Article 98 GDPR: Difference between revisions
(merge category "GDPR" into "GDPR Articles") |
No edit summary |
||
(6 intermediate revisions by 4 users not shown) | |||
Line 185: | Line 185: | ||
== Legal Text == | == Legal Text == | ||
<br /><center>'''Article 98 - Review of other Union legal acts on data protection'''</center | <br /><center>'''Article 98 - Review of other Union legal acts on data protection'''</center> | ||
The Commission shall, if appropriate, submit legislative proposals with a view to amending other Union legal acts on the protection of personal data, in order to ensure uniform and consistent protection of natural persons with regard to processing. This shall in particular concern the rules relating to the protection of natural persons with regard to processing by Union institutions, bodies, offices and agencies and on the free movement of such data. | The Commission shall, if appropriate, submit legislative proposals with a view to amending other Union legal acts on the protection of personal data, in order to ensure uniform and consistent protection of natural persons with regard to processing. This shall in particular concern the rules relating to the protection of natural persons with regard to processing by Union institutions, bodies, offices and agencies and on the free movement of such data. | ||
== Relevant Recitals== | ==Relevant Recitals== | ||
{{Recital/17 GDPR}}{{Recital/173 GDPR}} | |||
== Commentary == | == Commentary == | ||
Article 98 GDPR | The aim of Article 98 GDPR is to ensure the adaptation of Union Acts relating to data protection in a manner which corresponds with the GDPR's regulatory framework.<ref>''Kühling, Raab'', in Kühling, Buchner, DS-GVO BDSG, Article 98 GDPR, margin number 2 (Beck 2020, 3rd edition).</ref> Given that data protection affects several different sectors, each of which have their own characteristics, questions arise when considering which legal Union Acts this provision extends to. In this regard, the GDPR refers to certain legal instruments that also have to be taken into consideration under Article 98 GDPR.<ref>Some examples are: the ePrivacy Directive (Directive 2002/58/EG), which formulates more specific rules for the processing personal data occurring in the context of electronic communications, which supersede the GDPR(see Article 95 GDPR); the e-Commerce Directive (Directive 2000/31/EG), especially in the context of liability and responsibility of hosting, caching and content providers (see Article 2(4) GDPR); the Directive on the Re-use of Public Sector Information (Directive 2003/98/EC amended by Directive 2013/37/EU) regarding documents that are not or only partially accessible for reasons of data protection (see Recital 154 GDPR); the Regulation on Community Statistics on Public Health and Safety at Work (Regulation (EC) No 1338/2008), especially regarding its relevant definitions as well as the interpretation of “public health” for the GDPR (see Recital 54 sentence 3 GDPR); the Directive on Patients' Rights in Cross-Border Healthcare (Directive 2011/24/EU), regarding personal data processed within healthcare services and patients’ access rights to their files (see Recital 35 sentence 2 GDPR); the Regulation on Clinical Trials on Medicinal Products for Human Use (Regulation (EU) No 536/2014), which includes special provisions in cases of consent to participation in clinical trials (see Recital 161 GDPR); and lastly, the Regulation on European Statistics (Regulation (EC) No 223/2009), which provides special rules regarding confidential information which is, at the same time, personal data as well (see Recital 163 GDPR).</ref> However, beyond Acts explicitly referred to in the GDPR's text, there remains a degree of discrepancy regarding whether other Acts relating to data protection fall within the scope of Article 98 GDPR. | ||
Commentators have argued in favour of a broad reading of the provision, suggesting that the Commission should review all EU legislation which addresses data protection, including more specific acts, such as the Anti-Money Laundering Directive and the Europol Regulation.<ref>''Tosoni'' in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University Press 2020). </ref> Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that:<blockquote>'''For the processing of personal data by the Union institutions, bodies, offices and agencies, Regulation (EC) No 45/2001 applies. Regulation (EC) No 45/2001 and other Union legal acts applicable to such processing of personal data shall be adapted to the principles and rules of this Regulation in accordance with Article 98''<nowiki/>'. </blockquote> | |||
== Decisions == | == Decisions == | ||
→ You can find all related decisions in [[:Category:Article 98 GDPR]] | → You can find all related decisions in [[:Category:Article 98 GDPR]] | ||
The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the opinion of Attorney General Bobek in ''Confédération paysanne and Others'', has suggested that there exists a wider constitutional duty for Union legislation to be ''<nowiki/>'technically and socially responsive, and, provided that it is necessary in view of later evolution, to be updated'.''<ref>Case C- 528/ 16, ''Confédération paysanne'' (AG Opinion), para 139.</ref> The CJEU has not yet explicitly confirmed the existence of this duty; however, it has been alluded to in ''Agrarproduktion Staebelow''.<ref>Case C-504/ 04, para 40. For a more in-depth discussion on this point, see ''Tosoni'' in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University Press 2020). </ref> | |||
== References == | == References == |
Latest revision as of 09:58, 8 November 2023
Legal Text
The Commission shall, if appropriate, submit legislative proposals with a view to amending other Union legal acts on the protection of personal data, in order to ensure uniform and consistent protection of natural persons with regard to processing. This shall in particular concern the rules relating to the protection of natural persons with regard to processing by Union institutions, bodies, offices and agencies and on the free movement of such data.
