I.Intro Flashcards
A1. Rationale for data protection
1, data protection as fundamental human right.
2, Respect of fundamental rights and freedom.
A2. Human rights laws
The United Nations’ (UN) Universal Declaration of Human Rights (UDHR) (1948) declared:
Article 12. No one shall be subjected to arbitrary interference with his privacy…
Article 19. Everyone has the right to freedom of opinion and expression…
The Council of Europe’s (CoE) European Convention of Human Rights
Article 29(2). In the exercise of his rights…everyone shall be subject…respect for the rights of others…
Article 8. Everyone has the right to respect for his private…life
Article 10(1). Everyone has the right to freedom of expression.
Article 10(2). The exercise of these freedoms may be subject to restrictions or penalties
A3. Early laws and regulations
In 1980, OECD issued Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD Guidelines). Revised 2013.
The guidelines are not law but contain many GDPR principles.
Council of Europe (CoE) issued the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108), “GDPR Lite.”
Product: the EU Charter of Fundamental Rights. Includes fundamental right to data protection. Did not become law until 2009, when the Treaty of Lisbon made it law.
Recite: 2002, EU enacted the Directive on Privacy and Electronic Communications
Directive 2002/58/EC (ePrivacy Directive).
This law orders EU member states to adopt national laws to protect the confidentiality of communications by means of public communications networks and publicly available electronic communications services.
The e-Privacy Directive does not apply to private communication networks, such as a company intranet.
A4. The need for a harmonized European approach
1, need for free data transfer in EU.
2, need for a better higher personal data protection standers.
3, prevent conflict between different Jurisdiction
A5. The Treaty of Lisbon
Treaty of Lisbon (2009 )It legalized the EU Charter of Fundamental Rights (for all EU subjects) and the fundamental right to privacy.
A6. A modernized framework
The General Data Protection Regulation (GDPR) modernizes data protection law. It is effective May 25, 2018. The ePrivacy Directive will be eventually replaced by the ePrivacy Regulation, expected on or after 2019. ePrivacy aims regulate online communication
B1. Council of Europe
Council of Europe (CoE) is an international organization. It has 47 member states,It is separate from the EU
B2. European Court of Human Rights
European Court of Human Rights (ECtHR) adjudicates disputes arising from (i) the European Convention on Human Rights and (ii) Convention 108.
B3. European Parliament
European Parliament,It cannot propose legislation. However, it debates and passes legislation and bud-
gets, and supervises other institutions.
B4.European Commission
The European Commission is the executive branch of the EU and implements policies and decisions. It has one commissioner per member state. It also proposes legislation. However, it cannot pass legislation.
B5. The European Council
The European Council is this think-tank thing where heads of state (kings and queens) go to “provide the union with general political directions and priorities.” These people also dogpile on the meetings: the European Council President, the European Commission President, and the High Representative of Foreign Affairs and Security Policy. The European Council has no power.
B6. European Court of Justice
The CJEU adjudicates disputes arising from EU law. Remember, the European Court of Human Rights adjudicates CoE law (the ECHR and Convention 108 only).
The CJEU is located in Luxembourg (not Strasbourg).
The CJEU has 2 branches. The Court of Justice “deals with requests for preliminary rulings from national courts and appeals.” Whereas the General Court “rules on actions for annulment brought by individuals, companies and, in some cases, EU governments.”
C1. The Council of European Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (The CoE Convention)
This Convention is the first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks to regulate at the same time the transfrontier flow of personal data.
In addition to providing guarantees in relation to the collection and processing of personal data, it outlaws the processing of “sensitive” data on a person’s race, politics, health, religion, sexual life, criminal record, etc., in the absence of proper legal safeguards. The Convention also enshrines the individual’s right to know that information is stored on him or her and, if necessary, to have it corrected.
Restriction on the rights laid down in the Convention are only possible when overriding interests (e.g. State security, defence, etc.) are at stake.
The Convention also imposes some restrictions on transborder flows of personal data to States where legal regulation does not provide equivalent protection.
C2.The EU Data Protection Directive (95/46/EC)
The Data Protection Directive is replaced by the GPDR (1995 - May 25, 2018). approach was too “fragmented.” The EU had no choice but to pass the GDPR.
C3. The EU Directive on Privacy and Electronic Communications (2002/58/EC) – as amended
Recite: 2002, EU enacted the Directive on Privacy and Electronic Communications Directive 2002/58/EC (ePrivacy Directive). This law orders EU member states to adopt national laws to protect the confidentiality of communications by means of public communications networks and publicly available electronic communications services.
The e-Privacy Directive does not apply to private communication networks, such as a company intranet. This law also contains the eCookie Directive, a 2009 amendment to the ePrivacy Directive.
