Overview of GDPR: Difference between revisions
Line 185: | Line 185: | ||
== Intro == | == Intro == | ||
The General Data Protection Regulation (GDPR) is meant to regulate the processing of personal data within the European Economic Area (EEA). It largely replaced the Data Protection Directive 95/46/EC of 1995 and is based on EU fundamental rights enshrined in the European Charter of Fundamental Rights (CFR), the EU treaties and the European Convention of Human Rights (ECHR). | |||
Switching from a Directive to a Regulation, meant that the legal text is directly applicable to private entities, without the need to transpose the text into national law, as required under the previous Directive. This approach was meant to bring a more consistent legal framework, as Member States could not change the meaning of EU law when implementing it into national law. The so-called "one stop shop" and the cooperation procedures between national supervisory authorities, are meant to ensure consistency not only in the legal text, but also in enforcement. | |||
However, the GDPR is not fully consistent in this approach, as it was required to refer to Member State law or even providing for opening clauses, allowing to regulate certain issues in national law (such as employee data). Equally procedural law is mainly regulated by each Member State, meaning that supervisory authorities follow very different practices, despite the need for European cooperation. | |||
In practice this leads to situations where the core elements of European data protection law is found in the GDPR, but in many cases there is substantial interaction with national material and procedural laws. | |||
== Legal History == | |||
''You can help us fill this section!'' | |||
==== Directive 95/46/EC ==== | |||
''You can help us fill this section!'' | |||
==== Proposal by the European Commission ==== | |||
''You can help us fill this section!'' | |||
==== Position of the European Parliament ==== | |||
''You can help us fill this section!'' | |||
==== Position of the European Council ==== | |||
''You can help us fill this section!'' | |||
==== Trilogue ==== | |||
''You can help us fill this section!'' | ''You can help us fill this section!'' | ||
== Legal Structure == | == Legal Structure == | ||
The GDPR and | |||
=== Treaty Law === | === Treaty Law === | ||
The European Union does not have a constitution, but is primary law is instead found in the treaties. Treaty law is higher ranking than normal European legal acts, like regulations, directives or decisions. The European treaties require the protection of personal data as a human right, which can only be changed by a unanimous agreement of all EU Member States. | |||
If a European legal act like the GDPR would violate treaty law, it would have to be annulled by the European Court of Justice (CJEU). To avoid such a situation legal acts are usually interpreted to be in compliance with treaty law. Consequently the CJEU usually interprets the GDPR in light of treaty law, which makes treaty law especially relevant when working with the GDPR. | |||
==== Article 8 CFR ==== | ==== Article 8 CFR ==== | ||
You can help us fill this section! | |||
==== Article 16 TFEU ==== | ==== Article 16 TFEU ==== | ||
Line 229: | Line 255: | ||
''You can help us fill this section!'' | ''You can help us fill this section!'' | ||
== | === EDPB and National Guidance === | ||
''You can help us fill this section!'' | ''You can help us fill this section!'' | ||
== | === Enforcement of the GDPR === | ||
''You can help us fill this section!'' | ''You can help us fill this section!'' |
Revision as of 23:05, 1 August 2022
Intro
The General Data Protection Regulation (GDPR) is meant to regulate the processing of personal data within the European Economic Area (EEA). It largely replaced the Data Protection Directive 95/46/EC of 1995 and is based on EU fundamental rights enshrined in the European Charter of Fundamental Rights (CFR), the EU treaties and the European Convention of Human Rights (ECHR).
Switching from a Directive to a Regulation, meant that the legal text is directly applicable to private entities, without the need to transpose the text into national law, as required under the previous Directive. This approach was meant to bring a more consistent legal framework, as Member States could not change the meaning of EU law when implementing it into national law. The so-called "one stop shop" and the cooperation procedures between national supervisory authorities, are meant to ensure consistency not only in the legal text, but also in enforcement.
However, the GDPR is not fully consistent in this approach, as it was required to refer to Member State law or even providing for opening clauses, allowing to regulate certain issues in national law (such as employee data). Equally procedural law is mainly regulated by each Member State, meaning that supervisory authorities follow very different practices, despite the need for European cooperation.
In practice this leads to situations where the core elements of European data protection law is found in the GDPR, but in many cases there is substantial interaction with national material and procedural laws.
Legal History
You can help us fill this section!
Directive 95/46/EC
You can help us fill this section!
Proposal by the European Commission
You can help us fill this section!
Position of the European Parliament
You can help us fill this section!
Position of the European Council
You can help us fill this section!
Trilogue
You can help us fill this section!
Legal Structure
The GDPR and
Treaty Law
The European Union does not have a constitution, but is primary law is instead found in the treaties. Treaty law is higher ranking than normal European legal acts, like regulations, directives or decisions. The European treaties require the protection of personal data as a human right, which can only be changed by a unanimous agreement of all EU Member States.
If a European legal act like the GDPR would violate treaty law, it would have to be annulled by the European Court of Justice (CJEU). To avoid such a situation legal acts are usually interpreted to be in compliance with treaty law. Consequently the CJEU usually interprets the GDPR in light of treaty law, which makes treaty law especially relevant when working with the GDPR.
Article 8 CFR
You can help us fill this section!
Article 16 TFEU
You can help us fill this section!
GDPR
You can help us fill this section!
Chapters
You can help us fill this section!
Articles
You can help us fill this section!
Recitals
You can help us fill this section!
Negotiation Documents
You can help us fill this section!
Other EU law
You can help us fill this section!
ePrivacy Directive 2002/58/EC
You can help us fill this section!
eCommerce Directive 2000/31/EC
You can help us fill this section!
EU Data Protection Regulation 45/2001/EC
You can help us fill this section!
National Implementation Laws
You can help us fill this section!
EDPB and National Guidance
You can help us fill this section!
Enforcement of the GDPR
You can help us fill this section!