ORCID
Antoni Napieralski - 0000-0002-0576-0733
Keywords
K20, K23, K29
Abstract
The normative links between the GDPR and the Data Act increase the complexity of attributing responsibility for data sharing under the Data Act. Due to overlaps in the material scope of the GDPR and the Data Act, exercising access rights stipulated by the DA leads to consequences in attributing controllership under the GDPR. Users who are not data subjects, together with third parties receiving the requested data, are likely to become joint controllers. Judicial interpretation of the concept of joint controllership effectively lowered the threshold of becoming a joint controller. In pursuit of the effective protection of the data subject, joint controllership becomes an unintended consequence of mechanisms introduced by the Data Act.
Acknowledgements
I would like to thank the anonymous reviewers for valuable comments that improved the quality of this article.
Funding
This article received no funding
The cost of editing selected articles published in the Yearbook of Antitrust and Regulatory Studies in the 2022–2024 is covered by funding under the program “Development of scientific journals” of the Ministry of Education and Science under agreement No. RCN/SN/0324/2021/1. Task title: “Verification and correction of scientific articles and their abstracts”. Funding value: 36 298,00 PLN; The task consists of professional editing of articles published in English.
Declaration of Conflict of interests
The author declared no potential conflicts of interest with respect to the research, authorship, and publication of this article. The author is also an employee of the Polish Office of Competition and Consumer Protection. Opinions expressed in this article are solely of the author and do not reflect the views of the Office of Competition and Consumer Protection.
Declaration about the scope of AI utilisation
The author did not use AI tools in the preparation of this article.
Recommended Citation
Napieralski, A. (2024). Between the Data Act and the GDPR: Attributing Responsibility for Data Sharing. Yearbook of Antitrust and Regulatory Studies, 17(29), 127-145. https://doi.org/10.7172/1689-9024.YARS.2024.17.29.4
First Page
127
Last Page
145
Page Count
19
DOI
10.7172/1689-9024.YARS.2024.17.29.4
JEL Code
K20, K23, K29
Publisher
University of Warsaw