https://gdprhub.eu/index.php?title=Article_1_GDPR&feed=atom&action=historyArticle 1 GDPR - Revision history2024-03-29T05:50:43ZRevision history for this page on the wikiMediaWiki 1.39.6https://gdprhub.eu/index.php?title=Article_1_GDPR&diff=40357&oldid=prevSfl: Added links2024-03-14T16:21:48Z<p>Added links</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 16:21, 14 March 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l218">Line 218:</td>
<td colspan="2" class="diff-lineno">Line 218:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(2) Protection of fundamental rights and freedoms ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(2) Protection of fundamental rights and freedoms ===</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>According to Article 1(2), the Regulation generally protects the fundamental rights and freedoms of the individual as well as 'in particular''<nowiki/>''' the right to the protection of personal data. Thus, the provisions of the GDPR on the protection of personal data seem to have two objectives. On the one hand, the protection of personal data - which may not come as a surprise. On the other hand, the legislator took the view that the protection of personal data also (indirectly) protects other 'fundamental rights and freedoms'.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 36 (Beck 2019) (accessed 2 September 2021).</ref><blockquote><u>Case Law:</u> In the joined cases <del style="font-weight: bold; text-decoration: none;"> </del>C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' - on so-called 'data retention' where communication metadata was stored for up to two year for criminal investigations, the CJEU held that "''it is not inconceivable that the retention of the data in question might have an effect on... their exercise of the freedom of expression guaranteed by Article 11 of the Charter''".</blockquote></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>According to Article 1(2), the Regulation generally protects the fundamental rights and freedoms of the individual as well as 'in particular''<nowiki/>''' the right to the protection of personal data. Thus, the provisions of the GDPR on the protection of personal data seem to have two objectives. On the one hand, the protection of personal data - which may not come as a surprise. On the other hand, the legislator took the view that the protection of personal data also (indirectly) protects other 'fundamental rights and freedoms'.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 36 (Beck 2019) (accessed 2 September 2021).</ref><blockquote><u>Case Law:</u> In the joined cases <ins style="font-weight: bold; text-decoration: none;">[[CJEU - C‑293/12 and C‑594/12 - Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others and Kärntner Landesregierung and Others|</ins>C‑293/12 and C‑594/12 - ''Digital Rights Ireland''<ins style="font-weight: bold; text-decoration: none;">]] </ins>- on so-called 'data retention' where communication metadata was stored for up to two year for criminal investigations, the CJEU held that "''it is not inconceivable that the retention of the data in question might have an effect on... their exercise of the freedom of expression guaranteed by Article 11 of the Charter''".</blockquote></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Protection of the fundamental right to data protection ====</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Protection of the fundamental right to data protection ====</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l236">Line 236:</td>
<td colspan="2" class="diff-lineno">Line 236:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>In its case law, the CJEU has also repeatedly stressed<ref>See for example [[CJEU - C‑40/17 - Fashion ID|C-40/17 ''Fashion ID'']], paragraph 50, with further references to [[CJEU - Case C-101/01 - Bodil Lindqvist|C‑101/01 ''Lindqvist'']]'', [[CJEU - C-524/06 - Huber|C‑524/06 Huber]]'' or C‑468/10 and C‑469/10 ''ASNEFF and FECEMD''</ref> that the GDPR (and the previous [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A31995L0046 Directive 95/46/EC]) is aiming for a "''high level of protection''".<ref>See Recital 6 and 10</ref> This term was regularly used to convey a more protective interpretation of the GDPR by the CJEU, and is taken from Recitals 6 and 10 of the GDPR. Although conflicting views exist,<ref>''Scorza'', in Riccio, Scorza, Belisario, GDPR e normativa privacy - Commentario, Article 62 GDPR (Wolters Kluwer 2018).</ref> the approach that gives the right to data protection prevalence over other legally relevant interests is preferred by the CJEU,<ref>''Hornung et al,'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 28 (Beck 2019) (accessed 2 September 2021). In the same direction, ''Hijmans'', in Kuner et al, The EU General Data Protection Regulation (GDPR): A Commentary, p. 56 (Oxford University Press 2020).</ref> in order to uphold the this high level of protection foreseen by the GDPR. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>In its case law, the CJEU has also repeatedly stressed<ref>See for example [[CJEU - C‑40/17 - Fashion ID|C-40/17 ''Fashion ID'']], paragraph 50, with further references to [[CJEU - Case C-101/01 - Bodil Lindqvist|C‑101/01 ''Lindqvist'']]'', [[CJEU - C-524/06 - Huber|C‑524/06 Huber]]'' or C‑468/10 and C‑469/10 ''ASNEFF and FECEMD''</ref> that the GDPR (and the previous [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A31995L0046 Directive 95/46/EC]) is aiming for a "''high level of protection''".<ref>See Recital 6 and 10</ref> This term was regularly used to convey a more protective interpretation of the GDPR by the CJEU, and is taken from Recitals 6 and 10 of the GDPR. Although conflicting views exist,<ref>''Scorza'', in Riccio, Scorza, Belisario, GDPR e normativa privacy - Commentario, Article 62 GDPR (Wolters Kluwer 2018).</ref> the approach that gives the right to data protection prevalence over other legally relevant interests is preferred by the CJEU,<ref>''Hornung et al,'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 28 (Beck 2019) (accessed 2 September 2021). In the same direction, ''Hijmans'', in Kuner et al, The EU General Data Protection Regulation (GDPR): A Commentary, p. 56 (Oxford University Press 2020).</ref> in order to uphold the this high level of protection foreseen by the GDPR. