One of the most difficult task in the practical enforcement of the GDPR provisions is to find a fair balancement between the technicality of the legal language and the duty of simplicity settled by the data protection bylaws. Both the GDPR itself and the various “suggestions” coming from the various player are nothing more but a re-phrasing of the legal text, thus leaving the data controller as well as the data subject unable to have clear directions.
EU Consumers’ Rights Directive may comes handy to solve this problem, as it settles precise duties when drafting contracts and interacting with consumers. For instance consumers have a right:
- to a written confirmation of the purchase, so should a data-subject that grant a consent by ticking a check box,
- to know how a digital content interact with his hardware/software, so should a data-subject who allows a digital platform to run application locally, on the data-subject computer,
- to pay basic, non-premium fares for telephone post-sales assistance, so should a data-subject, when calling to ask for his own personal data processing
Thinking creatively, the reading of the EU Consumer Directive is a good source to handle the daunting task of writing actually GDPR compliant data-subject-related policies and agreements.