Forgetting about consent. Why the focus should be on “suitable safeguards” in data protection law

Abstract

This paper explores the assumption that data processing based on consent is ancillary in the greater context of data protection, being only one of the six lawful bases for data processing. Moreover, the data protection draft regulation proposed by the European Commission in 2012 meets overwhelmingly the concerns regarding consent in data protection expressed on numerous occasions in the past years. Hence, the focus in data protection law should be, instead, on the development of efficient and clear provisions for handling data, which can be deemed as “suitable safeguards” regardless of the bases of their processing. For instancethe right of data subject access, information, erasure etc., purpose requirements and accountability rules are effective in all of the situations of data processing. This article proposes a set of such suitable safeguards which match the content and the puporse of the right to data protection.