scholarly journals The General Data Protection Regulation and its Violation of EU Treaties

2018 ◽  
Vol 27 ◽  
pp. 36-40
Author(s):  
Mario Rosentau
Keyword(s):  
Data Protection ◽  
Service Providers ◽  
Fundamental Rights ◽  
European Law ◽  
Member States ◽  
General Data Protection Regulation ◽  
European Constitution ◽  
General Data ◽  
The Eu ◽  
Draft Constitution

While the EU General Data Protection Regulation, which entered force on 25 May, is generally good and necessary in its vigorous protection of the fundamental rights of self‑determination and identity of European people, the article identifies a core issue that has gone unnoticed: the GDPR violates EU treaties. It is, at base, a ‘European law’, yet European laws are banned under the TEU and TFEU. The article examines the background for this conflict. The ambitious plan for ratification of 2003’s draft treaty establishing a constitution for Europe fell at the first hurdle in 2005. The draft Constitution envisaged a legislative innovation: the European law and European framework law, directly applicable in the Member States and superior to them. These legal instruments, envisaged as replacing EU regulations, could readily be cited as a major federalist pillar of the draft. Yet there would be no European laws – they were rejected with the draft constitution in the 2005 referenda, and the current treaties do not foresee any law-like European legislation. The author outlines the GDPR’s nature as a European law thus: the regulation 1) potentially concerns all residents of Europe, albeit by adding to the rights of individuals and protecting their freedoms; 2) addresses virtually all legal entities and undertakings acting, physically or through a network, in the European judicial area; 3) addresses the Member States and the EU itself; 4) and has cross-border applicability and covers the whole EU. Furthermore, its reach extends to service providers outside the EU if their service targets EU data subjects. There are substantial impacts on subjects on whom obligations are substantial. Hence, the author concludes that the GDPR’s scope, depth, and impacts exceed all the limits that the EU treaties permit for regulations. Furthermore, the treaties do not even know the term ‘general regulation’. Since the GDPR possesses the characteristics of a ‘European law’ – and even is ‘seamlessly’ positioned in a place reserved by the draft EU Constitution for the ‘European law on data protection’ – while such laws have been rejected, a key issue is highlighted: how deep an EU-level political integration and relinquishment of the individual European nations’ sovereignty do the Member States actually want? For instance, most analyses of the causes of Brexit cite loss of sovereignty of the UK as one of the main factors in the decision. The author concludes that, since the GDPR is with us to stay, amendment of the EU treaties can no longer be avoided. Noble objectives cannot justify infringements of the present ‘European Constitution’ and the constitutions of the Member States.

scholarly journals The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 5-9 ◽  
Author(s):  
Cedric Ryngaert ◽  
Mistale Taylor
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Protection Legislation ◽  
General Data ◽  
Global Data ◽  
The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Das intelligente Energiesystem der Zukunft

2020 ◽  
Author(s):  
Ryan Kelly
Keyword(s):  
Data Protection ◽  
Energy System ◽  
Fundamental Rights ◽  
Smart Meter ◽  
Eu Law ◽  
Smart Meters ◽  
General Data Protection Regulation ◽  
Regulatory Strategy ◽  
General Data ◽  
The Eu

The regulated rollout of smart meters is intended to digitise the energy infrastructure with the goal of creating a future-oriented European energy system. In order to implement the EU requirements, the German legislature is pursuing a regulatory strategy with mandatory legal toleration of intelligent metering systems. This is associated with a variety of fundamental rights and data protection problems. The study examines the smart meter rollout in its complex reality between constitutional, energy and data protection law, as well as European and national regulations. The implementation of smart meters will be discussed in its entirety and analysed on the basis of constitutional and EU law. The focus lies, in particular, on the dogmatic localisation in the European constitutional framework and the examination on the legal basis of the General Data Protection Regulation (GDPR). The results of the study are visualised in two condensed illustrations.

scholarly journals Is European Data Protection Toxic for Innovative AI? An Estonian Perspective

2021 ◽  
Vol 30 ◽  
pp. 99-110
Author(s):  
Paloma Krõõt Tupay ◽  
Martin Ebers ◽  
Jakob Juksaar ◽  
Kea Kohv
Keyword(s):  
European Union ◽  
Data Protection ◽  
Fundamental Rights ◽  
The European Union ◽  
Public Authorities ◽  
General Data Protection Regulation ◽  
Seven Principles ◽  
Socioeconomic Changes ◽  
General Data ◽  
The Eu

The General Data Protection Regulation (GDPR) is, together with its seven principles, designed to function as the cornerstone of data protection in the European Union. Although the GDPR was meant to keep up with technological and socioeconomic changes while guaranteeing fundamental rights, its unclear wording with regard to the use of artificial intelligence (AI) systems has led to uncertainty. Therefore, the development and application of ever new AI systems raises various, as yet unresolved questions. Moreover, the complexity of legal requirements poses the risk of inhibiting AI innovation in the European Union. On the other hand, the GDPR gives Member States certain leeway to regulate data processing by public authorities. Therefore, data protection requirements for AI systems in public administration must be assessed under both the GDPR and national law. Against this backdrop, the article aims to guide the reader through the relevant data-protection rules applicable to AI systems in both the EU and in Estonia.