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Existing CJEU case law contains useful examples of the current state of play. In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' the CJEU has, for example, held that the prevention of terrorism does not allow the retention of meta data from phone records.<ref>See CJEU in Joined Cases C‑293/12 and C‑594/12, Digital Rights Ireland</ref></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Existing CJEU case law contains useful examples of the current state of play. In the joined cases <ins style="font-weight: bold; text-decoration: none;">[[CJEU - C‑293/12 and C‑594/12 - Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others and Kärntner Landesregierung and Others|</ins>C‑293/12 and C‑594/12 - ''Digital Rights Ireland''<ins style="font-weight: bold; text-decoration: none;">]] </ins>the CJEU has, for example, held that the prevention of terrorism does not allow the retention of meta data from phone records.<ref>See CJEU in Joined Cases C‑293/12 and C‑594/12, Digital Rights Ireland</ref></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Similarly, in other cases, public interest in financial transparency in the public sector was not seen to override the interest of employees<ref>See CJEU in C-465/00 ''Österreichischer Rundfunk.''</ref> or recipients of subsidies.<ref>See CJEU in Joined Cases C-92/09 and C-93/09 ''Volker und Markus Schecke und Eifert''.</ref> While these judgments were mainly concerning public sector violations of Article 7 and 8 CFR, they seem to also apply to private actors, given that the GDPR must be interpreted in light of the CFR.<blockquote><u>Example:</u> If in the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' the CJEU prohibited governments to keep phone records to fight terrorism and serious crime, it seems hard to argue that private entities could claim a legitimate interest under [[Article 6 GDPR|Article 6(1)(f) GDPR]] for communication data for purposes that are even less serious. Such a legitimate interest would have to cross the red lines set in the CJEU case law, given that the GDPR must be interpreted in the light of Article 8 CFR. </blockquote></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Similarly, in other cases, public interest in financial transparency in the public sector was not seen to override the interest of employees<ref>See CJEU in C-465/00 ''Österreichischer Rundfunk.''</ref> or recipients of subsidies.<ref>See CJEU in Joined Cases C-92/09 and C-93/09 ''Volker und Markus Schecke und Eifert''.</ref> While these judgments were mainly concerning public sector violations of Article 7 and 8 CFR, they seem to also apply to private actors, given that the GDPR must be interpreted in light of the CFR.<blockquote><u>Example:</u> If in the joined cases <ins style="font-weight: bold; text-decoration: none;">[[CJEU - C‑293/12 and C‑594/12 - Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others and Kärntner Landesregierung and Others|</ins>C‑293/12 and C‑594/12 - ''Digital Rights Ireland''<ins style="font-weight: bold; text-decoration: none;">]] </ins>the CJEU prohibited governments to keep phone records to fight terrorism and serious crime, it seems hard to argue that private entities could claim a legitimate interest under [[Article 6 GDPR|Article 6(1)(f) GDPR]] for communication data for purposes that are even less serious. Such a legitimate interest would have to cross the red lines set in the CJEU case law, given that the GDPR must be interpreted in the light of Article 8 CFR. </blockquote></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(3) Free movement of personal data===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(3) Free movement of personal data===</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Under [[Article 1 GDPR#3|Article 1(3) GDPR]], the free movement of personal data within the Union shall be neither restricted nor prohibited for reasons related to personal data protection. The provision is mainly aimed at Member States, which may have an interest to pass so-called data localization laws. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Under [[Article 1 GDPR#3|Article 1(3) GDPR]], the free movement of personal data within the Union shall be neither restricted nor prohibited for reasons related to personal data protection. The provision is mainly aimed at Member States, which may have an interest to pass so-called data localization laws. </div></td></tr>
<!-- diff cache key gdprwiki:diff::1.12:old-39920:rev-40357 -->
</table>Sflhttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=39920&oldid=prevTeresa.lopez: /* Interpretation in light of fundamental rights */2024-02-21T18:19:48Z<p><span dir="auto"><span class="autocomment">Interpretation in light of fundamental rights</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 18:19, 21 February 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l234">Line 234:</td>
<td colspan="2" class="diff-lineno">Line 234:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The fact that the GDPR implements the protection of fundamental rights in secondary legislation, also requires that the GDPR is interpreted in the light of these fundamental rights.<blockquote><u>Case Law:</u> In [[CJEU - C-311/18 - Schrems II|C-311/18 - ''Schrems II'']] on data transfers from the EU to the US, where secret services can access such personal data, the CJEU has highlighted that the GDPR must be interpreted in light of the CFR. This is not only limited to the right to data protection in Article 8 CFR and the closely related right to privacy in Article 7 CFR, but for example also includes the right to an effective remedy and to a fair trial under Article 47 CFR.<ref>See for example CJEU in [[CJEU - C-311/18 - Schrems II|C-311/18 - Schrems II]], paragraphs 99, 101, 105, 122, 137, 138, 140, 149, 161, 178, 198 or 199.</ref> </blockquote>This means that any interpretation of the GDPR that would disproportionally limit the right to data protection under Article 8 CFR could not be sustained. This also allows the application of the proportionality test under Article 52(1) CFR, which often leads to a clear answer when interpreting the GDPR.<ref>See for example CJEU in [[CJEU - C-311/18 - Schrems II|C-311/18 - Schrems II]], paragraphs 174, 178 and 185.</ref></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The fact that the GDPR implements the protection of fundamental rights in secondary legislation, also requires that the GDPR is interpreted in the light of these fundamental rights.