The "third generation" global standard protection of privacy in Europe: some considerations on the entry into application of the General Data Protection Regulation (original) (raw)
Related papers
Acta Iuris Stetinensis, 2021
It is widely recognised that the first binding legal act regarding the protection of personal data of an international nature is Convention 108, adopted on 28 January 1981. By virtue of the Convention, the Parties are required to apply in their domestic legal order the principles introduced by the Council of Europe to ensure guarantees for the fundamental human rights of all individuals with regard to the processing of personal data. This paper refers to Convention 108 as the foundation for European and international data protection laws in a number of European countries. It has influenced policies and legislation far beyond Europe's borders. However, due to the development of ICT tools that permit establishing new data-driven business models based on data-processing systems, Convention 108 has become subject to modernisation. At the same time, intensive negotiations were conducted in the EU concerning a new data-protection package to reform the data-protection system, and many other countries around the world have introduced provisions related to the processing of personal data. This paper analyses the impact of the standards set out in Convention 108 on the decision-making process and its global dimension.
The EU rights to privacy and personal data protection: 20 years in 10 questions: Discussion paper
The rights to privacy and to personal data protection, enshrined respectively in Art. 7 and 8 of the Charter of Fundamental Rights of the European Union (EU) (hereafter, the ‘EU Charter’), have been particularly powerful in determining the evolution of EU law and policy over the last years. On their basis, the Court of Justice of the EU (CJEU) declared invalid the Data Retention Directive, advised against the conclusion of a negotiated agreement on the transfer of Passenger Name Record (PNR) data to Canada, and brought down the major legal instrument allowing for the transfer of personal data to the United States (US). The CJEU has also asserted, on the basis of Art. 7 and 8 EU Charter, the existence of rights in the hands of individuals in relation to data about them processed by search engines. Judgments such as Digital Rights, Schrems and Google Spain8, but also the Court’s Opinion 1/15 on the PNR agreement between the EU and Canada, have demonstrated the importance of these two fundamental rights for EU law, also against the background of a continuously developing data- driven information society built on the massive of use of personal data.
Survey of Recent European Union Privacy Developments
2012
The Spanish law implementing the European Union (EU) Data Protection Directive, advisory guidance on consent, facial recognition and biometric technologies from the European Union Article 29 Data Protection Working Party (WP29) , and proposals for EU data protection law reform are analyzed in this survey piece. EU legislative processes are illustrated by a specific occurence: Spanish Organic Law 15/1999 on the Protection of Personal Data is reviewed in the context of Court of Justice of the European Union (ECJ) joined cases, Asociación Nacional de Establecimientos Financieros de Crédito (ASNEF) v. Administración del Estado, and Federación de Comercio Electrónico y Marketing Directo (FECEMD) v. Administración del Estado. The addition of a condition for the processing of personal data not present in the 1995 Data Protection Directive was rejected, and in the process the ECJ case Productores de Música de España (Promusicae) v. Telefónica de España SAU is cited regarding the transposition of European directives into EU Member State national law. WP29 guidance on (i) consent to personal data processing, including in an employment relationship, and on (ii) the special risks involved in the use of facial recognition and biometric technologies, is discussed. Finally, the proposal by the European Commission of the General Data Protection Regulation is seen as the culmination of various trends in the development of EU data protection law. PLEASE NOTE THAT THIS PAPER MAY BE DOWNLOADED USING THE SSRN LINK PROVIDED.
European privacy legislation: a legal and economic analysis
2020
As of July 2020, the General Data Protection Regulation 2016/679 (GDPR) has been in force for more than two years. Together with the e-Privacy Directive 2002/58/EC, it applies to millions of European businesses across all sectors. Both pieces of legislation have been challenging to implement for industry stakeholders; A review of their reports serves as the basis of a qualitative legal analysis of the GDPR, the E-Privacy Directive and the draft of the coming E-Privacy Regulation that seeks to identify which provisions have turned out to be most difficult for European Businesses to implement. This legal dissection will be accompanied by a quantitative assessment of the administrative fines that have been issued by data protection authorities throughout the Union. The aim is to locate problems within the legislature and to provide recommendations for how to solve them.
Privacy and Data Protection in EU
As far as the technology has become more user friendly, individuals exchange more data between themselves using technological tools. The communication between individuals has become faster and more intense. In parallel to these developments, the norms and values of the societies, thus of the individuals have changed and the meaning of data privacy has being re-interpreted in today’s world. Each development in the technology fuels another one. In parallel to that, individuals’ interactions have gained new formats based on the new technologies. On the other hand, political concerns, like more need to defend public security should also be mentioned. While encouraging the developments of the new technologies, the States consider to maintain their citizens’ security and rights to their personal data protection. How far the European Union, with its legislation for data protection, is reaching to this target? This study will give some highlights for answering this question.
