Module 1: Data Protection Laws Flashcards
Human Rights -
Universal Declaration of Human Rights vs European Convention on Human Rights
Universal Declaration of Human Rights 1948: nonbinding instrument; contains right to private life and freedom of expression, influenced European data protection laws and standards
European Convention on Human Rights 1953 - international treaty drawn up by Council of Europe, can be enforced by European Court of Human Rights in Strasbourg, all member states ratified; Article 8 rights of individuals, A10 rights of freedom of expression and sharing information and ideas across national boundaries, A10(2) balance between A8 and A10
European data protection timeline
1980-2010
1980s:
- OECD (Organisation for Economic Co-operation and Development) Guidelines, facilitate data flows and protect personal data in a global economy
- Council of European Convention (Convention 108), first data protection instrument for several Council of Europe member states
1990s:
difficulties w/ Convention 108
- EU Data Protection Directive (general data protection principles and obligations, required to transpose and implement by EU member states)
2000s:
- Charter of Fundamental Rights of the EU, collection of individuals’ rights including dp
- EU Directive on Privacy and Electronic Communications (e-Privacy Directive) legally binding, requires local implementation
- Data retention addressed by national laws
- Treaty of Lisbon, strengthen and improve the core structures of the EU
2010s:
- GDPR law in 2016, enforceable 25 May 2018
- 2018: Convention 108+ to align with GDPR
European Court of Human Rights (ECHR)
Upholds privacy and data protection laws through its enforcement of the European Convention on Human Rights and Convention 108. It is not part of the European Union.
Council of Europe vs European Union
European Economic Area (EEA)
Council of Europe (Europarat): international organisation with 47 member states
European Union: economic and political union with 27 member states
EEA: allows members of the European Free Trade Association (EFTA) to participate fully in the EU’s internal market, composed of 27 EU member states and 3 EFTA member states that are not currently EU member states—Iceland, Liechtenstein and Norway
European Parliament
Only European Union institution whose members are directly elected
Three primary responsibilities:
- legislative development
- supervisory oversight of the other institutions
- development of the budget
Greatest impact on dp and privacy
European Council
(Europäischer Rat)
Defines the EU’s priorities and sets the political direction for the EU
Composed of heads of state or government of all EU countries, the European Council President, the European Commission President and the High Representative for Foreign Affairs and Security Policy
Council of the EU
Focuses on legislative decision-making
Meetings attended by one minister from each member state that changes based on the policy issue to be discussed.
Legislation is generally proposed by the Commission before it is examined by the Council of the EU and the Parliament
European Commission
Implements the EU’s decisions and policies
Exclusive competence to propose legislation
Most active in dp
One commissioner per member state
Court of Justice of the EU
Judicial body of the EU
Actions taken by the European Commission against a member state or by an individual or organisation to enforce their rights under EU law
Clarification of EU law
Comparison GDPR vs Data Protection Directive
EU directive:
- obligates to implement in local laws
- DP Directive was transposed into 28 local laws
EU regulation:
- directly applicable and enforceable as law in member states
- aim one set of dp rules for all EU but allows degree of tailoring
- European Data Protection Board - independent European body
ePrivacy Directive and GDPR
European Data Protection Board has issued an opinion regarding interplay and related questions
- Co-existence: In cases where lex specialis does not apply, the general rule will apply (lex generalis)
- ‘To complement’: Several ePrivacy Directive provisions complement GDPR provisions
- ‘To particularise’ (lex specialis principle): ‘Special provisions prevail over general rules’.