1171. OBJECTIVE – In the final part of this book, the insights developed over the three preceding parts shall be used as a basis for policy recommendations. The policy recommendations address the question of how the current allocation of responsibility and liability among actors involved in the processing of personal data might be modified in order to increase legal certainty while maintaining at least an equivalent level of data protection.

1172. METHODOLOGY – The policy recommendations shall be developed in four stages. First, the issues identified in Part IV shall be summarised and presented in a structured manner (“typology of issues”). Second, an inventory will be made of ways in which these issues might be remedied (“typology of solutions”). Third, an evaluation will be made of the extent to which the proposed remedies are capable of addressing each of the identified issues. Finally, in the fourth phase, the approach adopted by the European legislature in the context of the GDPR will be compared with the outcome of the preceding evaluations. Where relevant, recommendations for possible further improvements will be made.

1173. SOURCES – The typology of issues will be developed by categorising the issues identified in Part IV and presenting them in a structured manner. The typology of solutions, on the other hand, will be developed on the basis of proposals put forward by various stakeholders, particular in the context of the review of Directive 95/46 and run-up to the GDPR. The evaluation of possible solutions shall, for the most part, be based on the typology of issues. Each proposal will be evaluated on the basis of whether, and if so, to what extent, it is capable of addressing each of the identified issues. If multiple solutions have been proposed, an internal comparison will be made. Where appropriate, insights from the field of law and economics will be applied to assist the internal comparison of the proposed solutions.