ABSTRACT
The General Data Protection Regulation (GDPR), which came into effect in 2018, is one of the most advanced and recognizable international pieces of legislation for data privacy and protection. Since its inception, the GDPR has elevated data privacy and protection in stature within the EU and globally. The GDPR has local and extra-territorial applications. It applies to the EU and its residents as well as foreign and EU companies engaged in the processing or international transfer of the personal data of EU citizens to and from the EEA.
Following the passage of the GDPR many countries’ data protection laws have been modeled after the innovative EU Statute at the national and subnational level (Brazil – LGPD, Canada – PIPEDA, Nigeria – NDPA, and California – CPRA). There has been increased awareness about individual privacy rights. There have also been big fines and penalties against companies in the social media and e-Commerce space for noncompliance with GDPR principles (e.g., Facebook – €1.2 bn and Amazon – €746 m). In this paper we examine the successes and challenges of five years of GDPR and take a snapshot of what the future holds for the ground-breaking legislation; and the data privacy and security continuum.
We shall also examine, inter alia, the guiding principles of the GDPR vis-à-vis the collection, use, retention, and disclosure of personal data; the obligations of data controllers and data processors in respect of the handling and processing of data; the rights of data subjects; International data transfers and data flows; Adequacy Decisions; the use of BCRs and SCCs for data transfers; derogations for specific situations; the Safe Harbor Program and Privacy Shield; Schrems I and II; the new EU-US Data Privacy Framework; Privacy by Design (PbD); Data Protection Impact Assessment (DPIA); Privacy Enhancing Technologies (PET); and Enforcement Actions by Data Protection Authorities (DPAs) in the EU; Data localisation; AI Governance; and Web 3.0.
Wodi, Alexander, The EU General Data Protection Regulation (GDPR): Five Years After and the Future of Data Privacy Protection in Review (2023).
Leave a Reply