The European Commission recently proposed a General Data Protection Regulation,1 which is meant to replace the EU Data Protection Directive2 and to thoroughly reform and modernize the EU privacy regulatory framework. The Regulation, if adopted, would introduce a number of changes, several of which would considerably alter the current privacy setting.3 First, the current Directive would be replaced with a Regulation, achieving EU-‐wide harmonization. Second, the scope of the instrument would be widened and the provisions made more precise. Third, the use of consent for data processing would be limited. Fourth, Data protection “by design” would be distinguished from data protection “by default”. Fifth, new fundamental rights would be introduced and the old ones clarified. Sixth, new rules on controllers’ and processors’ duties, on supervisory authorities and on sanctions would be introduced. Finally, the Commission would obtain significant new powers to adopt delegated acts. This appendix explores the impact that the proposed Regulation might have on interoperability of user-‐generated services.4 Since the proposed Regulation is an instrument of high complexity, only those provisions of direct relevance for the project and Work Package 5 will be analysed here.
Seventh Framework Programme: FP7-‐SSH-‐2009-‐A Grant Agreement Number 244643 Collaborative Project CONSENT