Issue 4: GDPR In Focus

December 2018

Notes from FPF

The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) aims to guarantee strong protections for individuals regarding their personal data and apply to businesses that collect, use, or share consumer data, whether the information was obtained online or offline.

The GDPR went into effect on May 25, 2018 and is one of the most comprehensive data protection laws in the world to date.  The law represents the most comprehensive data protection reform in a generation.  Its geographic scope extends far beyond the borders of Europe, and material scope reaches across all industries – including online services, mobile, cloud, IoT, financial services, healthcare, and telecom.

In this issue are articles that provide highlight key issues raised by the GDPR: how does the Article 20 right to data portability address (or not address) privacy concerns about onward transfer of personal information? How might privacy risks raised by the internet of things be mitigated by a GDPR-compliant transparency model? How might the GDPR right to explanation be implemented in a flexible and practical manner? How do the GDPR and ePrivacy Directive intersect with the standard contractual terms used by many online services? How can children’s privacy rights be best supported by the GDPR?  Is the right to “legibility” the appropriate way to interpret and apply GDPR’s rights to explanation? The papers highlighted in this issue engage with these questions and more.

As always, we would love to hear your feedback on this issue. You can email us at