The sub-project is to contribute to shaping the interplay of material requirements and their procedural fulfilment on the basis of concrete norms of the GDPR, with a special focus on mobile applications. Central norms will be examined in detail, how their procedural content is to be determined and what proposals exist for technical and organisational feasibility. The normative content is to be determined. At the same time, technical concepts for mobile services must be understood in more detail. This also includes an assessment of how transparency and trust are interdependent and to what extent they can be guaranteed by procedures.
Current PhD project of subarea A.4:
Procedural Requirements in GDPR
- Loïc Reissner-
Procedural law is considered to be the counterpart to substantive law. But how do these two counterparts interact with each other? How far is it possible to ensure material legal requirements through rules of procedure?
These general questions are particularly important in view of the GDPR. Namely, the GDPR contains several rules that enable the compensation of substantive law through “technical and organisational measures”, e.g. in Art. 5 I lit. e, Art. 24 I, 25 I, II GDPR. Moreover, opening clauses grant a margin in implementation for the member states.
Objective of the thesis in Research Area A.4 is an examination of the procedural requirements for the protection of personal data and whether there are standards for rules of procedure to ensure material requirements. For companies as data processors, the findings may provide leeway for the development of new technologies or risky data processing instead of a complete ban of such procedures.