Standardizing Personal Data Protection

Standardizing Personal Data Protection is the first book focusing on the role of technical standards in protecting individuals as regards the processing of their personal data. Through the lenses of legal pluralism and transnational private regulation, the book studies the interaction of standardization as a private semi-autonomous normative ordering, and data protection law. It traces the origins of standardization for EU policy and law, provides an evolutionary account of worldwide standardisation initiatives in the area of data protection, privacy, and information security, and delves into the concept of technical standards, its constitutive characteristics, and legal effects.

The book addresses two key aspects. Firstly, it explores how data protection law, such as the General Data Protection Regulation (GDPR), works as a legal basis for technical standards. To identify standardization areas in data protection, the book proposes an analytical framework of standards for legal compliance, for beneficiaries, and meta-rules. Secondly, the book examines how procedural legitimacy issues, such as questions of transparency, representation, and accessibility, frame and limit the suitability of standardization to complement public law, especially law that protects fundamental rights, including the right to protection of personal data. Ultimately, it concludes by providing a comprehensive account of how a private regulation instrument may complement public law in pursuing its goals and where limits and conditions for such a role should be drawn.