UIA Congress, Luxembourg 6 - 10 Nov. 2019
Data protection is now a social issue, the stakes and challenges of which are being addressed well beyond the boundaries of the legal sphere. In Europe, the subject has become political and a top priority for EU law, as the protection of European citizens’ and residents’ personal data has given rise to a sophisticated regulatory ecosystem, the goal of which is to become a benchmark for data protection. A certain number of countries have thus decided, jointly with or following in the footsteps of the European Union, to reinforce their protection systems by automatically placing businesses under onerous technical and organisational obligations. In other regions, data is first and foremost seen as an asset to be leveraged and a resource that is needed for refining machine learning algorithms, which are well known for being greedy when it comes to data consumption. Nevertheless, it is still necessary to create conditions in which these various conceptions can cohabit in compliance with regulatory systems that are not harmonised with each other. Thus, over and above local and domestic specificities, there are still a certain number of cross-cutting questions, e.g. the place of consent, the territorial applicability of Binding Corporate Rules, and how to manage cross-border data flows. Moreover, the regulatory authorities and courts have now handed down their first decisions, which make it possible to quantify the actual risk more accurately and make compliance policies more specific.