The European Union and the Search for an International Data Protection Framework

The European Union (EU) has supported the growing calls for the creation of an international legal framework to safeguard data protection rights. At the same time, it has worked to spread its data protection law to other regions, and recent judgments of the Court of Justice of the European Union (CJEU) have reaffirmed the autonomous nature of EU law and the primacy of EU fundamental rights law. The tension between initiatives to create a global data protection framework and the assertion of EU data protection law raises questions about how the EU can best promote data protection on a global level, and about the EU’s responsibilities to third countries that have adopted its system of data protection.

Download Full-text

European Union Rights and Values in Human Health

EU Health Law & Policy ◽

10.1093/oso/9780198788096.003.0002 ◽

2019 ◽

pp. 16-51

Author(s):

Anniek de Ruijter

Keyword(s):

Public Health ◽

European Union ◽

National Policy ◽

Fundamental Rights ◽

The European Union ◽

Member States ◽

Eu Member States ◽

Eu Fundamental Rights ◽

The Eu

This book looks at the impact of the expanding power of the EU in terms of fundamental rights and values. The current chapter lays down the framework for this analysis. Law did not always have a central role to play in the context of medicine and health. The role of law grew after the Second Word War and the Nuremberg Doctors Trials (1947), in which preventing the repetition of atrocities that were committed in the name of medicine became a guidepost for future law regarding patients’ rights and bioethics. In the period after the War, across the EU Member States, health law developed as a legal discipline in which a balance was struck in medicine and public health between law, bioethics, and fundamental rights. The role of EU fundamental rights protections in the context of public health and health care developed in relation with the growth of multilevel governance and litigation (national, international, Council of Europe, and European Union). For the analysis here, this chapter develops an EU rights and values framework that goes beyond the strictly legal and allows for a ‘normative language’ that takes into consideration fundamental rights as an expression of important shared values in the context of the European Union. The perspective of EU fundamental rights and values can demonstrate possible tensions caused by EU health policy: implications in terms of fundamental rights can show how highly sensitive national policy issues may be affected by the Member States’ participation in EU policymaking activities.

Download Full-text

ESTUDO SOBRE A REALIZAÇÃO DO DIREITO DA PROTECÇÃO DE DADOS PESSOAIS ATRAVÉS DA JURISPRUDÊNCIA DO TRIBUNAL DE JUSTIÇA DA UNIÃO EUROPEIA

Dereito revista xurídica da Universidade de Santiago de Compostela ◽

10.15304/dereito.29.1.6519 ◽

2020 ◽

Vol 29 (1) ◽

Author(s):

Rita De Sousa Costa

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Case Law ◽

Legal Framework ◽

The European Union ◽

Personal Data Protection ◽

Court Of Justice ◽

European Data ◽

Data Protection Law

[PT]No presente texto, apresentamos as grandes linhas de aplicação do direito europeu da protecção de dados conforme gizadas pela jurisprudência do TJUE, com o objectivo de demonstrar como e em que medida este Tribunal modelou – e continua a modelar – o quadro jurídico em vigor, na certeza de que aquela jurisprudência impõe um conjunto de desafios determinantes para a realização material do direito europeu da protecção de dados pessoais. [ESP]Este texto presenta las líneas generales de la aplicación de la legislación europea de protección de datos tal como se establece en la jurisprudencia del TJUE, con el objetivo de demostrar cómo y en qué medida este Tribunal ha configurado -y sigue configurando- el marco jurídico vigente, con la certeza de que la dicha jurisprudencia plantea una serie de retos cruciales para la aplicación material del derecho europeo de la protección de datos personales. [ENG]This text outlines the implementation of the European data protection law as laid down in the case-law of the Court of Justice of the European Union, with the aim of demonstrating how and to what extent the Court has shaped – and continues to shape – the current legal framework. The case-law analysed points out a plethora of challenges which are key to the implementation of the European personal data protection law.

Download Full-text

L’invalidità del Safe Harbor Agreement

Ricerche giuridiche ◽

10.30687/rg/2281-6100/2018/01/007 ◽

2018 ◽

Author(s):

Fabiana Accardo

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Safe Harbor ◽

The European Union ◽

Court Of Justice ◽

The Us ◽

Data Protection Law ◽

The Impact ◽

The Eu

The purpose of this article is that to explain the impact of the landmark decision Schrems c. Data Protection Commissioner [Ireland] - delivered on 7 October 2015 (Case C-362/2014 EU) by the Court of Justice - on the European scenario. Starting from a brief analysis of the major outcomes originated from the pronunciation of the Court of Justice, then it tries to study the level of criticality that the Safe Harbor Agreement and the subsequently adequacy Commission decision 2000/520/EC – that has been invalidated with Schrems judgment – have provoked before this pronunciation on the matter of safeguarding personal privacy of european citizens when their personal data are transferred outside the European Union, in particular the reference is at the US context. Moreover it focuses on the most important aspects of the new EU-US agreement called Privacy Shield: it can be really considered the safer solution for data sharing in the light of the closer implementation of the Regulation (EU) 2016/679, which will take the place of the Directive 95 /46/CE on the EU data protection law?

