Improving the GDPR to protect our rights and freedoms: Recommendations from German digital rights group Digitale Gesellschaft and the German Federation of German Consumer Organisations (vzbv)
Dear Commissioner Didier Reynders,
The GDPR has raised awareness for the issue of data protection, led organizations to clean up their data processing practices and, last but not least, helped establishing and improving institutions for enforcing data protection. Yet, the GDPR is far from perfect. However, a number of shortcomings can and should be addressed via implementation or complementing legislation. With the following intervention, we want to highlight a number of aspects we deem of special relevance.
Enforcement is still falling short. International manufacturers and providers that run our digital infrastructures continue violating our fundamental rights and freedoms.
Among others, news media, health websites and even some children's websites put our rights at risk by broadcasting personal data to hundreds of tracking companies. This is followed up by them generating individual profiles about each and every one of us.
The increasing impact of algorithmic decision-making, especially based on so-called “artificial intelligence”, remains out of control for individuals and society as a whole, despite the efforts of the GDPR.
Following related guidance from data protection authorities, academics and others, we suggest the following eight recommendations for the evaluation of the GDPR from a civil society perspective:
1. Delivering on Privacy Icons
2. Closing the Loopholes regarding automated individual decision-making
3. Specifying the Rules for Profiling
4. Establishing Rules against User Tracking
5. Regulating Data Brokers
6. Holding Manufacturers accountable
7. Automating Data Protection
8. Beyond GDPR
Please find our full analysis attached.
Yours sincerely,
Digitale Gesellschaft & German Federation of German Consumer Organisations (vzbv)