In preparation for the first Article 97 evaluation and review of the General Data Privacy Regulation (GDPR), member states have submitted comments, reports Muge Fazliogu of the International Association of Privacy Professionals (IAPP)

Key points:

  • Businesses and government agencies feel overwhelmed, uncertain and confused. (Germany)
  • Recommend to publish real cases of best practices, as well as cases of bad practices. (Czech Republic)
  • GDPR’s approach to the protection of children is “fragmented and disjointed.” (Ireland)
  • Children’s consent in Article 8, which leaves discretion to member states, should be reconsidered.
  • There should be only one uniform age of consent for children. (Netherlands)
  • Recommend that European Data Protection Board issue its own list of situations where Data Processing Impact Assessments (DPIAs)  are required.(Czech Republic)
  • There should be transparent criteria for SAs regarding the issuance of fines. (Germany)
  • Recommend to bring about additional adequacy decisions and to expand the existing ones to additional areas and sectors. (Germany)

Details from the IAPP.