Skip to main content Accessibility help
×
Home

The Proposed Data Protection Regulation: The Illusion of Harmonisation, the Private/Public Sector Divide and the Bureaucratic Apparatus

Published online by Cambridge University Press:  27 October 2017

Abstract

The proposal for a new General Data Protection Regulation has been billed as a harbinger of increased harmonisation, better enforcement and modernised rules within the area of data protection law. Through an analysis of several central elements in the draft Regulation—and European data protection law in general—as well as an assessment of the practical implications the proposal is likely to have if adopted, this chapter challenges whether the proposal will be able to deliver the harmonised rules that have been promised. It focuses particularly on the proposed regulations scope of application, its legal architecture, the use of discretionary provisions and related issues.

It is argued that the proposal not only fails to address the root causes of why the current data protection directive (Directive 95/46) failed to bring about harmonisation and effective rules, but also looks set to transplant them into the new regulation.

Type
Research Article
Copyright
Copyright © Centre for European Legal Studies, Faculty of Law, University of Cambridge 2013

Access options

Get access to the full version of this content by using one of the access options below.

References

1 European Commission, ‘Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)’ COM(2012) 11 final.

2 Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the protection of personal data and on the free movement on such data [1995] OJ L281/31.

3 European Commission, ‘Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data’ COM(2012) 10 final.

4 European Commission, ‘Safeguarding Privacy in a Connected World: A European Data Protection Framework for the 21st Century (Communication)’ COM(2012) 9 final, 3.

5 The public sector being understood as the general public sector as covered by the draft Regulation ie, excluding law enforcement authorities which are covered by the draft directive mentioned above as well as areas of the public sector falling outside the scope of EU law, such as activities relating to national security.

6 Press Release, ‘Commission Proposes a Comprehensive Reform of Data Protection Rules to Increase Users’ Control of Their Data and to Cut Costs for Businesses’ IP/12/46. Available at: http://europa.eu/rapid/press-release_IP-12-46_en.htm.

7 Council of Europe, Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, ETS No 108.

8 Cf Directive 95/46/EC (n 2) preamble 3.

9 European Commission, ‘First report on the implementation of the Data Protection Directive (95/46/EC)’ COM(2003) 265 final, 12.

10 Council of Europe, Convention for the Protection of Human Rights and Fundamental Freedoms as Amended by Protocols Nos 11 and 14, 4 November 1950, ETS No 5.

11 European Commission (n 4).

12 See, for example, art 4 of Directive 2006/24/EC of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC [2006] OJ L105/54.

13 See, inter alia, ‘TechAmerica Europe: Proposed EC Data Regulation Need “Further Improvement”’ (TechAmerica Press Release, 25 January 2012). Available at: www.techamerica.org/techamerica-europe-proposed-ec-data-regulation-need-further-improvement.

14 Cf art 2 of the draft Regulation, which defines the material scope of application and contains only a few, relatively narrow exceptions.

15 See section III below.

16 See also section II.C.ii below.

17 As established under art 29 of Directive 95/46 (n 2).

18 Article 29 Data Protection Working Party, ‘Opinion 1/2012 on the Data Protection Reform Proposals’ (2012) 00530/12/EN, WP 191/2012, 8.

19 Cf Council of the European Union, ‘Press Release, 3228th Council Meeting (Justice and Home Affairs)’ (7–8 March 2013) 12.

20 See section III.D.

21 Cf Case C-101/01 Lindqvist [2003] ECR I-12971 [83].

22 European Commission (n 4) 3.

23 Cf Joined Cases C-92/09 and C-93/09 Volker und Markus Schecke GbR [2010] ECR I-11063 [48].

24 Cf, inter alia, Case C-112/00 Schmidberger [2003] ECR I-5659 [80]–[82].

25 See, inter alia, the UK Information Commissioner’s comment, ‘The Data Protection Reform: Latest Views from the ICO’, February 2013, 1. Available at: www.ico.org.uk.

26 European Commission Fact Sheet, ‘Why Do We Need an EU Data Protection Reform?’ (25 January 2012) 1.

27 Cf Lindqvist (n 21) [96].

28 Cf ibid [85].

29 Cf art 288 TFEU.

30 See Case 230/78 Eridiana Zuccherifici [1979] ECR 2749 [34].

31 Cf section II.A above.

32 Cf section II.C.i above.

33 Cf n 18 above.

34 Cf art 58(8).

35 Cf Case C-518/07 European Commission v Federal Republic of Germany [2010] ECR I-01885.

36 CfBygrave, LA, ‘Where Have All the Judges Gone? Reflections on Judicial Involvement in Developing Data Protection Law (2000) 7 Privacy Law & Policy Reporter 11, 33–36Google Scholar.

37 Cf art 51(2).

38 Cf arts 55 and 56.

39 Cf art 17 TEU.

40 Cf art 16 TFEU.

41 Cf arts 58 and 60 of the draft Regulation.

42 All references to Member State law are fictional.

43 A provision which is carried over from art 7(c) of Directive 95/46 (n 2).

44 Cf art 6(3) of the draft Regulation.

45 Cf ibid art 20(2)(b).

46 For an elaborate critique of the proposals impact, see United Kingdom Ministry of Justice, ‘Impact Assessment on Proposal for an EU Data Protection Regulation’ (22 November 2012). Available at: www.justice.gov.uk.

Altmetric attention score

Full text views

Full text views reflects PDF downloads, PDFs sent to Google Drive, Dropbox and Kindle and HTML full text views.

Total number of HTML views: 0
Total number of PDF views: 23 *
View data table for this chart

* Views captured on Cambridge Core between 27th October 2017 - 24th January 2021. This data will be updated every 24 hours.

Hostname: page-component-76cb886bbf-frjnl Total loading time: 0.675 Render date: 2021-01-24T10:35:38.858Z Query parameters: { "hasAccess": "0", "openAccess": "0", "isLogged": "0", "lang": "en" } Feature Flags: { "shouldUseShareProductTool": true, "shouldUseHypothesis": true, "isUnsiloEnabled": true, "metricsAbstractViews": false, "figures": false, "newCiteModal": false }

Send article to Kindle

To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

The Proposed Data Protection Regulation: The Illusion of Harmonisation, the Private/Public Sector Divide and the Bureaucratic Apparatus
Available formats
×

Send article to Dropbox

To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

The Proposed Data Protection Regulation: The Illusion of Harmonisation, the Private/Public Sector Divide and the Bureaucratic Apparatus
Available formats
×

Send article to Google Drive

To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

The Proposed Data Protection Regulation: The Illusion of Harmonisation, the Private/Public Sector Divide and the Bureaucratic Apparatus
Available formats
×
×

Reply to: Submit a response


Your details


Conflicting interests

Do you have any conflicting interests? *