Personvernombud GDPR
-
National data insurance authorities will need to directly respond to complaints, promptly investigate breaches, and actively pursue investigations to enforce the provisions. Many data insurance authorities are poorly resourced, particularly in comparison to large companies, and lack the capacity to play a comprehensive enforcement role. Member states should allocate appropriate financial and human resources to data protection authorities.
-
Even with able enforcement, there are still many structural challenges to achieving the GDPR’s vision of data privacy and control. For one, while the regulation requires consent before club can collect or action data, meaningful informed consent is difficult to achieve without choice. Many enormous online services have few real competitors, so users are faced with either consenting to a social network’s terms or missing out on a central component of modern social or professional life. Though the Schrems may force some positive changes, the GDPR doesn’t fully address the effects of this kind of monopoly power.
-
In addition, informed bluff sent will only become more elusive over time as advertising ecosystems grow into more complex. The EU regulation doesn’t directly challenge ad-driven business models that invite users to trade their personal data for free online services like email, social networking, or search engines – all while using that data to build detailed profiles to sell to advertising networks. The moderate user may consent to data processing without a true understanding of the complexities of how their data will be used, despite the regulation’s requirement of clear privacy notices.