<blockquote><u>Case Law:</u> In [[CJEU - C-311/18 - Schrems II|C-311/18 - ''Schrems II'']] on data transfers from the EU to the US, where secret services can access such personal data, the CJEU has highlighted that the GDPR must be interpreted in light of the CFR. This is not only limited to the right to data protection in Article 8 CFR and the closely related right to privacy in Article 7 CFR, but for example also includes the right to an effective remedy and to a fair trial under Article 47 CFR.<ref>See for example CJEU in [[CJEU - C-311/18 - Schrems II|C-311/18 - Schrems II]], paragraphs 99, 101, 105, 122, 137, 138, 140, 149, 161, 178, 198 or 199.</ref> </blockquote>This means that any interpretation of the GDPR that would disproportionally limit the right to data protection under Article 8 CFR could not be sustained. This also allows the application of the proportionality test under Article 52(1) CFR, which often leads to a clear answer when interpreting the GDPR.<ref>See for example CJEU in [[CJEU - C-311/18 - Schrems II|C-311/18 - Schrems II]], paragraphs 174, 178 and 185.</ref></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>In its case law, the CJEU has also repeatedly stressed<ref>See for example [[CJEU - C‑40/17 - Fashion ID|C-40/17 ''Fashion ID'']], paragraph 50, with further references to [[CJEU - Case C-101/01 - Bodil Lindqvist|C‑101/01 ''Lindqvist'']]'', [[CJEU - C-524/06 - Huber|C‑524/06 Huber]]'' or C‑468/10 and C‑469/10 ''ASNEFF and FECEMD''</ref> that the GDPR (and the [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A31995L0046 <del style="font-weight: bold; text-decoration: none;">previous </del>Directive 95/46/EC]) is aiming for a "''high level of protection''".<ref>See Recital 6 and 10</ref> This term was regularly used to convey a more protective interpretation of the GDPR by the CJEU, and is taken from Recitals 6 and 10 of the GDPR. Although conflicting views exist,<ref>''Scorza'', in Riccio, Scorza, Belisario, GDPR e normativa privacy - Commentario, Article 62 GDPR (Wolters Kluwer 2018).</ref> the approach that gives the right to data protection prevalence over other legally relevant interests is preferred by the CJEU,<ref>''Hornung et al,'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 28 (Beck 2019) (accessed 2 September 2021). In the same direction, ''Hijmans'', in Kuner et al, The EU General Data Protection Regulation (GDPR): A Commentary, p. 56 (Oxford University Press 2020).</ref> in order to uphold the this high level of protection foreseen by the GDPR. </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>In its case law, the CJEU has also repeatedly stressed<ref>See for example [[CJEU - C‑40/17 - Fashion ID|C-40/17 ''Fashion ID'']], paragraph 50, with further references to [[CJEU - Case C-101/01 - Bodil Lindqvist|C‑101/01 ''Lindqvist'']]'', [[CJEU - C-524/06 - Huber|C‑524/06 Huber]]'' or C‑468/10 and C‑469/10 ''ASNEFF and FECEMD''</ref> that the GDPR (and the <ins style="font-weight: bold; text-decoration: none;">previous </ins>[https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A31995L0046 Directive 95/46/EC]) is aiming for a "''high level of protection''".<ref>See Recital 6 and 10</ref> This term was regularly used to convey a more protective interpretation of the GDPR by the CJEU, and is taken from Recitals 6 and 10 of the GDPR. Although conflicting views exist,<ref>''Scorza'', in Riccio, Scorza, Belisario, GDPR e normativa privacy - Commentario, Article 62 GDPR (Wolters Kluwer 2018).</ref> the approach that gives the right to data protection prevalence over other legally relevant interests is preferred by the CJEU,<ref>''Hornung et al,'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 28 (Beck 2019) (accessed 2 September 2021). In the same direction, ''Hijmans'', in Kuner et al, The EU General Data Protection Regulation (GDPR): A Commentary, p. 56 (Oxford University Press 2020).</ref> in order to uphold the this high level of protection foreseen by the GDPR. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Existing CJEU case law contains useful examples of the current state of play. In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' the CJEU has, for example, held that the prevention of terrorism does not allow the retention of meta data from phone records.<ref>See CJEU in Joined Cases C‑293/12 and C‑594/12, Digital Rights Ireland</ref></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Existing CJEU case law contains useful examples of the current state of play. In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' the CJEU has, for example, held that the prevention of terrorism does not allow the retention of meta data from phone records.<ref>See CJEU in Joined Cases C‑293/12 and C‑594/12, Digital Rights Ireland</ref></div></td></tr>
</table>Teresa.lopezhttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=39919&oldid=prevTeresa.lopez: /* Interpretation in light of fundamental rights */ Corrected mistake2024-02-21T18:17:45Z<p><span dir="auto"><span class="autocomment">Interpretation in light of fundamental rights: </span> Corrected mistake</span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 18:17, 21 February 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l232">Line 232:</td>
<td colspan="2" class="diff-lineno">Line 232:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Interpretation in light of fundamental rights ====</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Interpretation in light of fundamental rights ====</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The fact that the GDPR implements the protection of fundamental rights in secondary legislation, also requires that the GDPR is interpreted in the light of these fundamental rights.<blockquote><u>Case Law:</u> In [[CJEU - C-311/18 - Schrems II|C-311/18 - ''Schrems II'']] on data transfers from the EU to the US, where secret services can access such personal data, the CJEU has highlighted that the GDPR must be interpreted in light of the CFR. This is not only limited to the right to data protection in Article 8 CFR and the closely related right to privacy in Article 7 <del style="font-weight: bold; text-decoration: none;">GDPR</del>, but for example also includes the right to an effective remedy and to a fair trial under Article 47 CFR.<ref>See for example CJEU in [[CJEU - C-311/18 - Schrems II|C-311/18 - Schrems II]], paragraphs 99, 101, 105, 122, 137, 138, 140, 149, 161, 178, 198 or 199.