Article 1 GDPR: Difference between revisions
Line 212: | Line 212: | ||
<div class="mw-collapsible-content"> | <div class="mw-collapsible-content"> | ||
This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international agreements which involve the transfer of personal data to third countries or international organisations, as far as such agreements do not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects. | This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international agreements which involve the transfer of personal data to third countries or international organisations, as far as such agreements do not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects. | ||
</div></div> | </div></div> | ||
Revision as of 16:12, 19 April 2021
Legal Text
Article 1: Subject-matter and objectives
1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
3. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
Relevant Recitals
Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.
Flows of personal data to and from countries outside the Union and international organisations are necessary for the expansion of international trade and international cooperation. The increase in such flows has raised new challenges and concerns with regard to the protection of personal data. However, when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, the level of protection of natural persons ensured in the Union by this Regulation should not be undermined, including in cases of onward transfers of personal data from the third country or international organisation to controllers, processors in the same or another third country or international organisation. In any event, transfers to third countries and international organisations may only be carried out in full compliance with this Regulation. A transfer could take place only if, subject to the other provisions of this Regulation, the conditions laid down in the provisions of this Regulation relating to the transfer of personal data to third countries or international organisations are complied with by the controller or processor.
This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international agreements which involve the transfer of personal data to third countries or international organisations, as far as such agreements do not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects.
Commentary
Subject-matter
The GDPR has two main aims: (i) the protection of natural persons with regard to the processing of their personal data, and (ii) the free movement of personal data. It can therefore function as a guiding principle to the interpretation of the GDPR together with the principles found in Article 5.
It follows from the definition of personal data (→ see Article 4) that the GDPR applies to the processing of data concerning "natural persons". Processing data concerning a business normally falls outside the scope of the GDPR.
Protecting fundamental rights
The right to the protection of personal data is specifically mentioned in paragraph 2. This general statement is operationalized in the more specific articles throughout GDPR, for example in Article 35, which lays down the obligation to conduct a Data Protection Impact Assement. The obligation to implement adequate technical safeguards to protect personal data can be found in Article 32. The rights provided in Chapter III can also be seen as a prerequisite for natural persons to ensure that their fundamental rights are being respected.
Fundamental rights
The fundamental rights of a natural person to the protection of their personal data can be found in Article 8 EU Charter of Fundamental Rights[1] and Article 8 of the European Convention on Human Rights.[2]
The Charter, which is primary law, provides in Article 8(1) for “the right to the protection of personal data” of a natural person.
Some requirements to the processing of this data follows from Article 8(2) EU Charter of Fundamental Rights, where the principles of fairness and purpose limitation are explicitly mentioned, and that the processing must be pursuant to a lawful basis, for instance consent.
The importance of the Charter on the drafting of the GDPR can be observed from the changes made to the draft version of Article 6(4) following criticism from the Article 29 WP. The Council had proposed that a controller could further process data, even if the purpose of the processing was incompatible with the original purpose, as long as the controller had an overriding interest – something the Article 29 WP objected to by pointing out that the principle of purpose limitation is part of primary law. [3]
Data protection pursuant to Article 8 EU Charter is closely connected to Article 7 EU Charter, which concerns the right to respect for “private and family life” and “communications”.
→ See also Recital 1
→ See also Recital 2
Free movement of personal data
The free movement of personal data may appear to reflect the purpose of European integration. It recognizes that personal data is part of the European single market and therefore personal data is considered to be a good that can be traded. The GDPR thus aims to facilitate the trading of personal data in the European single market. Article 1(3) is thus in line with the free movement of goods, capital, services and labour within the EU. Article 1(3) reflects the harmonization of data protection across EU, as well as Iceland, Liechtenstein and Norway as part of the European Economic Area (EEA). Restrictions to transfers to non-EU/EEA countries (third countries) follow from Chapter V.
Decisions
→ You can find all related decisions in Category:Article 1 GDPR
References
- ↑ https://fra.europa.eu/en/charterpedia/article/8-protection-personal-data
- ↑ https://echr.coe.int/Documents/Convention_ENG.pdf
- ↑ Article 29 Data Protection Working Party, "Press release on Chapter II of the draft regulation for the March JHA Council", Press Release, 17 March 2015