The Set Up of Data Protection Authorities as a New Regulatory Approach

Schütz, Philip

doi:10.1007/978-94-007-2903-2_7

Cited by 5 publications

(1 citation statement)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their institutional arrangements, provenance, independence, and performance are crucial to that enjoyment, but are less frequently, less systematically, and less comparatively investigated than many of the other components of data protection regimes. 16 European DPAs are a distinctive type of independent regulatory agency (IRA) for they regulate both private sector bodies and state agencies (Schütz 2012). Accordingly, EU law places a very high premium on their independence, which is constitutionally required under EU primary law, strictly construed by the CJEU, 17 and reflected in the GDPR itself.…”

Section: Institutional Dimensionsmentioning

confidence: 99%

Demystifying the modernized European data protection regime: Cross‐disciplinary insights from legal and regulatory governance scholarship

Yeung

Bygrave

2021

Regulation & Governance

View full text Add to dashboard Cite

This article critically examines fundamental aspects of the recently reformed European regime for protection of personal data, focusing on the General Data Protection Regulation (GDPR) adopted by the European Union (EU) in 2016. Although the GDPR is now a central concern for many organizations across multiple sectors, many complain that it is arcane, confusing, and complex. By combining knowledge from two disciplinary perspectivesfrom regulatory governance scholarship, on the one hand, with legal scholarship from the fields of data protection law, constitutional law, and fundamental rights, on the other handthis article seeks to "demystify" the key elements of the regime's architecture and approach in light of the significant uncertainties concerning the nature of its requirements. In particular, this article examines the tension between the regime's pronounced "risk-based" approach to compliance and its basic objective of safeguarding fundamental rights, and the challenges facing data protection authorities in providing timely clarifications of the regime's norms. We argue that, despite its complex and arcane character and continuing uncertainty about the precise scope of its requirements, the regime is an innovative hybrid with a significant degree of in-built "future-proofing" that should help render it more resistant to being rapidly overtaken or outpaced by organizational-technological developments. The secondary aim of this article is to demonstrate how academic insights from two distinct but related disciplinary perspectiveslegal scholarship and regulatory governance studies offer a potentially fruitful approach to enrich understandings of the European data protection regime in particular, and of the mechanics, efficacy, and legitimacy of regulatory governance regimes more generally.

show abstract

Section: Institutional Dimensionsmentioning

confidence: 99%