</ref> </blockquote>This means that any interpretation of the GDPR that would disproportionally limit the right to data protection under Article 8 CFR could not be sustained. This also allows the application of the proportionality test under Article 52(1) CFR, which often leads to a clear answer when interpreting the GDPR.<ref>See for example CJEU in [[CJEU - C-311/18 - Schrems II|C-311/18 - Schrems II]], paragraphs 174, 178 and 185.</ref></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The fact that the GDPR implements the protection of fundamental rights in secondary legislation, also requires that the GDPR is interpreted in the light of these fundamental rights.<blockquote><u>Case Law:</u> In [[CJEU - C-311/18 - Schrems II|C-311/18 - ''Schrems II'']] on data transfers from the EU to the US, where secret services can access such personal data, the CJEU has highlighted that the GDPR must be interpreted in light of the CFR. This is not only limited to the right to data protection in Article 8 CFR and the closely related right to privacy in Article 7 <ins style="font-weight: bold; text-decoration: none;">CFR</ins>, but for example also includes the right to an effective remedy and to a fair trial under Article 47 CFR.<ref>See for example CJEU in [[CJEU - C-311/18 - Schrems II|C-311/18 - Schrems II]], paragraphs 99, 101, 105, 122, 137, 138, 140, 149, 161, 178, 198 or 199.</ref> </blockquote>This means that any interpretation of the GDPR that would disproportionally limit the right to data protection under Article 8 CFR could not be sustained. This also allows the application of the proportionality test under Article 52(1) CFR, which often leads to a clear answer when interpreting the GDPR.<ref>See for example CJEU in [[CJEU - C-311/18 - Schrems II|C-311/18 - Schrems II]], paragraphs 174, 178 and 185.</ref></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>In its case law, the CJEU has also repeatedly stressed<ref>See for example [[CJEU - C‑40/17 - Fashion ID|C-40/17 ''Fashion ID'']], paragraph 50, with further references to [[CJEU - Case C-101/01 - Bodil Lindqvist|C‑101/01 ''Lindqvist'']]'', [[CJEU - C-524/06 - Huber|C‑524/06 Huber]]'' or C‑468/10 and C‑469/10 ''ASNEFF and FECEMD''</ref> that the GDPR (and the [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A31995L0046 previous Directive 95/46/EC]) is aiming for a "''high level of protection''".<ref>See Recital 6 and 10</ref> This term was regularly used to convey a more protective interpretation of the GDPR by the CJEU, and is taken from Recitals 6 and 10 of the GDPR. Although conflicting views exist,<ref>''Scorza'', in Riccio, Scorza, Belisario, GDPR e normativa privacy - Commentario, Article 62 GDPR (Wolters Kluwer 2018).</ref> the approach that gives the right to data protection prevalence over other legally relevant interests is preferred by the CJEU,<ref>''Hornung et al,'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 28 (Beck 2019) (accessed 2 September 2021). In the same direction, ''Hijmans'', in Kuner et al, The EU General Data Protection Regulation (GDPR): A Commentary, p. 56 (Oxford University Press 2020).</ref> in order to uphold the this high level of protection foreseen by the GDPR. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>In its case law, the CJEU has also repeatedly stressed<ref>See for example [[CJEU - C‑40/17 - Fashion ID|C-40/17 ''Fashion ID'']], paragraph 50, with further references to [[CJEU - Case C-101/01 - Bodil Lindqvist|C‑101/01 ''Lindqvist'']]'', [[CJEU - C-524/06 - Huber|C‑524/06 Huber]]'' or C‑468/10 and C‑469/10 ''ASNEFF and FECEMD''</ref> that the GDPR (and the [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A31995L0046 previous Directive 95/46/EC]) is aiming for a "''high level of protection''".<ref>See Recital 6 and 10</ref> This term was regularly used to convey a more protective interpretation of the GDPR by the CJEU, and is taken from Recitals 6 and 10 of the GDPR. Although conflicting views exist,<ref>''Scorza'', in Riccio, Scorza, Belisario, GDPR e normativa privacy - Commentario, Article 62 GDPR (Wolters Kluwer 2018).</ref> the approach that gives the right to data protection prevalence over other legally relevant interests is preferred by the CJEU,<ref>''Hornung et al,'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 28 (Beck 2019) (accessed 2 September 2021). In the same direction, ''Hijmans'', in Kuner et al, The EU General Data Protection Regulation (GDPR): A Commentary, p. 56 (Oxford University Press 2020).</ref> in order to uphold the this high level of protection foreseen by the GDPR. </div></td></tr>
</table>Teresa.lopezhttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=39918&oldid=prevTeresa.lopez: /* (2) Protection of fundamental rights and freedoms */2024-02-21T17:50:21Z<p><span dir="auto"><span class="autocomment">(2) Protection of fundamental rights and freedoms</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:50, 21 February 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l218">Line 218:</td>
<td colspan="2" class="diff-lineno">Line 218:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(2) Protection of fundamental rights and freedoms ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(2) Protection of fundamental rights and freedoms ===</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>According to Article 1(2), the Regulation generally protects the fundamental rights and freedoms of the individual as well as 'in particular''<nowiki/>''' the right to the protection of personal data. Thus, the provisions of the GDPR on the protection of personal data seem to have two objectives. On the one hand, the protection of personal data - which may not come as a surprise. On the other hand, the legislator took the view that the protection of personal data also (indirectly) protects other 'fundamental rights and freedoms'.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 36 (Beck 2019) (accessed 2 September 2021).</ref><blockquote><u>Case Law:</u> In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' - on so-called 'data retention' where communication <del style="font-weight: bold; text-decoration: none;">meta data </del>was stored for up to two year for criminal investigations, the CJEU held that "''it is not inconceivable that the retention of the data in question might have an effect on... their exercise of the freedom of expression guaranteed by Article 11 of the Charter''".