Relevant Recitals
Commentary
The aim of Article 98 GDPR is to ensure the adaptation of Union Acts relating to data protection in a manner which corresponds with the GDPR's regulatory framework.[1] Given that data protection affects several different sectors, each of which have their own characteristics, questions arise when considering which legal Union Acts this provision extends to. In this regard, the GDPR refers to certain legal instruments that also have to be taken into consideration under Article 98 GDPR.[2] However, beyond Acts explicitly referred to in the GDPR's text, there remains a degree of discrepancy regarding whether other Acts relating to data protection fall within the scope of Article 98 GDPR.
Commentators have argued in favour of a broad reading of the provision, suggesting that the Commission should review all EU legislation which addresses data protection, including more specific acts, such as the Anti-Money Laundering Directive and the Europol Regulation.[3] Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that:
'For the processing of personal data by the Union institutions, bodies, offices and agencies, Regulation (EC) No 45/2001 applies. Regulation (EC) No 45/2001 and other Union legal acts applicable to such processing of personal data shall be adapted to the principles and rules of this Regulation in accordance with Article 98'.
Decisions
→ You can find all related decisions in Category:Article 98 GDPR
The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the opinion of Attorney General Bobek in Confédération paysanne and Others, has suggested that there exists a wider constitutional duty for Union legislation to be 'technically and socially responsive, and, provided that it is necessary in view of later evolution, to be updated'.[4] The CJEU has not yet explicitly confirmed the existence of this duty; however, it has been alluded to in Agrarproduktion Staebelow.[5]
References
- ↑ Kühling, Raab, in Kühling, Buchner, DS-GVO BDSG, Article 98 GDPR, margin number 2 (Beck 2020, 3rd edition).
- ↑ Some examples are: the ePrivacy Directive (Directive 2002/58/EG), which formulates more specific rules for the processing personal data occurring in the context of electronic communications, which supersede the GDPR(see Article 95 GDPR); the e-Commerce Directive (Directive 2000/31/EG), especially in the context of liability and responsibility of hosting, caching and content providers (see Article 2(4) GDPR); the Directive on the Re-use of Public Sector Information (Directive 2003/98/EC amended by Directive 2013/37/EU) regarding documents that are not or only partially accessible for reasons of data protection (see Recital 154 GDPR); the Regulation on Community Statistics on Public Health and Safety at Work (Regulation (EC) No 1338/2008), especially regarding its relevant definitions as well as the interpretation of “public health” for the GDPR (see Recital 54 sentence 3 GDPR); the Directive on Patients' Rights in Cross-Border Healthcare (Directive 2011/24/EU), regarding personal data processed within healthcare services and patients’ access rights to their files (see Recital 35 sentence 2 GDPR); the Regulation on Clinical Trials on Medicinal Products for Human Use (Regulation (EU) No 536/2014), which includes special provisions in cases of consent to participation in clinical trials (see Recital 161 GDPR); and lastly, the Regulation on European Statistics (Regulation (EC) No 223/2009), which provides special rules regarding confidential information which is, at the same time, personal data as well (see Recital 163 GDPR).
- ↑ Tosoni in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University Press 2020).
- ↑ Case C- 528/ 16, Confédération paysanne (AG Opinion), para 139.
- ↑ Case C-504/ 04, para 40. For a more in-depth discussion on this point, see Tosoni in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University Press 2020).