The European Union’s well-publicized General Data Protection Regulation that went into force on May 25 is a much-needed update to its 1995 Data Protection Directive and in many ways a substantial improvement. As leading privacy scholar Daniel Solove says it provides a “blueprint for protecting data that is more thorough and complete than nearly any other privacy law…”
Unfortunately, it did not update its core premise of protecting privacy through a right of individuals to control their own data.