</blockquote></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>According to Article 1(2), the Regulation generally protects the fundamental rights and freedoms of the individual as well as 'in particular''<nowiki/>''' the right to the protection of personal data. Thus, the provisions of the GDPR on the protection of personal data seem to have two objectives. On the one hand, the protection of personal data - which may not come as a surprise. On the other hand, the legislator took the view that the protection of personal data also (indirectly) protects other 'fundamental rights and freedoms'.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 36 (Beck 2019) (accessed 2 September 2021).</ref><blockquote><u>Case Law:</u> In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' - on so-called 'data retention' where communication <ins style="font-weight: bold; text-decoration: none;">metadata </ins>was stored for up to two year for criminal investigations, the CJEU held that "''it is not inconceivable that the retention of the data in question might have an effect on... their exercise of the freedom of expression guaranteed by Article 11 of the Charter''".</blockquote></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Protection of the fundamental right to data protection ====</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Protection of the fundamental right to data protection ====</div></td></tr>
</table>Teresa.lopezhttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=39917&oldid=prev2A09:BAC3:3116:191:0:0:28:AE: /* (1) Subject-matter */2024-02-21T17:36:38Z<p><span dir="auto"><span class="autocomment">(1) Subject-matter</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:36, 21 February 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l202">Line 202:</td>
<td colspan="2" class="diff-lineno">Line 202:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(1) Subject-matter===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(1) Subject-matter===</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Article 1(1) establishes the GDPR's two main aims <del style="font-weight: bold; text-decoration: none;">of the GDPR</del>. First, it aims at protecting natural persons with regard to the processing of their personal data, at the same time it recognizes the EU internal market interest in the free movement of such data. Both objectives are already named in the title of the GDPR. </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Article 1(1) establishes the GDPR's two main aims. First, it aims at protecting natural persons with regard to the processing of their personal data, at the same time it recognizes the EU internal market interest in the free movement of such data. Both objectives are already named in the title of the GDPR. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Data protection and the free flow of data ====</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Data protection and the free flow of data ====</div></td></tr>
</table>2A09:BAC3:3116:191:0:0:28:AEhttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=35721&oldid=prevSR: /* (1) Subject-Matter */2023-10-24T11:21:13Z<p><span dir="auto"><span class="autocomment">(1) Subject-Matter</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 11:21, 24 October 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l201">Line 201:</td>
<td colspan="2" class="diff-lineno">Line 201:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Article 1 GDPR is mainly programmatic and sets out the general objectives of the GDPR. While this is relevant for the understanding and interpretation of the GDPR, Article 1 has limited legal relevance for controllers and data subjects in daily practice. The aims can function as guiding principles to interpreting the GDPR.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 1 (Beck 2019) (accessed 2 September 2021).</ref></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Article 1 GDPR is mainly programmatic and sets out the general objectives of the GDPR. While this is relevant for the understanding and interpretation of the GDPR, Article 1 has limited legal relevance for controllers and data subjects in daily practice. The aims can function as guiding principles to interpreting the GDPR.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 1 (Beck 2019) (accessed 2 September 2021).</ref></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>===(1) Subject-<del style="font-weight: bold; text-decoration: none;">Matter</del>===</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>===(1) Subject-<ins style="font-weight: bold; text-decoration: none;">matter</ins>===</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Article 1(1) establishes the GDPR's two main aims of the GDPR. First, it aims at protecting natural persons with regard to the processing of their personal data, at the same time it recognizes the EU internal market interest in the free movement of such data. Both objectives are already named in the title of the GDPR. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Article 1(1) establishes the GDPR's two main aims of the GDPR. First, it aims at protecting natural persons with regard to the processing of their personal data, at the same time it recognizes the EU internal market interest in the free movement of such data. Both objectives are already named in the title of the GDPR. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l217">Line 217:</td>
<td colspan="2" class="diff-lineno">Line 217:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>While citizenship is not a factor in the GDPR, there are other geographic factors that limit the application of the GDPR. You can find further details about the territorial scope in [[Article 3 GDPR]].</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>While citizenship is not a factor in the GDPR, there are other geographic factors that limit the application of the GDPR. You can find further details about the territorial scope in [[Article 3 GDPR]].</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>===(2) Protection of <del style="font-weight: bold; text-decoration: none;">Fundamental Rights </del>and <del style="font-weight: bold; text-decoration: none;">Freedoms </del>===</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>===(2) Protection of <ins style="font-weight: bold; text-decoration: none;">fundamental rights </ins>and <ins style="font-weight: bold; text-decoration: none;">freedoms </ins>===</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>According to Article 1(2), the Regulation generally protects the fundamental rights and freedoms of the individual as well as 'in particular''<nowiki/>''' the right to the protection of personal data. Thus, the provisions of the GDPR on the protection of personal data seem to have two objectives. On the one hand, the protection of personal data - which may not come as a surprise. On the other hand, the legislator took the view that the protection of personal data also (indirectly) protects other 'fundamental rights and freedoms'.