The present study started from the recurrent observation that there is a confusion in practice between the relationship between an employer and employee on the one hand and the relationship between data controller and processor on the other. The confusion is not accidental and it is necessary to clarify this issue in the literature, because in the absence of a clear distinction, the consequences can be detrimental both in terms of profe...

In C-645/19 Facebook Ireland Ltd and Others v Gegevensbeschermingsautoriteit, the Court confirmed that only the lead Data Protection Authority can act against a controller, another supervisory authority can only initiate proceedings against a controller, provided that this power is exercised in one of the limited situations where the Regulation (EU) 2016/679 confers a competence to adopt a final decision, and provided that the cooperat...

The general data protection regulation is the culmination of much tougher legislation in this area. Most of the companies established according to Law no. 31/1990 does not have to take special measures to comply with this legislation, but all companies must be diligent in their dealings with data subjects and the national supervisory authority. More needs to be done to raise awareness of the obligations in this area, involving authoriti...

Few months after the enforcement of what may be called the most renowned Regulation of the European Union, an analysis of the positioning of the subjects of the General Data Protection Regulation proves to be necessary, in order to debunk some myths issued by the lack of knowledge of its contents. The study concerns not only its most important subjects – the controller and the processor – but also the involved institutions and authoritie...

Data protection in Romania can be made in accordance with the status of the controller, meaning either public authority/body or private entity. Operators that are public authorities or bodies have specific rights and obligation, which sometimes are different from those of private entities. The national data protection authority shall have precise tasks with regard to public entities. All these provisions are laid down in nationa...

The Regulation no. 679/2016/EU stipulates the obligation for controller to respect the transparency principle in private data processing. In this material we explore not only the limits and practical consequences of the fore mentioned but also the relationship with the other principles.