EDU 1: Is GDPR still a mystery?

Claudio Lucena

• Social media platforms in particular bring a great number of people into an environment where privacy and data protection are relevant, but the necessary, public capacity-building and awareness initiatives are not yet in place or widely known.

• The balance between freedom of expression and the protection of personal data seems to have been adequately addressed through the public interest exception, but objective mechanisms and tools to achieve this balance are unclear and not yet in place.

• Resources for local data protection authorities are scarce; this will be an obstacle to implementing the GDPR.

• Convention 108, as an internationally binding instrument, can be an important tool in bringing developing countries closer to the GDPR norms, standards and mechanisms which are reflected in it.

• WHOIS is an important tool for the security and stability of the Internet, and as such, it is the duty of care to the Internet community to maintain it, while ensuring the right balance between privacy and security; we need a clear path with respect to the next steps, with the ICANN steering the process.

• The GDPR is clear, but its implementation is a common problem for all countries, not just a few. There also needs to be awareness of new technologies and business models, and how the GDPR can be applicable in practice.

• The actual empowerment of the user vis à vis the new approach to the notion of consent is still highly uncertain and one of the main issues concerning the implementation of the GDPR.

• It is necessary to determine whether decisions that were implemented before the GDPR are still a basis for transferring data abroad until they are revised again by the European Commission.