Standardizing Personal Data Protection

Abstract The Standardizing Personal Data Protection is the first book focusing on the role of technical standards in protecting individuals as regards the processing of their personal data. Through the lenses of legal pluralism and Transnational Private Regulation, the book studies the interaction of standardization as a private semi-autonomous normative ordering and data protection law. The book addresses two key aspects. First, it explores how data protection law, such as the General Data Protection Regulation, works as a legal basis for technical standards. To identify standardization areas in data protection, the book proposes an analytical framework of standards for legal compliance, for beneficiaries, and meta-rules. Second, the book examines how procedural legitimacy issues, such as questions of transparency, representation, and accessibility frame and limit the suitability of standardization to complement public law, especially law that protects fundamental rights, such as the right to protection of personal data. The book provides a comprehensive account of how a private regulation instrument may complement public law in pursuing its goals and where limits and conditions for such a role should be drawn.