The panel aims to contribute to current discussions on the effectiveness of the GDPR by focusing on challenges arising from the regulatory design it sets forth. While the GDPR is obviously a “data protection” law, legal deconstruction reveals that it strives to achieve its objectives by applying and fusing rules and institutions from various legal fields. These include, inter alia, EU law, fundamental rights law, regulatory law, corporate governance and private law. These measures, in turn, focus their attention on the behavior of individuals, enforcement agencies and corporations. Reflecting on the breadth of these measures provides new insights as to the challenges of deploying the GDPR. In addition, although these measures share a common goal, they might be in tension if not conflict, with each other due to their different legal nature, thus generating inefficiency. The discussion of these issues is crucial for properly establishing priorities in GDPR application, as has relevance to other developing multifaceted regulatory areas, such as Artificial Intelligence.
• How have different legal fields and enforcement measures inspired the GDPR, and the roles for DPAs, companies and data subjects?
• The GDPR aims to protect the fundamental rights of individuals through various measures – how has it been faring?
• What can we learn from developments in regulation theory and corporate governance so to promote more effective data protection “accountability”?
• How can these lessons learned from other regulatory settings be applied to developing data protection frameworks in other jurisdictions?