Working paper Open Access

Specific certification schemes as rule, general schemes (and criteria) as exception: Comment on Addendum to Guidelines 1/2018 on certification and identifying certification criteria per Articles 42 and 43 of the regulation

von Grafenstein, Max

This analysis criticizes a major design flaw of the Addendum to the Guidelines 1/2018 on certification and identifying certification criteria per Articles 42 and 43 of the EU General Data Protection Regulation (GDPR) by the European Data Protection Board (EDPB). The possibility for certification owners to set up general certification schemes in addition to specific specification schemes opens up a glaring loophole which will decrease transparency and inhibit a consistent EU-wide application of the law. In its addendum, the EDPB makes a recognizable effort to close the loophole by specifying further requirements for such general schemes. However, these efforts are merely corrective measures: the fundamental design flaw continues to exist. The consequences are serious; not only does this design flaw contradict the two key regulatory objectives of increasing transparency and supporting consistent EU-wide compliance, but will sooner or later marginalise specific certification schemes in practice. That is an unfortunate outcome, as specific certification schemes ultimately cost businesses less and are much more effective measures in meeting the two regulatory objectives of the GDPR. This paper analyzes the Addendum with respect to the function of certification schemes in environments which are highly prone to future uncertainties and covered by data protection law.

Files (356.8 kB)
Name Size
Position Statement_HIIG-ECDF (extended version 2).pdf
md5:78100a7ebb9d3b4277be36f9ece2b1de
356.8 kB Download
52
36
views
downloads
All versions This version
Views 5223
Downloads 3615
Data volume 25.3 MB5.4 MB
Unique views 4319
Unique downloads 3214

Share

Cite as