[...]data breaches have consistently increased in recent years, with almost 1,300 breaches in 2017 and over 600 as of July 24, 2018.11 This is obviously a problem that affects millions of people across the globe each year and is expected to continually increase as the global economy becomes ever more digital, forcing some to call for action. [...]the comment will speculate as to any potential legal developments as a result of the GDPR's implementation in the European Union and ways that it may evolve over time to affect not only the European Union but also other nations that do business in the European Union and those nations around the globe who have or are considering implementing data protection regulations similar to the GDPR, including the United States. "21 Part of the Federal Constitutional Court's reasoning is the fact that it is now easier than ever to acquire information and exert influence over another using that information and the psychological stresses that can accompany that kind of public awareness.22 The court goes on to worry about a societal structure in which a citizen is unaware of who knows what about him/her, when they knew it, and why they knew it.23 The court then states that "the individual must be protected from the unlimited collection, storage, use, and transmission of personal data as a condition for free personality development under modern conditions of data processing" and that the individual, not the state or some other power, has the right to determine if another party may use or divulge his personal data.24 The Federal Constitutional Court does recognize there is a limit to this "informational self-determination," noting that the individual is a personality within a society and public interest may prevail over the rights of the individual in some cases (examples would be public safety or if an individual is missing).25 According to Bradford, this case and the informational "self-determination" became the bedrock upon which the EU's views on privacy and data have been built.26 These laws and this decision by the German Federal Constitutional Court set the stage for incredibly forward-thinking data privacy laws as the world becomes more and more digital. "31 In this case, the court ruled that Google must abide by the wishes of users to take down or delete any data they had acquired that appeared to be irrelevant, inadequate, or no longer adequate to their business interests.32 Since that decision, as of May 2018, Google has received more than 655,000 requests to remove roughly 2.5 million links, and they have complied with 43.3 percent of those requests.33 As technology has advanced, the need for a better regulatory framework became apparent to keep up with the innovations in technology.34 A part of the solution for the EU was to pass the GDPR in 2016.35 Many experts state that the GDPR is simply a modern upgrade to the Data Protection Directive based upon a better understanding of how data has been misused.36 Additionally, unlike the Data Protection Directive, the GDPR is a regulation that is required to be enacted by all member nations in the EU.37 To get a sense of the depth and specificity that the GDPR implements, the GDPR is composed of 173 recitals covering forty-five specific regulations on how companies should process data, forty-three conditions of applicability, thirty-five bureaucratic obligations for the EU member states, seventeen enumerated rights, eleven administrative clarifications, nine policy assertions, five enumerated penalties, and two technological allowances.38 The goal of the GDPR is clear: data should serve mankind.39 As the fourth recital of the GDPR states, The processing of personal data should be designed to serve mankind.
William A. Meyers,
C is for Cookie: Is the EU's New "Cookie Law" Good Enough to Protect My Data?,