Between the Data Act and the GDPR: Attributing Responsibility for Data Sharing

Antoni Napieralski, University of WarsawFollow

ORCID

Antoni Napieralski - 0000-0002-0576-0733

Keywords

K20, K23, K29

Abstract

The normative links between the GDPR and the Data Act increase the complexity of attributing responsibility for data sharing under the Data Act. Due to overlaps in the material scope of the GDPR and the Data Act, exercising access rights stipulated by the DA leads to consequences in attributing controllership under the GDPR. Users who are not data subjects, together with third parties receiving the requested data, are likely to become joint controllers. Judicial interpretation of the concept of joint controllership effectively lowered the threshold of becoming a joint controller. In pursuit of the effective protection of the data subject, joint controllership becomes an unintended consequence of mechanisms introduced by the Data Act.

Acknowledgements

I would like to thank the anonymous reviewers for valuable comments that improved the quality of this article.

Funding

This article received no funding

The cost of editing selected articles published in the Yearbook of Antitrust and Regulatory Studies in the 2022–2024 is covered by funding under the program “Development of scientific journals” of the Ministry of Education and Science under agreement No. RCN/SN/0324/2021/1. Task title: “Verification and correction of scientific articles and their abstracts”. Funding value: 36 298,00 PLN; The task consists of professional editing of articles published in English.

Declaration of Conflict of interests

The author declared no potential conflicts of interest with respect to the research, authorship, and publication of this article. The author is also an employee of the Polish Office of Competition and Consumer Protection. Opinions expressed in this article are solely of the author and do not reflect the views of the Office of Competition and Consumer Protection.

Declaration about the scope of AI utilisation

The author did not use AI tools in the preparation of this article.

Recommended Citation

Napieralski, A. (2024). Between the Data Act and the GDPR: Attributing Responsibility for Data Sharing. Yearbook of Antitrust and Regulatory Studies, 17(29), 127-145. https://doi.org/10.7172/1689-9024.YARS.2024.17.29.4

First Page

127

Last Page

145

Page Count

DOI

10.7172/1689-9024.YARS.2024.17.29.4

JEL Code

K20, K23, K29

Publisher

University of Warsaw

Download

Included in

Antitrust and Trade Regulation Commons

COinS