- CDT strongly supports the use of the Regulation instrument to
harmonize data protection across the common market and the renewed
emphasis on stronger enforcement to provide data subjects with
consistent, predictable privacy rights.
- CDT proposes a clarification that the Regulationʼs requirement of parental consent only applies when a controller has actual knowledge that it is processing a child’s data, as opposed to a presumption of knowledge that it is likely processing data concerning a child. Otherwise, all controllers would have to adopt invasive, expensive, and ineffective controls to determine the identity of all data subjects in violation of Article 10 of the Regulation.
- CDT urges significant revision to the Articles providing for a right to be forgotten and for stringent rules around profiling, as these Articles are unduly broad and unworkable in their current iterations.
- CDT supports a streamlined process for the development of industry specific Codes of Conduct and urges the Commission to take an active role in convening stakeholders around evolving privacy norms.