Browsing by Author "Atallah, Max"

The current EU data protection legislation has been deemed inadequate, as the personal data of the data subjects has been repeatedly processed unlawfully. The insufficient level of data protection is largely a result of the ineffective remedies of the EU member states and the unawareness and indifference of the controllers, the processors and the data subjects. As a result of the weak level of data protection, the current EU personal data protection legislation has not been able to provide adequate legal certainty for the protection of personal data. The GDPR’s accountability principle is one of the main reforms the GDPR introduces to the EU’s personal data protection legislation, as the principle aims to enhance the legal certainty of the lawful processing of the personal data of the data subjects. The GDPR’s accountability principle sets active obligations for to the controllers and the processors, through which they have to demonstrate that their processing activities are lawful. However, as a result of the flexible drafting of the GDPR’s accountability principle, the application of the principle in practice may prove very tricky. Therefore, this research studies assesses the legal certainty of the GDPR’s accountability principle from the perspectives of the data subjects and the controllers and the processors. The perspective of the controllers and the processors is given the main emphasis, as they are the ones who must apply the principle in practice. Since Article 5(2) of the GDPR, which is the Article that regulates the GDPR’s accountability principle, is so vague that it is impossible to come up with a sufficient judicial meaning for the GDPR’s accountability principle just by interpreting it and the GDPR, this research systematizes the GDPR’s accountability principle to create a judicial meaning for the principle in which it can be assessed. The research systematizes the principle by utilizing Dr. Colin Bennett’s conceptualization in which the principle is divided into three central elements, which are the knowledge of who is accountable for the compliance with the accountability principle, what is that person is accountable for and to whom must the demonstration of accountability be made. The judicial meaning of the GDPR’s accountability principle is utilized in assessing the legal certainty of the GDPR’s accountability principle. The research suggests that the GDPR’s accountability principle enhances the legal certainty of the lawful processing of the data subjects’ personal data by forcing the controllers and the processors to comply with the GDPR or face hefty administrative fines, creating active obligations for the controllers and processors to demonstrate that they process personal data lawfully and increasing the overall knowledge of the personal data protection. The research also suggests that the GDPR’s accountability principle also creates negative effects for the legal certainty of the controllers and the processors by not clarifying the three central elements distinguished by Bennett. Thus, the data protection authorities ought to clarify the meaning of the GDPR’s accountability principle to enable its effective application.