Download Full-text

Hungary and the Indirect Protection of EU Fundamental Rights and the Rule of Law

German Law Journal ◽

10.1017/s2071832200002595 ◽

2013 ◽

Vol 14 (10) ◽

pp. 1959-1979 ◽

Cited By ~ 7

Author(s):

Mark Dawson ◽

Elise Muir

Keyword(s):

European Union ◽

Rule Of Law ◽

Central Place ◽

Fundamental Rights ◽

The European Union ◽

Far Right ◽

The Rule Of Law ◽

Fundamental Values ◽

Eu Fundamental Rights ◽

The Eu

According to Article 2 of the Treaty on European Union, the European Union is a political and economic union founded on a respect for fundamental rights and the rule of law, referred to hereafter as EU fundamental values. The central place of this commitment in the EU Treaties suggests a founding assumption: That the EU is a Union of states who themselves see human rights and the rule of law as irrevocable parts of their political and legal order. Reminiscent of the entry of Jorg Haider's far-right Freedom Party into the Austrian government in 2000, the events of 2012 have done much to shake that assumption; questioning both how interwoven the rule of law tradition is across the present-day EU, and the role the EU ought to play in policing potential violations of fundamental rights carried out via the constitutional frameworks of its Member States. Much attention in this field, much like the focus of this paper, has been placed on events in one state in particular: Hungary.

Download Full-text

Der Schutz personenbezogener Daten eines Whistleblowers in der Europäischen Kommission

10.5771/9783748925040 ◽

2021 ◽

Author(s):

Christoph Aust

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Current Data ◽

Fundamental Rights ◽

Law Firms ◽

The European Union ◽

Doctoral Thesis ◽

Data Protection Law ◽

Definition Of

The doctoral thesis explains what is meant by “whistleblowing” and examines the conditions under which such behavior is legally protected at the level of the European Union. A definition of whistleblowing is derived from the fundamental rights of the European Union. In addition, taking into account current data protection developments, in particular the GDPR, the protection of the personal data of a whistleblower is comprehensively assessed. The author has been active in the field of data protection law for years and worked as a legal trainee at the Hamburg data protection officer and various law firms with a focus on IT law and data protection law.

Download Full-text

The Relationship Between the Charter and General Principles: Looking Back and Looking Forward

Cambridge yearbook of European legal studies ◽

10.1017/cel.2020.6 ◽

2020 ◽

pp. 1-25

Author(s):

Emily HANCOX

Keyword(s):

European Union ◽

Case Law ◽

Legal Framework ◽

Fundamental Rights ◽

Eu Law ◽

The European Union ◽

Rights Protection ◽

Transformative Potential ◽

The Relationship ◽

The Eu

Abstract Article 6 Treaty on European Union sets out two sources of fundamental rights in the EU—the Charter and the general principles of EU law—without specifying a hierarchy between them. Even though the Charter became binding over a decade ago, the Court of Justice of the European Union (‘CJEU’) is yet to clarify unequivocally how these two sources interact. In this article I argue based upon the relevant legal framework that the Charter ought to replace the general principles it enshrines. This leaves a role for general principles in the incorporation of new and additional rights into the EU legal framework. Such an approach is necessary to ensure that the Charter achieves its aims in enhancing the visibility of the rights protected by EU law, while also providing the impetus for more coherent rights protection within the EU. What an extensive survey of CJEU case law in the field of non-discrimination shows, however, is that the CJEU has struggled to let its general principles case law go, potentially hampering the transformative potential of the Charter.

Download Full-text

Is European Data Protection Toxic for Innovative AI? An Estonian Perspective

Juridica International ◽

10.12697/ji.2021.30.12 ◽

2021 ◽

Vol 30 ◽

pp. 99-110

Author(s):

Paloma Krõõt Tupay ◽

Martin Ebers ◽

Jakob Juksaar ◽

Kea Kohv

Keyword(s):

European Union ◽

Data Protection ◽

Fundamental Rights ◽

The European Union ◽

Public Authorities ◽

General Data Protection Regulation ◽

Seven Principles ◽

Socioeconomic Changes ◽

General Data ◽

The Eu

The General Data Protection Regulation (GDPR) is, together with its seven principles, designed to function as the cornerstone of data protection in the European Union. Although the GDPR was meant to keep up with technological and socioeconomic changes while guaranteeing fundamental rights, its unclear wording with regard to the use of artificial intelligence (AI) systems has led to uncertainty. Therefore, the development and application of ever new AI systems raises various, as yet unresolved questions. Moreover, the complexity of legal requirements poses the risk of inhibiting AI innovation in the European Union. On the other hand, the GDPR gives Member States certain leeway to regulate data processing by public authorities. Therefore, data protection requirements for AI systems in public administration must be assessed under both the GDPR and national law. Against this backdrop, the article aims to guide the reader through the relevant data-protection rules applicable to AI systems in both the EU and in Estonia.

