Be the first to like this
How is and should the future of data protection regulation of the journalistic media develop under the GDPR? State law in this area remains highly divergent but the great majority do recognise that qualified data protection requirements and partial regulatory supervision should apply here. This points to a continuing, albeit sensitive, role for DPAs. But these authorities have many other demands and remain highly resource constrained. It is argued that a co-regulatory synergy between self- and statutory regulation provide the best mechanism to elucidate the necessary detailed balanced standards and for monitoring these. DPAs should develop a strategic approach including through according greater deference to self-regulatory bodies which take data protection standards and this balancing task seriously. The codes of conduct and monitoring provisions in articles 40 and 41 of the GDPR may be deployed directly here or at least provide a guide for a sui generis approach, with the new European Data Protection Board playing a facilitative rather than a controlling role.
N.B. These slides are based on a talk I gave at a joint HEC Paris Law Department and Science Po Law School seminar on 30 November 2018. I am grateful for the feedback I received there.
N.N.B. Please note that the chart in Slide Six unfortunately failed to display that as of Autumn 2018 approximately 40% of statutory data protection laws enacted by EEA jurisdictions still subject journalism to full DPA supervision.