Data Protection in Contractual Relationships (Art. 6 (1) (b) GDPR)

The General Data Protection Regulation (GDPR) sets forth that a justification is required for a company (the "controller") to process personal data. The list of justification grounds in Art. 6 (1) GDPR is exhaustive. Art. 6 (1) (b) GDPR provides that the controller acts justifiably if the processing of personal data is necessary for the performance of a contract to which the data subject is party. The use of this legal justification ground makes recourse to Art. 6 (1) (f) GDPR (legitimate interests) or Art. 6 (1) (a) GDPR (consent) unnecessary. This leads to the accusation from data protection authorities and members of the data protection community that companies relying on Art. 6 (1) (b) GDPR could undermine data protection. Companies are accused of trying to circumvent the purportedly "proper" and "correct" standards of data protection. Behind this is the notion that data protection consent is the "gold standard" of effective data protection. The following monograph challenges this view. It is based on the thesis that effective data protection in contractual relationships can and must be realized above all through an appropriate design of the contractual relationships. A consent requirement downstream of the conclusion of the contract does not strengthen the digital autonomy of the data subjects, but ultimately contributes to its weakening. The level of protection envisaged by Article 8 CFR cannot be achieved by constantly increasing the number of consent requirements in the digital world - this only leads to "consent fatigue". The monograph describes in detail which specific requirements arise from this for the understanding of Art. 6 (1) (b) GDPR.

Weitere Produkte vom selben Autor

Europarecht Classen, Claus Dieter, Nettesheim, Martin, Oppermann, Thomas

39,80 €*
Der Schutzauftrag des Rechts Nettesheim, Martin, Al., Et, Lege, Joachim, Diggelmann, Oliver

169,95 €*
Impfpflichten Nettesheim, Martin

59,00 €*