Abstract

The General Data Protection Regulation defines the role of the processor. The scope of the processor’s freedom in the processing of personal data can be reconstructed, to a certain extent, on the basis of the provisions of the GDPR. In practice, however, there are numerous challenges in this regard, as the role of processors has much evolved in recent years. Its evolution is technology driven and is related to the increasing importance of data in the market game. There is a visible trend towards expanding the scope of data processing by the processor, which involves the risk of abusing its role and thus violating the law. In the article, I reconstruct the scope of the admissible freedom of the data subject in the processing of personal data. I indicate and illustrate with examples the observed problems and discuss the directions of possible changes in the law.