woensdag, september 19, 2018

How does ePR compare to the GDPR

Next to the GDPR, there is also the ePrivacyRegulation. I found this analysis, with these summarized findings of how GDPR and ePR relate and compare:

“Our findings can be summarised as follows:

  • the ePR intends to particularise the rules of the GDPR insofar as it relates to processing of data that qualify as personal data;
    • however, it does not always succeed in this aim, because it does not actually complement, add to, or deviate from the GDPR in any meaningful way;
    • where the ePR does add to or deviate from the GDPR, it is unclear what the added value is, either in terms of enhancing data protection rights, or supporting the free movement of data and services;
    • in particular, there is an overreliance on ‘consent’ as a legal basis for data processing, which would exclude alternative legal bases permitted under the GDPR, like the need to process data for the purposes of a ‘legitimate interest’;
  • the ePR also intends to complement the rules of the GDPR, where the latter clearly does not apply, for example when it comes to data concerning legal persons;
    • however, the ePR’s added value here may also be marginal, as these data will in most cases also relate to natural persons;
    • moreover, the usefulness of covering legal persons by ePR-rules is limited as it will be problematic in practice to apply concepts like consent to legal persons; and
    • more fundamentally, one can question the suitability of applying the concept of privacy to corporate communications data (which is not personal data), especially in light of the fact that such corporate data will also enjoy protection under rules such”


Geen opmerkingen:

Een reactie posten