• The purpose of data protection law is to make it possible for controllers to process personal data, and the protection of data subjects is necessary on order to achieve this purpose.
• The leading player in data protection law is the controller at the same time as they limit his freedom
• However data protection law also ought to empower the data subject. It is discussed whether the position of consent should be strengthened and consent be either the exclusive or primary ground for processing. Consent entails risks for the data subject and such a change of the law is not in general advisable.
• Transparency is seen as important and through an information policy, real transparency may be achieved.
• Another issue concerns whether it is expedient that the same data protection rules apply to the private and to the public sector. Having separate rules should be considered, as this would give the rules a higher impact.