The future of privacy certification in Europe: An exploration of options under article 42 of the GDPR

R. Rodrigues, D. Barnard-Wills, Paul de Hert, V. Papakonstantinou

Research output: Contribution to journalArticleScientificpeer-review

Abstract

The EU faces substantive legislative reform in data protection, specifically in the form of the General Data Protection Regulation (GDPR). One of the new elements in the GDPR is its call to establish data protection certification mechanisms, data protection seals and marks to help enhance transparency and compliance with the Regulation and allow data subjects to quickly assess the level of data protection of relevant products and services. To this effect, it is necessary to review privacy and data protection seals afresh and determine how data protection certification mechanisms, seals or marks might work given the role they will be called to play, particularly in Europe, in facilitating data protection. This article reviews the current state of play of privacy seals, the EU policy and regulatory thrusts for privacy and data protection certification, and the GDPR provisions on certification of the processing of personal data. The GDPR leaves substantial room for various options on data protection certification, which might play out in various ways, some of which are explored in this article.
Original languageEnglish
Pages (from-to)248-270
Number of pages23
JournalInternational Review of Law, Computers & Technology
Volume30
Issue number3
DOIs
Publication statusPublished - 2016

    Fingerprint

Keywords

  • data protection seals
  • certification mechanisms
  • privacy seals

Cite this