Talk:GDPR Implementation – Blind spots, opportunities, and the way forward – WS 02 2019

From EuroDIG Wiki
Jump to navigation Jump to search

Community Feedback

Please use this space to leave feedback on the proposed ideas below.

Name | Comment ...

Proposed Content

PART I: Application of GDPR to different technologies and communities


- Proposal 70 – Blockchain, Privacy, and GDPR - Coordination with the other Blockchain EuroDIG session to avoid overlap and build on their session


Proposal 129 – Application to non-resident communities Proposal 179 – measures to better protect children have resulted in fragmentation of legal bases for processing childrens’ data across Europe Just because GDPR grants these rights people might not be aware of them and hence have hard time in exercising them

PART II: Evaluating the Impact of GDPR

EU Countries

- Discussion question: To what extent do data protection laws protect us or do they rather fulfill social roles?

  • Lack of transparency/awareness around the obligations of GDPR
  • Proposal 66 – Right to informational self-determination and the GDPR
  • Proposal 107 – improving privacy resilience in information societies

- How do we measure impact?

  • Corporate side: human rights impact assessments, RDR methodology, etc.
  • Government side: how are they evaluating impact?

Non-EU Countries

- After discussion on impact of GDPR in EU countries (see RDR’s results), focus on ripple effect for countries which are not necessarily covered by GDPR - Discussion on consequences of GDPR not only on EU countries but also other neighboring countries

  • Council of Europe Convention 108 and its relation to GDPR

  • Resulting imbalance between EU member states and CoE member states
  • Proposal 79 – Impact on trade and business partners in Africa and elsewhere

- Ranking Digital Rights: GDPR was a component of their latest report, could speak to areas where GDPR could be strengthened in terms of users rights + fragmentation of GDPR application (for example, Yandex in Russia)

Part III: New tools for protecting privacy and other rights


- Proposal 145 – EU ePrivacy Regulation - Idea about enhanced GDPR expert certification

  • Many people say they are GDPR experts and can help with the compliance but in reality this is not always the case
  • Would like to have a list of certified experts on GDPR, particularly in non-EU countries

Corporate Due Diligence Mechanisms

  • UNGPs, Human Rights Impact Assessments

Potential Discussants


  • European Commissioners involved in creation / evaluation of GDPR
  • National policymakers involved in evaluating impact of GDPR
  • Representatives from non-EU countries who could speak about how GDPR has influenced them — Albania?
  • Data Protection Authorities


  • Data Protection Officers or other operational staff from the major platforms who could talk about specific approaches / challenges / impacts of GDPR implementation
  • Distributed ledger technologies, registries/registrars, hosting providers, or other types of companies
  • Small or medium-sized enterprises

Civil Society

  • Orgs working on impact assessments and evalutaion: ARTICLE 19, Ranking Digital Rights
  • GDPR trainers?

Proposals assigned to this session


GDPR came into force this year, and it has its direct consequences not only for Europe and or South Eastern Europe, but also for other countries. Will there be a systemic approach to increase the competences of the users on the EU/SEE/Global dimension?


I think that for the countries of South and Eastern Europe it's crucial to define borders for the protection of data. Such as to create common framework for assisted anti-spam activities. They may arrise at any point, but collective action is important. Especially against fraudulent activities. They have to use suficient tools for data security.


If we want to safeguard individual privacy, we can’t rely on the market to do so: we need new tools and better rules to ensure individuals have a reasonable baseline of respect online. What could these tools look like?


Right to informational self-determination and the GDPR


Blockchain, Privacy and GDPR: An increasing number of applications use blockchain to provide superior privacy and data sovereignty to their users. This is perfect privacy by design, since users do not have to trust powerful intermediaries not to abuse their data, but they are protected by algorithms and design. No malicious administrator or CEO has the power to abuse their data. However, blockchain-based applications have a hard time to complying with GDPR. There is the conflict between the right to be forgotten and the immutability and transparency of public blockchains. But, even more importantly, GDPR is designed for applications under central control. Peer-to-peer applications like blockchains do not provide this central control. Users are simultaneously “controllers”, “processors” and “data-subjects”. There is nobody to make “processing agreements”, create a record of processing activities or reply to data protection authorities. Can we risk banning better privacy for these formal reasons?


In my opinion, human rights and personal data protection topics are essential not only for Europe and/or South Eastern Europe but for all parts of World. It is necessary becuse each of individual should to have own place, no matter in real life or virtual. Moreover, according to EU GDPR, for European organizations digital human rights and personal protection it's not topic for discussion but the regulation which must be applied.


The impact of Europe GDPR on economic, international development and human rights interactions of Europe, it's citizens and businesses with Africa and other nations.


Internet governance issues: How to deal with GDPR and Blockchain? Can GDPR Block Blockchain? Personal Data in Blockchains – Anonymous Content?


Improving privacy resilience in information societies.


RIghts Denied? As the GDPR enters its second year, how are its provisions being applied to populations and communities who are not yet citizens or residents due to their status as refugees or asylum-seekers? How can data protection regulations be considered as part of humanitarianlaw?


EU ePrivacy Regulation. Currently the Council is slowing down the adoption process of the new ePrivacy Regulation which would complement the GDPR and ofer additional protection to individuals by requiring specific data protection provisions in the electronic communications sector. The ePrivacy Regulation is an important tool for increasing individual’s protection and for safeguarding fundamental rights, however, there are intense lobbying eforts from the industry side against this Regulation to be finalised.


Human Rights Impact Assessments — Impact assessments are formal, evidence-based processes increasingly used in the public and private sectors to mitigate harms and manage risk. GDPR-based Data Protection Impact Assessments have become commonplace in Europe, however privacy is not the only right at stake in digital policy-making. Impact assessment methodologies can be tailored to address specific, or various, categories of rights, such as children’s, cultural, or LGBTQ rights. As a result, such tools can make the subject of human rights more practical and tangible while allowing people with divergent positions to engage in a constructive way.


The GDPR is the first data protection regulation ever that diferentiates by age and suggest to provide a higher grade of protection for children. Although this was meant to benefit children it seems the regulation has unintended consequences for the safety of children. The phrasing of Art. 8, decided upon in the very last minute at the end of 2015, has caused a judicial hotchpotch across Europe, leading to a fragmentation of the legal bases for the processing children’s data by service providers. Also it can be questioned if the right of children to be protected is to be put before their right to freedom of information, expression, participation and peaceful assembly.