by
Prof. Dr. Marta Requejo Isidro

MPILux Working Paper 3 (2019)

Abstract: Individuals’ control over personal data has a role to play in the field of data protection. The GDPR offers to the data subject a number of possibilities to manage his/her data and to keep the control on them; in this way it helps building up a feeling of empowerment. By recognising the rights of access, rectification, erasure, and data portability of the data subject, and imposing on controllers and processors limits to the processing as well as obligations of information, the European GDPR endorses the protagonism of the individual. At the level of enforcement, however, the EU legislator unambiguously privileges the public mechanisms. Whereas in the GDPR private enforcement is addressed and improved relative to the situation under Directive 95/46/EC, it stays relegated to a discrete second place; as a consequence, the harmonization of the corresponding procedural rules remains restricted as well. 

Keywords: personal data protection; private enforcement; harmonization of procedural rules