![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
The EU faces substantive legislative reform in data protection, specifically in the form of the General Data Protection Regulation (GDPR). One of the new elements in the GDPR is its call to establish data protection certification mechanisms, data protection seals and marks to help enhance transparency and compliance with the Regulation and allow data subjects to quickly assess the level of data protection of relevant products and services. To this effect, it is necessary to review privacy and data protection seals afresh and determine how data protection certification mechanisms, seals or marks might work given the role they will be called to play, particularly in Europe, in facilitating data protection. This article reviews the current state of play of privacy seals, the EU policy and regulatory thrusts for privacy and data protection certification, and the GDPR provisions on certification of the processing of personal data. The GDPR leaves substantial room for various options on data protection certification, which might play out in various ways, some of which are explored in this article.
Acknowledgement
This work draws inspiration from the research and results of the EU Privacy Seals Project commissioned by the European Commission, Institute for the Protection and Security of the Citizen of the Joint Research Centre (JRC) in collaboration with the Directorate-General for Justice (DG JUST), Service Contract Number 258065. The views in this article are those of the authors alone and are in no way intended to reflect those of the European Commission.
Conflict of Interest Disclosure
No potential conflict of interest was reported by the author(s).
Notes
1 The European Commission recognises the need to improve consumer confidence in cross-border shopping online by taking appropriate policy action. According to the European Commission, ‘empowered and confident consumers can drive forward the European economy’. European Commission, Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee of the Regions, A European Consumer Agenda - Boosting confidence and growth SWD (2012) 132 final Brussels, 22.5.2012.
12 Grounds might include failure to allow access or inspection, violation of terms of agreement, failure to properly display seal, violation of any law on the part of the certified entity (as determined by the seal authority), failure to correct issues raised by seal authority etc.
13 According to Recital 139, GDPR, the EDPB should be set up as an independent body of the Union with legal personality and would be represented by its Chair. It would replace the Article 29 Working Party on the Protection of Individuals with Regard to the Processing of Personal Data established by Directive 95/46/EC. It would consist of a head of a supervisory authority of each Member State and the European Data Protection Supervisor or their respective representatives. The EDPB would contribute to the consistent application of this Regulation throughout the Union, including by advising the Commission, in particular on the level of protection in third countries or international organisations, and promoting cooperation of the supervisory authorities throughout the Union. It would act independently when exercising its tasks.
14 Corrective power of the supervisory authority to withdraw a certification or to order the certification body to withdraw a certification issued pursuant to Article 39 and 39a, or to order the certification body not to issue certification if the requirements for the certification are not or no longer met.