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 36 (Beck 2019) (accessed 2 September 2021).</ref><blockquote><u>Case Law:</u> In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' - on so-called 'data retention' where communication meta data was stored for up to two year for criminal investigations, the CJEU held that "''it is not inconceivable that the retention of the data in question might have an effect on... their exercise of the freedom of expression guaranteed by Article 11 of the Charter''".</blockquote></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>According to Article 1(2), the Regulation generally protects the fundamental rights and freedoms of the individual as well as 'in particular''<nowiki/>''' the right to the protection of personal data. Thus, the provisions of the GDPR on the protection of personal data seem to have two objectives. On the one hand, the protection of personal data - which may not come as a surprise. On the other hand, the legislator took the view that the protection of personal data also (indirectly) protects other 'fundamental rights and freedoms'.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 36 (Beck 2019) (accessed 2 September 2021).</ref><blockquote><u>Case Law:</u> In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' - on so-called 'data retention' where communication meta data was stored for up to two year for criminal investigations, the CJEU held that "''it is not inconceivable that the retention of the data in question might have an effect on... their exercise of the freedom of expression guaranteed by Article 11 of the Charter''".</blockquote></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l239">Line 239:</td>
<td colspan="2" class="diff-lineno">Line 239:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Similarly, in other cases, public interest in financial transparency in the public sector was not seen to override the interest of employees<ref>See CJEU in C-465/00 ''Österreichischer Rundfunk.''</ref> or recipients of subsidies.<ref>See CJEU in Joined Cases C-92/09 and C-93/09 ''Volker und Markus Schecke und Eifert''.</ref> While these judgments were mainly concerning public sector violations of Article 7 and 8 CFR, they seem to also apply to private actors, given that the GDPR must be interpreted in light of the CFR.<blockquote><u>Example:</u> If in the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' the CJEU prohibited governments to keep phone records to fight terrorism and serious crime, it seems hard to argue that private entities could claim a legitimate interest under [[Article 6 GDPR|Article 6(1)(f) GDPR]] for communication data for purposes that are even less serious. Such a legitimate interest would have to cross the red lines set in the CJEU case law, given that the GDPR must be interpreted in the light of Article 8 CFR. </blockquote></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Similarly, in other cases, public interest in financial transparency in the public sector was not seen to override the interest of employees<ref>See CJEU in C-465/00 ''Österreichischer Rundfunk.''</ref> or recipients of subsidies.<ref>See CJEU in Joined Cases C-92/09 and C-93/09 ''Volker und Markus Schecke und Eifert''.</ref> While these judgments were mainly concerning public sector violations of Article 7 and 8 CFR, they seem to also apply to private actors, given that the GDPR must be interpreted in light of the CFR.<blockquote><u>Example:</u> If in the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' the CJEU prohibited governments to keep phone records to fight terrorism and serious crime, it seems hard to argue that private entities could claim a legitimate interest under [[Article 6 GDPR|Article 6(1)(f) GDPR]] for communication data for purposes that are even less serious. Such a legitimate interest would have to cross the red lines set in the CJEU case law, given that the GDPR must be interpreted in the light of Article 8 CFR. </blockquote></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>===(3) Free <del style="font-weight: bold; text-decoration: none;">Movement </del>of <del style="font-weight: bold; text-decoration: none;">Personal Data</del>===</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>===(3) Free <ins style="font-weight: bold; text-decoration: none;">movement </ins>of <ins style="font-weight: bold; text-decoration: none;">personal data</ins>===</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Under [[Article 1 GDPR#3|Article 1(3) GDPR]], the free movement of personal data within the Union shall be neither restricted nor prohibited for reasons related to personal data protection. The provision is mainly aimed at Member States, which may have an interest to pass so-called data localization laws. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Under [[Article 1 GDPR#3|Article 1(3) GDPR]], the free movement of personal data within the Union shall be neither restricted nor prohibited for reasons related to personal data protection. The provision is mainly aimed at Member States, which may have an interest to pass so-called data localization laws. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
</table>SRhttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=35366&oldid=prevNg at 09:58, 12 October 20232023-10-12T09:58:50Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 09:58, 12 October 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l184">Line 184:</td>
<td colspan="2" class="diff-lineno">Line 184:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|}</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|}</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==Legal Text==</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==Legal Text ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"><br /><center></del>'''Article 1: Subject-matter and objectives'''<del style="font-weight: bold; text-decoration: none;"></center></del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>'''Article 1: Subject-matter and objectives'''</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><span id="1">1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.</span></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><span id="1">1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.</span></div></td></tr>
