The GDPR: The Emperor’s New Clothes - On the Structural Shortcomings of Both the Old and the New Data Protection Law
Neue Zeitschrift für Verwaltungsrecht 10/2018: 686-696
28 Pages Posted: 7 Jan 2019
Date Written: December 21, 2018
The General Data Protection Regulation (GDPR) has many fans and supporters: politicians, supervisory authorities, data protection officers, lawyers, consultants, IT specialists, academics, privacy activists and last but not least, the European Commission — all sing the hymn of the new data protection law. For them data protection law made by the EU is the global "gold standard", the EU is the "trust centre of the world", and the GDPR is like a "cathedral".
On the other hand, many complain about the bureaucratic, costly, small-parts and unrealistic specifications of the GDPR. However, they usually lack the language to transform their justified objections into a critique of fundamental principles. In taboo-laden, ideologically led confrontations over data protection only few dare to become heretics by stating that data protection threatens to become an end in itself or by calling the GDPR a "Frankenstein monster", the "greatest catastrophe of the 21st century", a "digital counterrevolution" or the "perfection of a dead end".
This paper summarises the various currents of fundamental criticism of data protection law, in particular the utopia of informational self-determination, the ineligibility of the legal instrument of consent, the precautionary principle, the GDPR's disregard for the freedoms of communication, the unanswered question of what should be protected at all, the "one size fits all" approach and the "all or nothing" approach.
For now we have to live with the GDPR. It is, however, so incoherent, inconsistent in its interpretation and incompleteness (with simultaneous prescriptiveness), that fundamental criticism is useful in the further future development of the law through jurisprudence and practice. And finally, it is worthwhile to prepare for a "day after" scenario, following the not entirely unlikely event of GDPR's failure in practice.
Until then, we are still waiting for the moment, when the little child raises his voice and everyone realises that the emperor is naked.
This paper is written from a German perspective (without disregarding non-German literature). This means, for example, that the right to informational self-determination and the data protection lobby, which is strong in Germany, are given a lot of space. It could therefore help to clarify German peculiarities (not to say, explain German "Sonderwege"). In particular, however, it should also be a contribution to intercultural dialogue on the basic principles of data protection.
Keywords: GDPR, General Data Protection Regulation, Data Protection, Privacy, Informational Self-Determination, Consent, Precautionary Principle, Consent, Freedoms of Communications, Schutzgut, Verbot mit Erlaubnisvorbehalt
JEL Classification: K20, K22, K23, K29
Suggested Citation: Suggested Citation