Issues of uniform application of General Data Protection Regulation

Abstract: As a respond to the development of Internet and Digital technologies, EU listed creation of Digital Single Market (hereinafter referred to as: “DSM”) as a strategic goal. The development of DSM would contribute in securing competitiveness within the Union. Establishment of DSM inevitably raises an issue of data management in the EU and in order to successfully form DSM, EU needs to create a harmonious and uniformly applicable legal data protection framework. Data protection framework was created by adoption of Data Protection Directive in 19951 (hereinafter: “Directive 1995”). Directive 1995 was framed to the specific needs of the market that were matter of concern in 1995, but recent development had shown that Directive 1995 cannot answer nor resolve all the current issues. As a step in improving data protection framework, EU has adopted a GDPR2. In preamble of the GDPR it is emphasized that “legal and practical certainty for natural persons, economic operators and public authorities should be enhanced”.3 This thesis will evaluate capabilities of GDPR in achieving this aim. In addition, it is aiming to discover potential issues that may arise in the application of GDPR. The thesis will be divided in two sections: The first section covers issue of GDPR regarding long list of derogations left at the competence of Member States. Due to the page constraints of the thesis, the focus will be only on those derogations that can significantly impede the objectives of GDPR. Additionally, in the first section author will talk about the different legal instrument used by EU in creation of data protection framework and difference between regulation and directive. Second section of the paper will try to discover how uncertain it is going to be to enforce the rights provided by GDPR due to the possibilities of derogations mentioned in the first section of the paper. Focus will be on two practical issues, (a) the content data expressed by the users of social networks acting outside of the scope of household activities, and (b) enforcement of the right to be forgotten in national courts after Google Spain case. The thesis concludes by drawing the conclusions from the section one and section two which evaluate the effect of the GDPR in creation of harmonious legal data protection framework across EU.