Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

GDPR - the real threat to privacy?

02.08.2019

Over 2 years, GDPR and personal data protection has been discussed across the EU. Vast majority of companies, public authorities and other entities, affected by the regulation, started to include the question of personal data protection into their operations. This effect of GDPR may be considered its greatest achievement up to now. But - is it really the right way?

GDPR literally established a new field of law. For the first time ever, personal data protection has become more than a formal obligation. Such effect may seem positive. But is it really? Do we not witness situations, where a company is subject to proceedings about non-GDPR-compliance from absolutely formal reasons? Do we not witness situations, when a human`s dignity is clearly attacked, but in a GDPR-compliant (strictly formally) way? 

For the first time ever, privacy has become the topic. Because personal data protection is nothing, but a part of tools to secure everyone`s privacy. However, the real effect is different. Anyone, subjected to GDPR, focuses on being GDPR-compliant. Regulators started to control the formal harmony between the processes established at data processors and the regulation. And even legal specialists started to claim there are two areas of law to focus on - personal data protection on one side and privacy protection on the other.

Inconspicuous, the threat starts to be visible more and more. Personal data processors are forced to implement rules required by GDPR. And by doing so, they consider this part of their social responsibility fulfilled. With no real concern about the privacy. Which, by virtue of the existing regulation, is but another topic. This is the reason, why we do have such a hard time with social networks. They hire professionals on personal data protection, but have no legal motivation to hire professionals on privacy protection. Even few months after GDPR, we can see the replies to privacy intrusion inquiries, such as - but we are GDPR-compliant. 

In practice, it is much harder to enforce the right not to be compromised in privacy than the right to be provided with relevant information about personal data processing (which, seen isolated, has no value). In practice, GDPR is becoming an argument for privacy intruders rather than for the privacy-intruded. From the legal viewpoint, it is absolutely crucial to delete the division between personal data and privacy. To support the fact that personal data protection is but an instrument to achieve much higher goal- to protect one of the most sainted rights of human beings - the privacy. To make sure any court will, at the final stage, only punish personal data protection failure, if it threatens privacy, and on the other hand - not leave unpunished any formal application of GDPR, affecting privacy. 

Not to sound too negative -there are GDPR interpretations, not supported by the regulation itself directly, but by the main purpose (privacy protection), published by regulators, providing for at least a small amount of optimism. One of the greatest examples being the “mobile phone” issue. Mobile phone number does not necessarily allow the processor to identify the data subject. But - disposal of the number opens the ability to reach “even anonymous” person to his/her most intimate zone, anywhere and anytime. Such interpretation was presented by European regulators and represents a drop of hope that GDPR does not become a topic per se. That it will always be considered a part of the main issue - the privacy. Because, otherwise, GDPR could become the greatest excuse to privacy intruders, and thus, much more sincere threat to privacy than police tapping, etc.

 

Article provided by: Tomáš Nielsen (NIELSEN MEINL advokátní kancelář, Czech Republic)

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Höllwarthtobias.hoellwarth@eurocloud.org

VIEW PROJECT

WHAT IS THE DPC/CPC PROJECT?

53 lawyers from 33 countries are contributing to the project “Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More

 

CPC MISSION & VISION STATEMENT

The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.