The increasing demand from individuals to have their privacy respected or to take decisions about the management of their information assumes a significant role in business activities and it becomes an important element for building public trust in service providers.
In this scenario, keeping the focus of data protection only on the individual and his or her decisions is no longer adequate. If legislators consider data protection as a fundamental right, it is necessary to reinforce its protection in order to make it effective and not conditioned by the asymmetries which characterize the relationship between data subject and data controllers.
This aim is implemented by the EU proposal by means of three different instruments: data protection impact assessment, privacy by design/by default solutions, and the data minimization principle.
The competitive value of data protection can be assured and enhanced only if the user’s self-determination over personal data is guaranteed. From this point of view, countering the phenomena of data lock-in and ‘social’ lock-in is fundamental in order to offer privacy-oriented and trustworthy services, which increase user propensity to share data and stimulate the digital economy and fair competition.
International Data Privacy Law (2013), Oxford University Press