Zum Inhalt springen

Specific certification schemes as rule, general schemes (and criteria) as exception

Author: Grafenstein, M. v.
Published in:
Year: 2021
Type: Working paper
DOI: 10.5281/zenodo.4905484

This analysis criticizes a major design flaw of the Addendum to the Guidelines 1/2018 on certification and identifying certification criteria per Articles 42 and 43 of the EU General Data Protection Regulation (GDPR) by the European Data Protection Board (EDPB). The possibility for certification owners to set up general certification schemes in addition to specific specification schemes opens up a glaring loophole which will decrease transparency and inhibit a consistent EU-wide application of the law. In its addendum, the EDPB makes a recognizable effort to close the loophole by specifying further requirements for such general schemes. However, these efforts are merely corrective measures: the fundamental design flaw continues to exist. The consequences are serious; not only does this design flaw contradict the two key regulatory objectives of increasing transparency and supporting consistent EU-wide compliance, but will sooner or later marginalise specific certification schemes in practice. That is an unfortunate outcome, as specific certification schemes ultimately cost businesses less and are much more effective measures in meeting the two regulatory objectives of the GDPR. This paper analyzes the Addendum with respect to the function of certification schemes in environments which are highly prone to future uncertainties and covered by data protection law.

Visit publication


Connected HIIG researchers

Maximilian von Grafenstein, Prof. Dr.

Assoziierter Forscher, Co-Forschungsprogrammleiter

Aktuelle HIIG-Aktivitäten entdecken

Forschungsthemen im Fokus

Das HIIG beschäftigt sich mit spannenden Themen. Erfahren Sie mehr über unsere interdisziplinäre Pionierarbeit im öffentlichen Diskurs.