Page 91 - AEI Insights 2019 - Vol. 5, Issue 1
P. 91

Ariadno and Bajrektarevic, 2019


               Comprehensive Legislation as powerful deterrent

               The Internet age exposes individuals in an unprecedented ways to the domestic or foreign
               predatory  forces.  Everybody  is  tempted  to  participate  in  digital  economy  or  digital  social
               interaction. This cannot go without revealing personal information to large state or non-state
               entities  of  local  or  international  workings.  If  the  field  is  not  regulated,  the  moment  such
               information  leaves  its  proprietor,  it  can  be  easily  and  cheaply  stored,  analysed,  further
               disseminated and shared without any knowledge or consent of it originator.

               So far, neither market forces nor the negative publicity has seriously hindered companies and
               governments  from  tapping  on  and  abusing  this  immense  power.  Nothing  but  a  bold  and
               comprehensive legislation is efficient deterrent, which stops the worst misuse. Only the legal
               provisions to protect personal data may serve a purpose of special and general prevention:
               Be it in case a local or transnational corporate greed, governmental negligent  or malicious
               official, or the clandestine interaction of the two (such as unauthorised access to personal phone
               and Internet records, as well as the unverified or inaccurate health and related data used to deny
               person from its insurance, loan, or work).
               While  totally  absent  elsewhere,  early  European  attempts  to  legislate  a  comprehensive
               regulatory system of personal data protection have tired its best. Still, the EU’s Data Protection
               Directive of 1995 was falling short on several deliverables. (It was partly due to early stage of
               internet development, when the future significance of cyberspace was impossible to fully grasp
               and anticipate). Hence, this instrument failed to identify comprehensively the wrongdoings it
               sought to prevent, pre-empt and mitigate. The 1995 text also suffered from a lack of (logical
               and legal) consistency when it came to directing and instructing the individual EU member
               states  (EU  MS)  on  how  to  domesticate  data  privacy  and  promulgate  it  the  body  of  their
               respective national legislation. Finally, the GDPR solves both of these problems.
               This  instrument  of  2018  clearly  stipulates  on  discrimination  combating  (including  the
               politically or religiously motived hate-contents), authentication-related identity theft, fraud,
               financial crime, reputational harm (social networks mobbing, harassments and intimidation).
               Moreover, the European Commission (EC) has stated that the GDPR will strengthen the MS
               economies by recovering people’s trust in the security and sincerity of digital commerce, which
               has suffered lately of a numerous high-profile data breaches and infringements.
               However, the most important feature (and a legal impact) of the GDPR is its power of being a
               direct effect law. This means that individuals can invoke it before the MS courts without any
               reference to the positive national legislation. That guaranties both speed and integrity to this
               supranational  instrument  –  no  vocatio  leagis  and  no  unnecessary  domestication  of  the
               instrument  through  national  constituencies.  Conclusively,  the  2018  instrument  is  further
               strengthened by an extra-territorial reach – a notion that make is applicable to any entity that
               operates in the EU, even if entity is not physically situated in the EU.
               This practically means that each entity, in every sector and of every size, which processes
               personal data of the EU citizens, must comply with the GDPR. It obliges governments and their
               services (of national or sub-national levels); health, insurance and bank institutes; variety of
               Internet and mobile telephony service providers; media outlets and other social data gathering
               enterprises; labour, educational and recreational entities – in short, any subject that collects
               digital information about individuals.
               The GDPR further strengthens accountability principle. The state and commercial actors hold
               direct  and  objective  responsibility  for  a  personal  data  collecting,  storing  and  processing
               (including its drain or dissemination). Clearly, this EU instrument strengthens the right for
               information privacy (as a part of elementary human right – right to privacy) by protecting


                                                            91
   86   87   88   89   90   91   92   93   94   95   96