert|
|Place of Publication||Dordrecht|
|Number of pages||28|
|Publication status||Published - 1 Mar 2016|
|Name||Law, Governance and Technology Series|
- certification mechanisms