scholarly journals Data protection impact assessment in the European Union: developing a template for a report from the assessment process

2020 ◽  
Author(s):  
Dariusz Kloza ◽  
Alessandra Calvi ◽  
Simone Casiraghi ◽  
Sergi Vazquez Maymir ◽  
Nikolaos Ioannidis ◽  
...  
Keyword(s):  
European Union ◽  
Impact Assessment ◽  
Data Protection ◽  
Fundamental Rights ◽  
Assessment Process ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Use Of Resources ◽  
General Data ◽  
The Eu

This Policy Brief proposes a template for a report from a process of data protection impact assessment (DPIA) in the European Union (EU). Grounded in the previously elaborated framework (cf. Policy Brief No. 1/2017) and method for impact assessment (cf. Policy Brief No. 1/2019), the proposed template conforms to the requirements of Articles 35–36 of the General Data Protection Regulation (GDPR) and reflects best practices for impact assessment, offering at the same time five novel aspects. First, it aims at comprehensiveness to arrive at the most robust advice for decision making. Second, it aims at efficiency, that is, to produce effects with the least use of resources. Third, it aims at exploring and accommodating the perspectives of various stakeholders, although the perspective of individuals dominates; it, therefore, fosters fundamental rights thinking by, for example, requiring justification for each choice, hence going beyond a mere ‘tick-box’ exercise. Fourth, it aims at adhering to the legal design approach to guide the assessors in a practical, easy and intuitive manner throughout the 11-step assessment process, providing necessary explanations for each step, while being structured in expandable and modifiable tables and fields to fill in. Fifth, it assumes its lack of finality as it will need to be revised as experience with its use grows. The template is addressed predominantly to assessors entrusted by data controllers to perform the assessment process, yet it may also assist data protection authorities (DPA) in the EU to develop (tailored down) templates for DPIA for their own jurisdictions.

The EU General Data Protection Regulation: How will it impact the regulation of research biobanks? Setting the legal frame in the Mediterranean and Eastern European area

2018 ◽  
Vol 18 (4) ◽  
pp. 241-255 ◽  
Author(s):  
Simone Penasa ◽  
Iñigo de Miguel Beriain ◽  
Carla Barbosa ◽  
Anna Białek ◽  
Theodora Chortara ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Eastern European ◽  
Member States ◽  
General Data Protection Regulation ◽  
Eu Member States ◽  
European Area ◽  
General Data ◽  
The Mediterranean ◽  
The Eu

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force. As with the Data Protection Directive (95/46/EC), the regulation of biobanks for scientific research will be profoundly affected by this reform. Accordingly, a comparative survey of some of the existing national regulatory frameworks is of value to aid understanding of whether and how EU Member States will need to realign their systems to ensure compliance with the new Regulation. This article provides a comparison of the positions of Member States in the Mediterranean and Eastern European area, focusing especially on the existing regulatory framework on biobanks, the definition of personal and genetic data, the pseudonymization process, the processing of personal data for medical research purposes (and its impact on the right to consent of the individuals involved) and the secondary use of such data. The article concludes that effective implementation of the EU GDPR will represent a decisive catalyst for adaptive harmonization of biobanks regulation in the European framework.

scholarly journals Toward Compatibility of the EU Trade Policy with the General Data Protection Regulation

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 10-14
Author(s):  
Svetlana Yakovleva ◽  
Kristina Irion
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Cross Border ◽  
Charter Of Fundamental Rights ◽  
Strong Position ◽  
General Data ◽  
The Right ◽  
The Eu

The European Union's (EU) negotiating position on cross-border data flows, which the EU has recently included in its proposal for the World Trade Organization (WTO) talks on e-commerce, not only enshrines the protection of privacy and personal data as fundamental rights, but also creates a broad exception for a Member's restrictions on cross-border transfers of personal data. This essay argues that maintaining such a strong position in trade negotiations is essential for the EU to preserve the internal compatibility of its legal system when it comes to the right to protection of personal data under the EU Charter of Fundamental Rights (EU Charter) and the recently adopted General Data Protection Regulation (GDPR).

scholarly journals The EU General Data Protection Regulation (GDPR)

2020 ◽  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Ongoing Work ◽  
Protection Legislation ◽  
Recent Reform ◽  
General Data ◽  
The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

scholarly journals La proteccion de datos personales en la más reciente jurisprudencia del TJUE: los derechos de la CDFUE como parámetro de validez del derecho europeo, y su impacto en la relación transatlántica UE-EEUU

2017 ◽  
pp. 557
Author(s):  
Juan Fernando López Aguilar
Keyword(s):  
Data Protection ◽  
Fundamental Rights ◽  
European Law ◽  
Legal Doctrine ◽  
Digital Rights ◽  
Eu Legislation ◽  
Safe Harbour ◽  
The Us ◽  
The Impact ◽  
The Eu

