The European Union general data protection regulation: what it is and what it means*

  title={The European Union general data protection regulation: what it is and what it means*},
  author={Chris Jay Hoofnagle and Bart van der Sloot and Frederik J. Zuiderveen Borgesius},
  journal={Information \& Communications Technology Law},
  pages={65 - 98}
ABSTRACT This paper introduces the strategic approach to regulating personal data and the normative foundations of the European Union’s General Data Protection Regulation (‘GDPR’). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s implications. We also highlight where the GDPR takes a different… 
The European Union’s GDPR and Its Effect on Data-Driven Marketing Strategies
This research paper analyzes the developing effect that the European Union’s recently developed General Data Protection Regulation will have on the marketing strategies of firms that rely on big data and offers some final recommendations related to GDPR compliant marketing strategies.
The benefits and challenges of general data protection regulation for the information technology sector
The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.
Protection of Personal Data Regulation and Public Liberties
The Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data is much more than a personal data regulation. It
Narrowing Data Protection's Enforcement Gap
  • F. Lancieri
  • Political Science
    SSRN Electronic Journal
  • 2021
The rise of data protection laws is one of the most profound legal changes of this century. Yet, despite their nominal force and widespread adoption, available data indicates that these laws
Law in Books and Law in Action: The Readability of Privacy Policies and the GDPR
This study empirically examines the readability of privacy policies of 300 highly popular websites and indicates that in spite of the GDPR’s requirement, users often encounter privacy policies that are largely unreadable.
Legislative discourse of digital governance: a corpus-driven comparative study of laws in the European Union and China
  • Siyue Li, C. Kit
  • Computer Science, Law
    International Journal of Legal Discourse
  • 2021
It is found through corpus analysis that the EU has developed a relatively comprehensive data protection system, which internally focuses on the protection of individual data rights and externally sets high standards on the cross-border transfer of data.
GDPR and challenges of personal data protection
The aim of this paper is to look at GDPR regulations from several standpoints of the business of taxpayers, it is necessary to include all segments of a business entity in the implementation of this regulation, as well as bodies at the national level.
Delivering Data Protection: The Next Chapter
The right to data protection set out in Article 8 of the EU Charter of Fundamental Rights had played a pioneering role in the development of EU fundamental rights jurisprudence. Schecke and Eifert
Privacy Protection(ism): The Latest Wave of Trade Constraints on Regulatory Autonomy
Countries spend billions of dollars each year to strengthen their discursive power to shape international policy debates. They do so because in public policy conversations labels and narratives
Protection of Individuals in the light of EU Regulation 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of such Data
The process of establishing normative acts in the European Union does not  occur out of nowhere, but in the context of specific social needs. That was the case of the genesis of establishing legal


Comments on Selected Topics in the Draft EU Data Protection Regulation
In January 2012, the European Commission published its proposals for a new EU data protection regime. Not surprisingly, this started extensive debates and lobbying, especially from big industry. The
Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation
The problems show that the GDPR lacks precise language as well as explicit and well-defined rights and safeguards against automated decision-making, and therefore runs the risk of being toothless.
New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case
This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data
Privacy, Freedom of Expression, and the Right to Be Forgotten in Europe
In this chapter we discuss the relation between privacy and freedom of expression in Europe. In principle, the two rights have equal weight in Europe – which right prevails depends on the
The Right Not to Be Subject to Automated Decisions Based on Profiling
In this chapter, a critical analysis is undertaken of the provisions of Art. 22 of the European Union’s General Data Protection Regulation of 2016, with lines of comparison drawn to the predecessor
Tracking Walls, Take-It-Or-Leave-It Choices, the GDPR, and the ePrivacy Regulation
A list of circumstances to assess when a tracking wall makes consent invalid is provided, and how the EU lawmaker could regulate tracking walls is explored, for instance in the ePrivacy Regulation.
It is argued that a right to an explanation in the EU General Data Protection Regulation is unlikely to present a complete remedy to algorithmic harms, particularly in some of the core “algorithmic war stories” that have shaped recent attitudes in this domain.
OF THE DISCLOSURE A gas Spring for a drawing table which has a cylinder, a piston in the cylinder, and a piston rod projecting from the piston through one end wall of the cylinder, the other end wall
Regulating Profiling in a Democratic Constitutional State
The consent must be 'clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language
  • GDPR art