Forum. The protection of personal data is a major issue for the citizens of the european Union. To cope with the increase of technological innovations in the last fifteen years, and the total lack of transparency in the processing of these data by the Gafam (Google, Amazon, Facebook, Apple, Microsoft) – as was recently illustrated the scandal of the Cambridge Analytica –, the general regulation on data protection (RGPD), which entered into force on 25 may, brings an undeniable progress. But by upsetting the relationship between sub-contractors and outsourcers within the processing chain of these data, the RGPD and threatens to harm competition and, paradoxically, to strengthen the market power of the Gafam.
the RGPD in fact requires to provide evidence of the implementation of technical means of protection, security and data portability
Beyond constraints on the collection of consent on the data collection and the strengthening of the sanctions incurred, the RGPD in fact requires to provide evidence of the implementation of technical means of protection, security and data portability, as well as traceability and accountability throughout the entire chain of actors dealing with personal data : the company that collects the personal data to those who host them and analyse them, without forgetting the company who ordered these treatments, and who is the end user.
However, the contracts between the various companies dealing in personal data has led to a disruption of economic relationships in the digital world, by providing two types of qualifications : the person in charge of treatment and the sub-contractor. The responsible of treatment determines the treatment of personal data that it wishes to implement, within the limits of the legal framework and consents obtained for this purpose, so that the sub-contractor, himself, is acting for the account…