Desde los primeros capítulos de la construcción europea con el Tratado de Roma (1957) que cumple 60 años, la jurisprudencia dictada por el Tribunal de Justicia ha sido determinante para la dimensión constitucional del ordenamiento comunitario. En una secuencia de decisiones históricas, el TJ ha afirmado su primacía, eficacia vinculante y su unidad garantizando su interpretación y aplicación uniforme, pero también, sobre todo, los derechos fundamentales dimanantes de las tradiciones constitucionales comunes como fuente del Derecho europeo (principios generales). Esta doctrina se consolida en Derecho positivo, al fin, con la entrada en vigor del Tratado de Lisboa (TL) en 2009, incorporando el TUE, el TFUE, y, relevantemente, la Carta de Derechos Fundamentales de la UE (CDFUE) con el «mismo valor jurídico que los Tratados» y, consiguientemente, parámetro de validez de todo el Derecho derivado, así como de enjuiciamiento de la compatibilidad de la legislación de los EE.MM con el Derecho europeo.La doctrina del TJUE sobre derechos fundamentales ha sido su proyección sobre la protección de datos en el marco de los derechos a la vida privada, a la privacidad frente a la transferencia electrónica de datos y al acceso a la tutela judicial de estos derechos (art. 7, 8 y 47 CDFUE). En ella conjuga los principios de reserva de ley (respetando su contenido esencial) y de proporcionalidad y necesidad de las medidas que les afecten. Pero, además, esta doctrina ha adquirido un impacto decisivo en la articulación jurídica de la relación transatlántica entre la UE y EEUU, confrontando los estándares de protección de datos a ambos lados del Atlántico e imponiendo garantías de un «nivel de protección adecuado» para los ciudadanos europeos. Este artículo examina el impacto de dos recientes sentencias relevantes del TJ —Asunto Digital Rights Ireland (2014) y Asunto Schrems (2015)— sobre el Derecho derivado (Directiva de Conservación de Datos de 2006, Directiva de Protección de Datos de 1995, y Decisión de «adecuación» de la Comisión Europea de 2000) y sobre instrumentos de Derecho internacional (Acuerdo Safe Harbour) entre la UE y EEUU. Impone, como consecuencia, no sólo una negociación que repare las deficiencias detectadas en ambas resoluciones sino una actualización del Derecho europeo (nuevo Data Protection Package en 2016) y una novedosa Ley federal de EEUU que por primera vez ofrece a los ciudadanos europeos acceso al sistema de recursos judiciales ante los tribunales estadounidenses en la defensa del derecho a la protección de datos (Judicial Redress Act, 2016).Right from the first very chapters of the European construction under the Treaty of Rome (1957), which turns 60 this year 2017, the jurisprudence by the Court of Justice has truly been decisive to shape the constitutional dimension of the European Community legal order. In a series of historical decisions, the CJEU has affirmed its primacy, its binding efficacy and unity, while guaranteeing its uniform interpretation and implementation. But it has also, above all, enshrined the fundamental rights resulting from the common constitutional traditions as a source of European Law (i.e general principles). This legal doctrine has been ultimately consolidated in positive Law, finally, with the entry into force of the Treaty of Lisbon (TL) in 2009, incorporating the TEU, the TFEU and, most notably, the Charter of Fundamental Rights of the EU (CFREU) with the «same legal value as the Treaties». Charter Fundamental Rights have turned to be, consequently, a parameter for examining the validity of secondary EU legislation, as well as for scrutinizing and reviewing the standard of compatibility of the national legislation of EU Member States with European law. The legal doctrine of the ECJ on fundamental rights has been particularly relevant in its impact on the data protection in the framework of the rights to privacy, privacy with regard to the electronic data transfer, and access to judicial protection of these rights (art. 7, 8 and 47 CFREU). It combines the principles of reservation of law (in due respect of its essential content) as well as proportionality and necessity for legislative measures that might affect them. But, moreover, this doctrine has had a decisive impact on the legal articulation of the so-called transatlantic partnership between the EU and the US, confronting data protection standards on both sides of the Atlantic and imposing guarantees of an «adequate level of protection» for all European citizens. This paper explores the impact of two recent relevant decisions by the ECJ — its rulings on Digital Rights Ireland case (2014) and on the Schrems case (2015) — upon the secondary EU legislation (Data Retention Directive of 2006, Data Protection Directive of 1995, and the «adequacy» Decision of the European Commission of 2000), as well as upon International Law instruments (Safe Harbour Agreement) between the EU and the US. It imposes, as a consequence, not only a negotiation that remedies the shortcomings detected in both decisions, but also a compelling updating of European law itself (new Data Protection Package in 2016) and a new US federal law, which, for the first time ever, provides European citizens with access to judicial remedies in U.S. Courts in defending their right to data protection (Judicial Redress Act, 2016).

Sign in / Sign up

Export Citation Format

Share Document