The General Data Protection Regulation (GDPR) has come a long way since it was first tabled as proposal by the European Commission on 25 January 2012. Probably, it will be remembered as the biggest achievement of the outgoing Juncker Commission. Despite the fact that Europe plays a second-tier role when it comes to the development and production of data-driven technology and services, research shows that of 132 countries which have national data protection laws at the beginning of 2019 the majority adopts the European ‘omnibus approach’. In other words, the protection of personal data has been promoted from a niche issue that is addressed on case by case basis (the ‘sectoral approach’ which is typical for US regulation) to a universal concern. Even more, privacy in the digital age is a popular human rights issue deserving the care of a ‘dedicated ambassador’ (Special Rapporteur) of the United Nations. Since becoming enforceable, GDPR has been proposed as sort of a gold standard to the international community and people across the world are happy to be ‘protected’ by it – even outside Europe. Corporations such as Facebook have gone from stating that ‘privacy is dead’ in 2010 to boldly claim that ‘the future is private’ in 2019. However, despite its undeniable popularity and societal impact it seems wrong to hail GDPR as the finest of regulatory instruments. As I will aim to demonstrate in this piece there remain important issues for which GDPR is an unsatisfying solution. As the digital layer of societal interaction evolves it will be crucial to take additional measures in the near term. At least, if the goal is to avoid fragmentation of the digital sphere, which for Europeans would result in limitation to the bubble of a ‘bourgeouis internet’.
|Status||Published - 29-mei-2019|