Faculdade de Direito da Universidade do Porto, Faculdade de Letras da Universidade do Porto
Abstract
In this article, we examine key features of the new EU General Data Protection Regulation (GDPR) in the light of implications of big data technologies. We will focus specifically on the original regulatory approaches introduced by the GDPR relying on risk assessment and management and on self-defense by Internet users, seeking to interpret them in view of a law-technology lag versus a law-technology driving perspective, meaning a legislative policy guided essentially by the intent to foster technological innovation and competitiveness in the Digital Single Market. Indeed, the current EU data protection reform seemingly fails to provide the appropriate caution that should be expected from a law designed to protect a fundamental human right. Notwithstanding the declared aspirations of the GDPR, the decision-making power on what and how to collect, store, and process personal data is leaning to the operators and data controllers to the disadvantage of data subjects and supervisory authorities. While technological conditions, namely the automatisation inherent to data mining and data analytics, render the effectiveness of key data protection principles harder to pursue, it is also true that the increasing suppleness of the regime is furthered by the Regulation’s own regulatory choices.info:eu-repo/semantics/publishedVersio
