Daniel Gill, Jakob Metzger

European Data Protection Law Review, Volume 8 (2022), Issue 2, Page 221 - 237

Restrictions of data access for complementary services in digital (IoT) ecosystems are an increasing concern in the legal and economic discussion around the interface between competition law and data protection. The connected car and its ecosystem of innovative complementary products and services is exemplary for this problem. Car manufacturers (OEMs) enjoy exclusive control over most in-vehicle data and thus a gatekeeper position that allows them to control complementary markets. One of a number of potential solutions to this problem is the application of the right to data portability of the General Data Protection Regulation (GDPR). This paper shows the difficulties of solving this data access problem through Art. 20 GDPR. In particular, we analyze the scope of data covered by Art. 20 GDPR, the conditions of its execution, and its practicality with respect to the transaction costs involved. Our findings suggest that Art. 20 GDPR is insufficient to solve the data access problem in the ecosystem of connected cars. Key Words: Data Portability | Data Access | Data Protection Law | Competition Policy | Connected Cars | PSD2 | Consumer Data Rights

Zohar Efroni, Jakob Metzger, Lena Mischau, Marie Schirmbeck

European Data Protection Law Review, Volume 5 (2019), Issue 3, Page 352 - 366

Although the institution of consent within the General Data Protection Regulation intends to facilitate the exercise of personal autonomy, reality paints a different picture. Due to a host of structural and psychological deficits, the process of giving consent is often neither informed nor does it foster self-determination. One key element in addressing this shortcoming is the visualisation of relevant information through icons. This article outlines a risk-based methodology for the selection, design and implementation of such privacy icons. It lays the groundwork for identifying risky data processing aspects as a first step in a larger project of creating a privacy icons set to accompany privacy policies. The ultimate goal of the privacy icons is to assist users in making better informed consent decisions through the visualisation of data processing aspects based on their inherent risks. Keywords: Privacy Icons, Consent, Risk-Based Approach, Private Autonomy, Legal Design