GDPR Conundrums: The GDPR Applicability Regime — Part 1: Controllers

IAPP Privacy Tracker

29 Jan 2018

Lokke Moerel, in her latest opinion piece, discusses the fact that the GDPR allows Member States to regulate the scope of applicability of their national GDPR implementation laws. As the Member State drafts become public, it is apparent that their scope provisions are inconsistent; some Member States are faithfully mirroring the GDPR’s scope provision in their national implementation laws, while others broaden the scope significantly. This means that there will be even more laws to keep track of after GDPR than under the current EU Privacy Directive.

As the GDPR leaves many legal bases for processing to the Member States to regulate, these variations in scope result in several disparate Member State laws—ironically, the very issue that the GDPR was intended to remedy.

Which Member States are getting it right and which are getting it wrong? And what can the WP29 do minimize the confusion and clarify the very issues that GDPR was intended to solve?

Read more in Lokke Moerel’s IAPP Privacy Tracker article.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.