Article 1 GDPR: Difference between revisions
Line 203: | Line 203: | ||
Article 1(1) establishes the GDPR's two main aims. From one side, it aims at protecting natural persons with regard to the processing of their personal data. On the other side, it recognizes the EU internal market interest in the free movement of such data. | Article 1(1) establishes the GDPR's two main aims. From one side, it aims at protecting natural persons with regard to the processing of their personal data. On the other side, it recognizes the EU internal market interest in the free movement of such data. | ||
==== Data protection or free flow of data? ==== | |||
It seems clear that, at least on some occasions, the right to the protection of personal data may conflict with other freedoms, not only individual freedoms, such as the free movement of personal data. Although there is no uniformity of views,<ref>''Scorza'', in Riccio, Scorza, Belisario, GDPR e normativa privacy - Commentario, Article 62 GDPR (Wolters Kluwer 2018).</ref> we feel we must adhere to the approach that gives the right to data protection prevalence over other interests that are also legally relevant.<ref>''Hornung et al,'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 28 (Beck 2019) (accessed 2 September 2021).</ref> | |||
In this regard, it has been convincingly noted that the fundamental rights of privacy, personality and data protection are to be classified as the backbone of the fundamental rights and freedoms of a free legal system and that there can be no freedom where the individual is not in control of | In this regard, it has been convincingly noted that the fundamental rights of privacy, personality and data protection are to be classified as the backbone of the fundamental rights and freedoms of a free legal system and that there can be no freedom where the individual is not in control of their data, i.e. feels observed, tracked and continuously assessed.<ref>''Hornung et al'', in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 29 (Beck 2019) (accessed 2 September 2021).</ref> After all, Recital 4 itself clearly states that “''The processing of personal data should be designed to serve mankind.''” | ||
These aims can function as guiding principles to interpreting the GDPR, together with the data processing principles established in [[Article 5 GDPR|Article 5]].<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 1 (Beck 2019) (accessed 2 September 2021).</ref> Article 1(1) also clarifies that the GDPR applies to the processing of personal data concerning ''natural'' persons. It follows that the Regulation does not apply to the processing of data belonging to companies or other legal entities. | These aims can function as guiding principles to interpreting the GDPR, together with the data processing principles established in [[Article 5 GDPR|Article 5]].<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 1 (Beck 2019) (accessed 2 September 2021).</ref> | ||
==== Natural persons ==== | |||
Article 1(1) also clarifies that the GDPR applies to the processing of personal data concerning ''natural'' persons. It follows that the Regulation does not apply to the processing of data belonging to companies or other legal entities. | |||
===(2) Protecting Fundamental Rights === | ===(2) Protecting Fundamental Rights === |
Revision as of 08:10, 3 September 2021
Legal Text
Article 1: Subject-matter and objectives
1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
3. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
Relevant Recitals
Commentary
Article 1 GDPR draws a first general framework regarding the processing of personal data in Europe. Paragraph 1 defines the two main objectives of the Regulation which are, on the one hand, the protection of the individual's personal data and, on the other, the facilitation of the principle of the free movement of such data. Paragraph 2 enshrines the protection of the individual's fundamental rights and freedoms, especially if connected to their personal data. Finally, Paragraph 3 clarifies that the free movement of personal data may not be prohibited or restricted for reasons relating to the protection of personal data.
(1) Subject-Matter
Article 1(1) establishes the GDPR's two main aims. From one side, it aims at protecting natural persons with regard to the processing of their personal data. On the other side, it recognizes the EU internal market interest in the free movement of such data.
Data protection or free flow of data?
It seems clear that, at least on some occasions, the right to the protection of personal data may conflict with other freedoms, not only individual freedoms, such as the free movement of personal data. Although there is no uniformity of views,[1] we feel we must adhere to the approach that gives the right to data protection prevalence over other interests that are also legally relevant.[2]
In this regard, it has been convincingly noted that the fundamental rights of privacy, personality and data protection are to be classified as the backbone of the fundamental rights and freedoms of a free legal system and that there can be no freedom where the individual is not in control of their data, i.e. feels observed, tracked and continuously assessed.[3] After all, Recital 4 itself clearly states that “The processing of personal data should be designed to serve mankind.”
These aims can function as guiding principles to interpreting the GDPR, together with the data processing principles established in Article 5.[4]
Natural persons
Article 1(1) also clarifies that the GDPR applies to the processing of personal data concerning natural persons. It follows that the Regulation does not apply to the processing of data belonging to companies or other legal entities.
(2) Protecting Fundamental Rights
Article 1(2) specifically states that the GDPR protects natural persons' fundamental right to the protection of personal data. This is operationalized in more specific Articles throughout GDPR, for example in Article 35, which lays down the obligation to conduct a Data Protection Impact Assessment. The obligation to implement adequate technical safeguards to protect personal data can be found in Article 32. The rights provided in Chapter III can also be seen as a prerequisite for natural persons to ensure that their fundamental rights are being respected.
The fundamental right of a natural person to the protection of their personal data can be found in Article 8 of the Charter of Fundamental Rights of the European Union ('the Charter') and Article 8 ECHR.
The Charter, which is EU primary law, provides in Article 8(1) for “the right to the protection of personal data” of a natural person. Some requirements to the processing of this data follow from Article 8(2) of the Charter, which explicitly mentions the principles of fairness and purpose limitation, as well as states that processing must be pursuant to a lawful basis such as consent.
The impact of the Charter on the drafting of the GDPR can be observed from the changes made to the draft version of Article 6(4) GDPR following criticism from the Working Party 29. The Council had proposed that a controller could further process data, even if the purpose of the processing was incompatible with the original purpose, as long as the controller had an overriding interest – something the Working Party 29 objected to by pointing out that the principle of purpose limitation is part of primary law. [5]
Data protection pursuant to Article 8 of the Charter is closely connected to Article 7 of the Charter, which concerns the right to respect for “private and family life” and “communications”.
(3) Free Movement of Personal Data
The requirement for the free movement of personal data within the EU reflects the aim of European integration. Article 1(3) recognizes that personal data is part of the European single market and that personal data is a good that can be traded. It aims to facilitate the trading of personal data in the European single market, and is thus in line with the free movement of goods, capital, services and labour within the EU.
Article 1(3) also facilitates the harmonization of data protection across EU, as well as Iceland, Liechtenstein and Norway as part of the European Economic Area (EEA). Restrictions to transfers to non-EU/EEA countries (third countries) follow from Chapter V GDPR.
Decisions
→ You can find all related decisions in Category:Article 1 GDPR
References
- ↑ Scorza, in Riccio, Scorza, Belisario, GDPR e normativa privacy - Commentario, Article 62 GDPR (Wolters Kluwer 2018).
- ↑ Hornung et al, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 28 (Beck 2019) (accessed 2 September 2021).
- ↑ Hornung et al, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 29 (Beck 2019) (accessed 2 September 2021).
- ↑ Hornung and Spiecker in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 1 (Beck 2019) (accessed 2 September 2021).
- ↑ WP29, Press release on Chapter II of the draft regulation for the March JHA Council, 17 March 2015.