No CrossRef data available.
Article contents
The Proposed Data Protection Regulation: The Illusion of Harmonisation, the Private/Public Sector Divide and the Bureaucratic Apparatus
Published online by Cambridge University Press: 27 October 2017
Abstract
The proposal for a new General Data Protection Regulation has been billed as a harbinger of increased harmonisation, better enforcement and modernised rules within the area of data protection law. Through an analysis of several central elements in the draft Regulation—and European data protection law in general—as well as an assessment of the practical implications the proposal is likely to have if adopted, this chapter challenges whether the proposal will be able to deliver the harmonised rules that have been promised. It focuses particularly on the proposed regulations scope of application, its legal architecture, the use of discretionary provisions and related issues.
It is argued that the proposal not only fails to address the root causes of why the current data protection directive (Directive 95/46) failed to bring about harmonisation and effective rules, but also looks set to transplant them into the new regulation.
- Type
- Research Article
- Information
- Copyright
- Copyright © Centre for European Legal Studies, Faculty of Law, University of Cambridge 2013
References
1 European Commission, ‘Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)’ COM(2012) 11 final.
2 Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the protection of personal data and on the free movement on such data [1995] OJ L281/31.
3 European Commission, ‘Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data’ COM(2012) 10 final.
4 European Commission, ‘Safeguarding Privacy in a Connected World: A European Data Protection Framework for the 21st Century (Communication)’ COM(2012) 9 final, 3.
5 The public sector being understood as the general public sector as covered by the draft Regulation ie, excluding law enforcement authorities which are covered by the draft directive mentioned above as well as areas of the public sector falling outside the scope of EU law, such as activities relating to national security.
6 Press Release, ‘Commission Proposes a Comprehensive Reform of Data Protection Rules to Increase Users’ Control of Their Data and to Cut Costs for Businesses’ IP/12/46. Available at: http://europa.eu/rapid/press-release_IP-12-46_en.htm.
7 Council of Europe, Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, ETS No 108.
8 Cf Directive 95/46/EC (n 2) preamble 3.
9 European Commission, ‘First report on the implementation of the Data Protection Directive (95/46/EC)’ COM(2003) 265 final, 12.
10 Council of Europe, Convention for the Protection of Human Rights and Fundamental Freedoms as Amended by Protocols Nos 11 and 14, 4 November 1950, ETS No 5.
11 European Commission (n 4).
12 See, for example, art 4 of Directive 2006/24/EC of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC [2006] OJ L105/54.
13 See, inter alia, ‘TechAmerica Europe: Proposed EC Data Regulation Need “Further Improvement”’ (TechAmerica Press Release, 25 January 2012). Available at: www.techamerica.org/techamerica-europe-proposed-ec-data-regulation-need-further-improvement.
14 Cf art 2 of the draft Regulation, which defines the material scope of application and contains only a few, relatively narrow exceptions.
15 See section III below.
16 See also section II.C.ii below.
17 As established under art 29 of Directive 95/46 (n 2).
18 Article 29 Data Protection Working Party, ‘Opinion 1/2012 on the Data Protection Reform Proposals’ (2012) 00530/12/EN, WP 191/2012, 8.
19 Cf Council of the European Union, ‘Press Release, 3228th Council Meeting (Justice and Home Affairs)’ (7–8 March 2013) 12.
20 See section III.D.
21 Cf Case C-101/01 Lindqvist [2003] ECR I-12971 [83].
22 European Commission (n 4) 3.
23 Cf Joined Cases C-92/09 and C-93/09 Volker und Markus Schecke GbR [2010] ECR I-11063 [48].
24 Cf, inter alia, Case C-112/00 Schmidberger [2003] ECR I-5659 [80]–[82].
25 See, inter alia, the UK Information Commissioner’s comment, ‘The Data Protection Reform: Latest Views from the ICO’, February 2013, 1. Available at: www.ico.org.uk.
26 European Commission Fact Sheet, ‘Why Do We Need an EU Data Protection Reform?’ (25 January 2012) 1.
27 Cf Lindqvist (n 21) [96].
28 Cf ibid [85].
29 Cf art 288 TFEU.
30 See Case 230/78 Eridiana Zuccherifici [1979] ECR 2749 [34].
31 Cf section II.A above.
32 Cf section II.C.i above.
33 Cf n 18 above.
34 Cf art 58(8).
35 Cf Case C-518/07 European Commission v Federal Republic of Germany [2010] ECR I-01885.
36 CfBygrave, LA, ‘Where Have All the Judges Gone? Reflections on Judicial Involvement in Developing Data Protection Law (2000) 7 Privacy Law & Policy Reporter 11, 33–36Google Scholar.
37 Cf art 51(2).
38 Cf arts 55 and 56.
39 Cf art 17 TEU.
40 Cf art 16 TFEU.
41 Cf arts 58 and 60 of the draft Regulation.
42 All references to Member State law are fictional.
43 A provision which is carried over from art 7(c) of Directive 95/46 (n 2).
44 Cf art 6(3) of the draft Regulation.
45 Cf ibid art 20(2)(b).
46 For an elaborate critique of the proposals impact, see United Kingdom Ministry of Justice, ‘Impact Assessment on Proposal for an EU Data Protection Regulation’ (22 November 2012). Available at: www.justice.gov.uk.
- 1
- Cited by