What could possibly go wrong? On risks to the rights and freedoms of natural persons in EU data protection law, their typologies and their identification

Dariusz Kloza; Thibaut D'hulst; Malik Aouadi

doi:10.71265/148r5752

Authors

Dariusz Kloza Universiteit Gent https://orcid.org/0000-0003-0819-8130
Thibaut D'hulst Van Bael & Bellis
Malik Aouadi Van Bael & Bellis

DOI:

https://doi.org/10.71265/148r5752

Keywords:

data protection, risk-based approach, risk to the rights, data protection impact assessment

Abstract

The risk-based approach is a pillar of EU data protection law, mandating data controllers to adapt their obligations to the risks to the rights and freedoms of natural persons. Despite aiming to strengthen data protection and provide flexibility, it presents conceptual and practical challenges, such as comprehending and assessing risk. This paper seeks to elucidate these issues to enhance legal compliance and safeguard fundamental rights. Section 2 scrutinizes the nature of risk and its assessment, examines related concepts like damage, and explores inherent problems. Section 3, after illustrating such risks, expands their understanding by introducing ‘negative consequences’ and proposing their typology. Section 4 presents a method for efficiently identifying these consequences, i.e., an inventory with a complimentary classification criteria.

Downloads

Download data is not yet available.

Author Biographies

Dariusz Kloza, Universiteit Gent

Dr Dariusz (Darek) Kloza is a senior researcher at the Human Rights Centre (HRC) at Ghent University. His expertise concentrates on international fundamental rights law, especially the rights to privacy and personal data protection, and internet governance. He is also a part-time senior data protection expert at the Brussels office of Van Bael & Bellis, where his work focuses on data protection law.
He holds a PhD in Law from the Vrije Universiteit Brussel (VUB; 2019), an LL.M. in Law and Technology (2010) from Tilburg University (with distinction) and a master’s degree in law from the University of Białystok (2008), including a student exchange at the University of Copenhagen (2007-08).
Previously, he was a researcher at the Research Group on Law, Science, Technology and Society (LSTS; 2011-21) at the VUB, where he co-founded the Brussels Laboratory for Data Protection & Privacy Impact Assessments (d.pia.lab; 2015). He held in parallel a part-time research position at the Peace Research Institute Oslo (PRIO; 2015-17) and visiting fellowships, in Australia (2016) and Cyprus (2022), among others.
He pursues his interests in European integration as a freelancer at the Centre for Direct Democracy Studies (CDDS) at the University of Białystok (Poland), where he has co-edited book series on 'Current Debates in European Integration' (Routledge, since 2023) and 'European Integration and Democracy' (Intersentia, 2020-24).
Thibaut D'hulst, Van Bael & Bellis

Thibaut D’hulst is a counsel at Van Bael & Bellis (VBB) where he focuses on intellectual property law, new technologies, data protection, pharmaceutical law and competition law.

Thibaut regularly advises clients on all aspects of intellectual property law. His experience ranges from advising on strategies to protect trademarks, databases and other intellectual property to litigation, including patent validity and enforcement cases. He also regularly assists clients in new technology projects in relation to compliance with intellectual property, data protection and/or pharmaceutical laws.

In addition, Thibaut is a certified Data Protection Officer and assists clients in complying with EU and Belgian data protection rules by conducting data protection audits, drafting company policies, information clauses and processor agreements on data protection, filing notifications, assisting clients in procedures before data protection authorities and advising on the international transfer of personal data.

In the field of competition law, Thibaut’s experience includes compliance training, assisting clients during and after dawn raids, advising on data protection aspects of competition procedures and on litigation concerning damages proceedings.
Malik Aouadi, Van Bael & Bellis

Malik Aouadi is a lawyer at Van Bael & Bellis (VBB) in the Belgian commercial team.

Malik provides comprehensive guidance to a diverse range of clients, including both domestic and international entities. His areas of expertise encompass IT/IP law, data protection, pharmaceutical and healthcare law as well as general commercial law, allowing him to offer well-rounded support in these fields. Driven by a deep interest in the dynamic relationship between law and technology, Malik actively addresses the legal challenges that arise in this intersection. He remains updated with the latest EU regulations, including the DSA, DGA, Data Act, and AI proposals, ensuring his clients receive the most current and relevant advice.