IAPP Privacy Tracker
Lokke Moerel, in her latest opinion piece, discusses the fact that the GDPR allows Member States to regulate the scope of applicability of their national GDPR implementation laws. As the Member State drafts become public, it is apparent that their scope provisions are inconsistent; some Member States are faithfully mirroring the GDPR’s scope provision in their national implementation laws, while others broaden the scope significantly. This means that there will be even more laws to keep track of after GDPR than under the current EU Privacy Directive.
As the GDPR leaves many legal bases for processing to the Member States to regulate, these variations in scope result in several disparate Member State laws—ironically, the very issue that the GDPR was intended to remedy.
Which Member States are getting it right and which are getting it wrong? And what can the WP29 do minimize the confusion and clarify the very issues that GDPR was intended to solve?
Read more in Lokke Moerel’s IAPP Privacy Tracker article.