Today, with the advent of the internet, consumers have, in a way, become dependent on these technological innovations which bring them many benefits and conveniences on a daily basis. Some companies have not hesitated to create diverse and attractive services in order to attract the attention of as many people as possible. In particular, we are targeting large accounts, many of whose offers are offered without any financial compensation. This visual advantage allowed these companies to develop rapidly and aggressively, and experience unprecedented global success while imposing their own policy. However, the practices of these companies quickly emerged as dangerous and sources of various risks for users. Any movement that is made is already monitored, and this constant collection of data has, on the one hand, strengthened the power of these companies, and on the other hand, it has made it difficult for Europeans to control all their data.
One of the GDPR’s contributions relates to strengthening the rights of individuals. They can now request access, correction, deletion or restoration of their data in a machine-readable format, or restrict or oppose its processing. Because of these rights, the legislator wanted data subjects to regain control of their data and be able to decide their own destiny.
This regulation also strengthened the obligations that organizations have with strict regulation of data collection and processing. Thus, the data controller must show transparency towards the data subjects and must communicate information to them This makes it possible to make an informed decision as to whether or not to report their data.
Furthermore, the data can only be processed if the data controller has the right to do so, i.e. the processing is based on a legal basis. Thus, where data processing is not required by law or if it is necessary to protect a person’s vital interests or to perform a task in the public interest, consent The data subject shall be collected unless the data controller proves that he has a legitimate interest in processing the data and that this interest does not override the fundamental interests or rights and freedoms of the data subject.
This desire to strengthen the power of Europeans also stems from the broad scope of regulation. Not only organizations based in Europe are affected, but also those targeting European residents. This extraterritorial scope is also guaranteed by the rules on data transmission. Articles 44 et seq. of the General Data Protection Regulation (GDPR) require verification of the receiving country’s protection level before any data transfer and, in the absence of a determination of suitability, the use of adequate safeguards.
This power which European judgments bestow upon individuals does not appear to be wholly effective. First of all, many of the tools used by a large number of European users are offered by non-European companies. websites YoutubeAnd the The Google And the Amazon Among the most used websites in France. However, these companies do not always enjoy a level of protection equivalent to that required by European regulations. with revoke safe haven And the Privacy ShieldIt appears that it is increasingly difficult to guarantee the same powers to individuals in the event of data transfers outside the European Union. A decree was signed a few days ago to regulate data transfers between Europe and the United States, complementing the agreement signed in March 2022. Although the content of these agreements has not yet been revealed, we can already question their effectiveness in the absence of a radical reform in the United States.
Subsequently, it appears that the European provisions cannot fully bring about their effect due to the differences that exist between different countries with regard to the manner in which personal data is perceived. While for some, personal data are attributes of an individual that require careful protection, others consider them as commercial goods or even tools that make it possible to control the population. This means weakening the power that people have. Thus, on the transatlantic side, the Patriot Act and the Foreign Intelligence Surveillance Act (Foreign Intelligence Surveillance Act (FISA)) seems to extend the geographic scope of requests from US authorities to data on servers regardless of their location, as long as the body is US. Such laws strengthen the powers of foreign authorities and the formation a threat to European regulations. Thus, data in the hands of foreign companies will not fully benefit from the same protections imposed at the European level and the use of data will not necessarily be limited to what is absolutely necessary and proportionate.
Finally, this weakness in the power of the Europeans is due in some way to the strategy adopted in Europe to ensure data protection. In particular, the solution lies in strengthening the legal framework. But this does not seem to be enough, and it is necessary to encourage the creation of tools with powerful and efficient functions such as those provided by foreign companies, in order to limit data transfers and ensure the strength that European regulation aims to guarantee.
However, in the absence of such measures, reliance on large accounts can be a real obstacle to the protection of individuals and a brake on the consolidation of individual power.
Tribune Posted by Ola Mohti, attorney and GDPR expert at Data Legal Drive
<< اقرأ أيضًا: سيلفان ستوب ، مؤسس Data Legal Drive: "الشركات الأوروبية تدافع الآن عن ثقافة أخلاقية حقيقية لإدارة البيانات" >>>