The Commission’s Delegated Regulation aims to achieve interoperable data exchange among intelligent transport systems. Therefore, it contains specific provisions for the C?ITS-product regulation, a common cybersecurity system and a system of shared EU administration. The subject matter of data protection, however, has been postponed. This might turn out to be problematic under the impression of the latest German administrative court judgement concerning the “Section Control”-system close to Hannover. Blockchain-based smart contracts might offer a practical solution in this regard. In addition, the Delegated Regulation needs to be seen in connection with the Commission’s proposal for a revised PSI-Directive and the upcoming, new type approval Regulation, which requires the mandatory deployment of automated driving assistant systems by 2022 (“Vision Zero”).

Recently the Dutch DPA introduced a groundbreaking policy on establishing the amount of fines under the GDPR. This article explores whether the primary aims set by the Dutch DPA – equality before the law and legal certainty – are met for various groups of controllers and processors. It also explains why this policy may be relevant outside the Netherlands.