Due to the fact that technological progress and globalization have profoundly changed the way our personal data is collected and processed, in January 2012, the European Commission has proposed a comprehensive reform on the European Union’s data protection rules. The reform package consists of a proposal for a General Data Protection Regulation, meant to replace the 1995 Data Protection Directive, as well as a new Data Protection Directive which shall provide for data protection in the areas of police and judicial cooperation in criminal matters. This reform initiative came as response to major critics according to which the 1995 rules on data protection have not been implemented in a uniform and efficient way by the EU Member States and, therefore, the rules need to be modernized in order to better respond to the current needs of the digital age. Supporters of the reform put forward that this reform is also needed due to the fact that data protection has acquired the status of a separate fundamental right in the EU, in the Charter of Fundamental Rights (article 8), which is distinct to the right to respect for private and family life. In this context, the study aims to answer whether the new reform legislation has the potential to augment the internal market dimension of data protection, increase the effectiveness of the fundamental right to data and, at the same time, enhance the coherence of the EU data protection framework. With this objective in mind, the study will present and analyze the EU standards regarding data protection and analyze some of the main items of the proposed reform. It will also provide an overview of the best practices in the Member States and the deficiencies that need to be taken into consideration by policy makers in order to achieve more efficient results. The study will also present and evaluate some of the most relevant jurisprudence of the European Court of Human Rights and European Court of Justice in the field of data protection and human rights.
Introduction to Research Handbook on EU Data Protection Law
Edward Elgar Publishing eBooks, 2022
Data Protection is a continuously growing research field. Personal data processing impacts not only the individuals, their dignity and autonomy, but also the society as a whole. In the words of Stefano Rodotà 'the democratic nature of any society can be also gauged by the extent to which personal data are actually protected'. 1 The COVID19 pandemic greatly illustrates the multi-faceted nature of data protection. Data concerning health became of paramount importance not only for the so-called social distancing measures, but also for medical research. At the same time, we all witnessed vast collection, commercialisation and often misuse of personal data. Health apps with the green certificates necessary for travelling, apps promising to limit the spreading rates of the virus by notifying citizens of infected persons in their proximity, and access policies involving temperature measuring of employees. 2 The necessity and proportionality of processing of all those data in the name of public health is questionable. Especially, given the false promises of many of those measures. 3 In parallel, Public Private Partnerships became the new norm, legitimising access to and use of data, often coupled with allegations on inappropriate data security guarantees. 4 The COVID19 example teaches us the importance of personal data and of rules on fair and proportionate processing, but also the relevance of data protection as a regulatory field, and consequently of data protection research. This Handbook aims at depicting the actual scholarly, state-of-the-art overview of research and the scope of current thinking in the field of European data protection in a multidisciplinary manner, and reflecting on current issues that will mark the next generation of research. Several reasons make the publication of this Research Handbook on European Data Protection so timely.
National Security Concerns as an Exception to EU Standards on Data Protection
Nordic Journal of European Law
Discussions on the appropriate fundamental rights standards in the EU and the need to take into account conflicting interests are increasingly being reframed as debates on the conflict between the primacy of EU law and the constitutional standards of the Member States. One example of this reframing is the French administrative supreme court’s decision following the ECJ judgment in La Quadrature du Net. The Conseil ruled that the EU standards set in that judgment must be reviewed, at the national level, with regard to a national understanding of security concerns and the requirements of the fight against terrorism. Thus, constitutional requirements related to public security may be relied upon to argue for a lower standard of protection of personal data than those which the ECJ requires. As this decision shows, the ability of corporations and Governments to rely on litigation before national courts to challenge the standard of protection set at the EU level creates a significant risk...
Evolution or revolution of EU Law on the Protection of Personal Data
This paper aims at presenting the evolution of European Union Law in the domain of personal data protection. It has been generally acknowledged that the EU law demanded updating as to protection of individuals’ privacy since it has been shaped mainly by a relatively old instrument - EU Data Protection Directive dated 1995. However, many authors suggest that the process of adjusting EU law to modern privacy framework follows a path of natural evolution, it appears that the form of a regulation can bring serious revolution to member states’ national legislations, which differ to a great extent as to protection of privacy. This paper claims that the EU personal data protection law may be seen both as an evolution when it comes to gradual change of substantive provisions and a revolution as to the form of universally binding instrument that will replace and unify national regulations.