€
29,00 *)
*) incl. German VAT, plus Shipping Costs, Delivery Time
The General Data Protection Regulation (GDPR) sets forth that a justification
is required for a company (the “controller”) to process personal
data. The list of justification grounds in Art. 6 (1) GDPR is exhaustive.
Art. 6 (1) (b) GDPR provides that the controller acts justifiably if the processing
of personal data is necessary for the performance of a contract to
which the data subject is party. The use of this legal justification ground
makes recourse to Art. 6 (1) (f) GDPR (legitimate interests) or Art. 6 (1) (a)
GDPR (consent) unnecessary. This leads to the accusation from data
protection authorities and members of the data protection community
that companies relying on Art. 6 (1) (b) GDPR could undermine data protection.
Companies are accused of trying to circumvent the purportedly
“proper” and “correct” standards of data protection. Behind this is the
notion that data protection consent is the “gold standard” of effective
data protection. The following monograph challenges this view. It is based
on the thesis that effective data protection in contractual relationships
can and must be realized above all through an appropriate design of
the contractual relationships. A consent requirement downstream of the
conclusion of the contract does not strengthen the digital autonomy of
the data subjects, but ultimately contributes to its weakening. The level of
protection envisaged by Article 8 CFR cannot be achieved by constantly
increasing the number of consent requirements in the digital world – this
only leads to “consent fatigue”. The monograph describes in detail which
specific requirements arise from this for the understanding of Art. 6 (1) (b)
GDPR.
Data Protection, Contractual Relationships, Art. 6 (1) (b) GDPR