</table>Nghttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=31377&oldid=prevLr: /* (2) Protection of Fundamental Rights and Freedoms */2023-02-27T13:20:32Z<p><span dir="auto"><span class="autocomment">(2) Protection of Fundamental Rights and Freedoms</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 13:20, 27 February 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l217">Line 217:</td>
<td colspan="2" class="diff-lineno">Line 217:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(2) Protection of Fundamental Rights and Freedoms ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(2) Protection of Fundamental Rights and Freedoms ===</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>According to Article 1(2), the Regulation generally protects the fundamental rights and freedoms of the individual as well as 'in particular''<nowiki/>''' the right to the protection of personal data. Thus, the provisions of the GDPR on the protection of personal data seem to have two objectives. On the one hand, the protection of personal data - which may not come as a surprise. On the other hand, the legislator took the view that the protection of personal data also (indirectly) protects other 'fundamental rights and freedoms'.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 36 (Beck 2019) (accessed 2 September 2021).</ref><blockquote><u>Case Law:</u> In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' on so-called 'data retention' where communication meta data was stored for up to two year for criminal investigations, the CJEU held that "''it is not inconceivable that the retention of the data in question might have an effect on... their exercise of the freedom of expression guaranteed by Article 11 of the Charter''".</blockquote></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>According to Article 1(2), the Regulation generally protects the fundamental rights and freedoms of the individual as well as 'in particular''<nowiki/>''' the right to the protection of personal data. Thus, the provisions of the GDPR on the protection of personal data seem to have two objectives. On the one hand, the protection of personal data - which may not come as a surprise. On the other hand, the legislator took the view that the protection of personal data also (indirectly) protects other 'fundamental rights and freedoms'.<ref>''Hornung and Spiecker'' in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 36 (Beck 2019) (accessed 2 September 2021).</ref><blockquote><u>Case Law:</u> In the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' <ins style="font-weight: bold; text-decoration: none;">- </ins>on so-called 'data retention' where communication meta data was stored for up to two year for criminal investigations, the CJEU held that "''it is not inconceivable that the retention of the data in question might have an effect on... their exercise of the freedom of expression guaranteed by Article 11 of the Charter''".</blockquote></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Protection of the fundamental right to data protection ====</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==== Protection of the fundamental right to data protection ====</div></td></tr>
</table>Lrhttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=30917&oldid=prevLr: quotation marks2023-02-01T15:47:27Z<p>quotation marks</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 15:47, 1 February 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l239">Line 239:</td>
<td colspan="2" class="diff-lineno">Line 239:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Similarly, in other cases, public interest in financial transparency in the public sector was not seen to override the interest of employees<ref>See CJEU in C-465/00 ''Österreichischer Rundfunk.''</ref> or recipients of subsidies.<ref>See CJEU in Joined Cases C-92/09 and C-93/09 ''Volker und Markus Schecke und Eifert''.</ref> While these judgments were mainly concerning public sector violations of Article 7 and 8 CFR, they seem to also apply to private actors, given that the GDPR must be interpreted in light of the CFR.<blockquote><u>Example:</u> If in the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' the CJEU prohibited governments to keep phone records to fight terrorism and serious crime, it seems hard to argue that private entities could claim a legitimate interest under [[Article 6 GDPR|Article 6(1)(f) GDPR]] for communication data for purposes that are even less serious. Such a legitimate interest would have to cross the red lines set in the CJEU case law, given that the GDPR must be interpreted in the light of Article 8 CFR. </blockquote></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Similarly, in other cases, public interest in financial transparency in the public sector was not seen to override the interest of employees<ref>See CJEU in C-465/00 ''Österreichischer Rundfunk.''</ref> or recipients of subsidies.<ref>See CJEU in Joined Cases C-92/09 and C-93/09 ''Volker und Markus Schecke und Eifert''.</ref> While these judgments were mainly concerning public sector violations of Article 7 and 8 CFR, they seem to also apply to private actors, given that the GDPR must be interpreted in light of the CFR.<blockquote><u>Example:</u> If in the joined cases C‑293/12 and C‑594/12 - ''Digital Rights Ireland'' the CJEU prohibited governments to keep phone records to fight terrorism and serious crime, it seems hard to argue that private entities could claim a legitimate interest under [[Article 6 GDPR|Article 6(1)(f) GDPR]] for communication data for purposes that are even less serious. Such a legitimate interest would have to cross the red lines set in the CJEU case law, given that the GDPR must be interpreted in the light of Article 8 CFR. </blockquote></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(3) Free Movement of Personal Data===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===(3) Free Movement of Personal Data===</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Under Article 1(3) GDPR, the free movement of personal data within the Union shall be neither restricted nor prohibited for reasons related to personal data protection. The provision is mainly aimed at Member States, which may have an interest to pass so-called data localization laws. </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Under <ins style="font-weight: bold; text-decoration: none;">[[Article 1 GDPR#3|</ins>Article 1(3) GDPR<ins style="font-weight: bold; text-decoration: none;">]]</ins>, the free movement of personal data within the Union shall be neither restricted nor prohibited for reasons related to personal data protection. The provision is mainly aimed at Member States, which may have an interest to pass so-called data localization laws. