Article 95 GDPR

From GDPRhub
Article 95 - Relationship with Directive 2002/58/EC
Gdpricon.png
Chapter 10: Delegated and implementing acts

Legal Text

Article 95 - Relationship with Directive 2002/58/EC


This Regulation shall not impose additional obligations on natural or legal persons in relation to processing in connection with the provision of publicly available electronic communications services in public communication networks in the Union in relation to matters for which they are subject to specific obligations with the same objective set out in Directive 2002/58/EC.

Relevant Recitals

Recital 173: Relationship to Directive 2002/58/EC
This Regulation should apply to all matters concerning the protection of fundamental rights and freedoms vis-à-vis the processing of personal data which are not subject to specific obligations with the same objective set out in Directive 2002/58/EC of the European Parliament and of the Council, including the obligations on the controller and the rights of natural persons. In order to clarify the relationship between this Regulation and Directive 2002/58/EC, that Directive should be amended accordingly. Once this Regulation is adopted, Directive 2002/58/EC should be reviewed in particular in order to ensure consistency with this Regulation.

Commentary

Article 95 GDPR regulates the relationship between the GDPR and Directive 2002/58/EC (the ‘e-Privacy Directive’ or ‘EPD’) which contains rules on the privacy and confidentiality of electronic communications.

According to Article 95, the GDPR should not impose additional obligations on natural or legal persons - in connection with the provision of publicly available electronic communication services in public communication networks - who are already subject to specific obligations with the same objective under the EPC.

Lex Specialis

Article 95 appears to follow the lex specialis rule of interpretation, whereby a specific law is taken to override a more general law on the same set of facts.

On the one hand, the application of this principle to the two laws is simple: the EPD specifically governs electronic communications, and can therefore be seen to supersede the GDPR, which contains more general provisions on data processing.[1]

It should be noted, however, that in some ways, the EPD is not more specific than the GDPR. For example, whilst the GDPR only protects natural persons in relation to the processing of their personal data, the EPD also protects the legitimate interests of legal persons.[2] Moreover, whilst the GDPR specifically protects personal data in accordance with Article 8 of the Charter, the EPD more broadly protects the privacy and confidentiality of electronic communications, in line with Article 7 of the Charter.[3] In this way, as Kühling and Raab note, “the challenge in each case is to check whether the special provisions of Directive actually supersede the general rules of the GDPR.”[4]

Natural or Legal Persons

Publicly Available Electronic Communication Service

Public Communications Networks

Specific Obligations with the Same Objectives

Cookies and Similar Tracking Technologies
Consent & the Rights of the Data Subject

The e-Privacy Regulation Proposal

Decisions

→ You can find all related decisions in Category:Article 95 GDPR

References

  1. Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 95 GDPR, margin numbers 1-3b (Beck 2020, 3rd ed.).
  2. Gernot, Sydow, in Sydow, Europäische Datenschutzgrundverordnung, Article 95 GDPR, margin number 2,5 (Beck 2018, 2nd ed.)
  3. Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 95 GDPR, margin numbers 1-3b (Beck 2020, 3rd ed.).
  4. Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 95 GDPR, margin numbers 1-3b (Beck 2020, 3rd ed.).