The European approach to online privacy and personal data concerns in the contemporary digital age appears to have embraced a ‘user-centric’ approach, inspired by values of ‘personalism’ and human dignity, regardless of the growing commercial value commonly given to personal data. These two sides of the same coin have been taken into account by the GDPR. On the one hand, it seems to outline a system of protection of data subjects that presents certain similarities and connections with consumer protection directives, especially as regards the transparency principle and the aim to provide individuals with ‘effective’ protection, enforceable rights and awareness-raising activities. On the other hand, a radical shift in the data protection policies of big online companies and many other service providers is required by the implementation of the set of mandatory principles and obligations stated by chapter IV of the GDPR, while the notice-and-consent paradigm is now quite remote. In particular, data minimisation, confidentiality, integrity, data protection by design and by default, as well as accountability and scalability principles require a model of approaching the new challenges brought about by data protection that should be ‘contextual’ and ‘tailor-made’. This means that the appropriate measures to be adopted by controllers and processors must consider the specific circumstances of each individual case, in accordance with a proportionality and reasonableness test on the extent of risks to the rights and freedoms at stake.

The ‘user-centric’ and ‘tailor-made’ approach of the GDPR through the principles it lays down

Francesco Giacomo Viterbo
2019-01-01

Abstract

The European approach to online privacy and personal data concerns in the contemporary digital age appears to have embraced a ‘user-centric’ approach, inspired by values of ‘personalism’ and human dignity, regardless of the growing commercial value commonly given to personal data. These two sides of the same coin have been taken into account by the GDPR. On the one hand, it seems to outline a system of protection of data subjects that presents certain similarities and connections with consumer protection directives, especially as regards the transparency principle and the aim to provide individuals with ‘effective’ protection, enforceable rights and awareness-raising activities. On the other hand, a radical shift in the data protection policies of big online companies and many other service providers is required by the implementation of the set of mandatory principles and obligations stated by chapter IV of the GDPR, while the notice-and-consent paradigm is now quite remote. In particular, data minimisation, confidentiality, integrity, data protection by design and by default, as well as accountability and scalability principles require a model of approaching the new challenges brought about by data protection that should be ‘contextual’ and ‘tailor-made’. This means that the appropriate measures to be adopted by controllers and processors must consider the specific circumstances of each individual case, in accordance with a proportionality and reasonableness test on the extent of risks to the rights and freedoms at stake.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11587/436249
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? ND
social impact