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The free movement of personal data is limited to the Union, meaning the European Economic Area (EEA). The EEA includes all EU Member States, Iceland, Liechtenstein and Norway. The status of various special territories of EU Member States require additional checks, as some form part of the EEA, while others do not. The UK is not a Member State anymore. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The free movement of personal data is limited to the Union, meaning the European Economic Area (EEA). The EEA includes all EU Member States, Iceland, Liechtenstein and Norway. The status of various special territories of EU Member States require additional checks, as some form part of the EEA, while others do not. The UK is not a Member State anymore. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Non-EU/EEA countries do not benefit from the free flow of personal data. In fact, the CJEU has set rather high standards for international data transfers.<ref>See for example CJEU in C-364/14 ''Schrems I'' and [[CJEU - C-311/18 - Schrems II|C-311/18 ''Schrems II'']].</ref> The free flow of personal data is explicitly limited to the EEA. Rules on transfers to non-EU/EEA countries (<del style="font-weight: bold; text-decoration: none;">"</del>third countries<del style="font-weight: bold; text-decoration: none;">"</del>) can be found in Chapter V of the GDPR. <blockquote><u>Example:</u> When a Czech controller is storing personal data with a Norwegian cloud provider, the companies do not have to worry about international data flows, because the GDPR prohibits limitations on such data flows. However, when a Spanish controller is using a Swiss provider, there needs to be an additional legal basis for these data flows. </blockquote>There is an ongoing discussion on whether the free flow of personal data only protects data flowing between systems that are on EEA territory, or if systems on non-EEA territory - that are under the effective control of an EEA controller or processor - would still benefit from the free flow of personal data, given that the GDPR would still apply to them. The European Commission has recently taken an entity-based approach (focusing on the question of whether the controlling entity falls under the territorial scope in [[Article 3 GDPR]]), not a data-based approach (focusing on the question of whether the data is physically staying in the EEA).<ref>See Article 1(1) of Commission Implementing Decision (EU) 2021/914 and the European Commission's FAQs available at https://ec.europa.eu/info/sites/default/files/questions_answers_on_sccs_en.pdf, page 13.</ref> The wording of the GDPR does not seem to support an entity-based approach.<ref>Article 1(3) GDPR focuses on the "''movement of personal data within the Union''", Article 44 GDPR equally regulated the "''transfer of personal data''", not the transfer to an entity that is not governed by the GDPR.</ref> At the same time, however, the definition of the GDPR's territorial scope of application is explicitly uncoupled from the question of whether the processing 'takes place in the Union or not' (cf. Art. 3(1)).</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Non-EU/EEA countries do not benefit from the free flow of personal data. In fact, the CJEU has set rather high standards for international data transfers.<ref>See for example CJEU in C-364/14 ''Schrems I'' and [[CJEU - C-311/18 - Schrems II|C-311/18 ''Schrems II'']].</ref> The free flow of personal data is explicitly limited to the EEA. Rules on transfers to non-EU/EEA countries (<ins style="font-weight: bold; text-decoration: none;">'</ins>third countries<ins style="font-weight: bold; text-decoration: none;">'</ins>) can be found in Chapter V of the GDPR. <blockquote><u>Example:</u> When a Czech controller is storing personal data with a Norwegian cloud provider, the companies do not have to worry about international data flows, because the GDPR prohibits limitations on such data flows. However, when a Spanish controller is using a Swiss provider, there needs to be an additional legal basis for these data flows. </blockquote>There is an ongoing discussion on whether the free flow of personal data only protects data flowing between systems that are on EEA territory, or if systems on non-EEA territory - that are under the effective control of an EEA controller or processor - would still benefit from the free flow of personal data, given that the GDPR would still apply to them. The European Commission has recently taken an entity-based approach (focusing on the question of whether the controlling entity falls under the territorial scope in [[Article 3 GDPR]]), not a data-based approach (focusing on the question of whether the data is physically staying in the EEA).<ref>See Article 1(1) of Commission Implementing Decision (EU) 2021/914 and the European Commission's FAQs available at https://ec.europa.eu/info/sites/default/files/questions_answers_on_sccs_en.pdf, page 13.</ref> The wording of the GDPR does not seem to support an entity-based approach.<ref>Article 1(3) GDPR focuses on the "''movement of personal data within the Union''", Article 44 GDPR equally regulated the "''transfer of personal data''", not the transfer to an entity that is not governed by the GDPR.</ref> At the same time, however, the definition of the GDPR's territorial scope of application is explicitly uncoupled from the question of whether the processing 'takes place in the Union or not' (cf. Art. 3(1)).</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><references /></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><references /></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
</table>Lrhttps://gdprhub.eu/index.php?title=Article_1_GDPR&diff=30914&oldid=prevLr: /* Limit to natural persons */2023-02-01T15:35:34Z<p><span dir="auto"><span class="autocomment">Limit to natural persons</span></span></p>
<a href="https://gdprhub.eu/index.php?title=Article_1_GDPR&diff=30914&oldid=30734">Show changes</a>Lr