The draft data protection regulation and the development of data processing applications

Abstract

Nowadays, data processing components are often part of a multitude of products and services. The current review of the European data protection framework, is proposing the replacement of the Data Protection Directive with a Regulation, which will undoubtedly impact the development of such products and services. This chapter analyses some of the critical changes proposed in the Regulation, highlighting the developments with regard to the actual scope of application of the European legal framework, the consent of the users and the particularities of processing pseudonymous data. It also critically assesses the proposed obligations relating to data security, notification of personal data breaches, the principles of data protection by design and by default, as well as data protection impact assessments. The authors conclude that these changes may actually be a step in the direction of more privacy-aware development of products and applications that entail data processing operations, if certain modalities are taken into account before the final adoption of the draft Regulation.