Download Full-text

Data protection impact assessments in the European Union: complementing the new legal framework towards a more robust protection of individuals

10.31228/osf.io/b68em ◽

2020 ◽

Cited By ~ 1

Author(s):

Dariusz Kloza ◽

Niels van Dijk ◽

Raphaël Gellert ◽

István Böröcz ◽

Alessia Tanas ◽

...

Keyword(s):

European Union ◽

Impact Assessment ◽

Data Protection ◽

Best Practice ◽

Personal Data ◽

Legal Framework ◽

Background Information ◽

The European Union ◽

Legal Provisions ◽

The Eu

This paper provides recommendations for the European Union (EU) to complement the requirement for data protection impact assessment (DPIA), as set forth in the General Data Protection Regulation (GDPR), with a view of achieving a more robust protection of personal data. In April 2016 the EU concluded the core part of the reform of its legal framework for personal data protection. The Union is currently preparing implementing measures and guidelines to give full effect to the new legal provisions before their applicability from May 2018. This reform introduces, among other ‘novelties’, a legal requirement to conduct a DPIA. However, this requirement bears a few weak points. In order to inform this on-going policy-making process, the present policy brief attempts to draft a best practice for a generic type of impact assessment, i.e. recommended for different areas (section II). Section III makes an early evaluation of how this best practice relates to the specific impact assessment requirement set forth in the GDPR, i.e. DPIA. These sections are preceded by succinct background information on impact assessments as such: definition, historical overview, and their merits and drawbacks (section I). Section IV concludes this paper by offering recommendations for complementing the DPIA requirement in the GDPR: (1) to expand the scope of the DPIA requirement in the GDPR; (2) to develop methods for conducting such an assessment; (3) to establish ‘reference centres’ on DPIA at data protection authorities (DPAs). This policy brief is addressed predominantly to policy-makers at the EU- and Member State-level, notwithstanding the potential interest it might gain from their counterparts elsewhere in the world.

Download Full-text

Data protection impact assessment in the European Union: developing a template for a report from the assessment process

10.31228/osf.io/7qrfp ◽

2020 ◽

Author(s):

Dariusz Kloza ◽

Alessandra Calvi ◽

Simone Casiraghi ◽

Sergi Vazquez Maymir ◽

Nikolaos Ioannidis ◽

...

Keyword(s):

European Union ◽

Impact Assessment ◽

Data Protection ◽

Fundamental Rights ◽

Assessment Process ◽

The European Union ◽

General Data Protection Regulation ◽

Use Of Resources ◽

General Data ◽

The Eu

This Policy Brief proposes a template for a report from a process of data protection impact assessment (DPIA) in the European Union (EU). Grounded in the previously elaborated framework (cf. Policy Brief No. 1/2017) and method for impact assessment (cf. Policy Brief No. 1/2019), the proposed template conforms to the requirements of Articles 35–36 of the General Data Protection Regulation (GDPR) and reflects best practices for impact assessment, offering at the same time five novel aspects. First, it aims at comprehensiveness to arrive at the most robust advice for decision making. Second, it aims at efficiency, that is, to produce effects with the least use of resources. Third, it aims at exploring and accommodating the perspectives of various stakeholders, although the perspective of individuals dominates; it, therefore, fosters fundamental rights thinking by, for example, requiring justification for each choice, hence going beyond a mere ‘tick-box’ exercise. Fourth, it aims at adhering to the legal design approach to guide the assessors in a practical, easy and intuitive manner throughout the 11-step assessment process, providing necessary explanations for each step, while being structured in expandable and modifiable tables and fields to fill in. Fifth, it assumes its lack of finality as it will need to be revised as experience with its use grows. The template is addressed predominantly to assessors entrusted by data controllers to perform the assessment process, yet it may also assist data protection authorities (DPA) in the EU to develop (tailored down) templates for DPIA for their own jurisdictions.

Download Full-text

Reality and Illusion in EU Data Transfer Regulation PostSchrems

German Law Journal ◽

10.1017/s2071832200022197 ◽

2017 ◽

Vol 18 (4) ◽

pp. 881-918 ◽

Cited By ~ 9

Author(s):

Christopher Kuner

Keyword(s):

Data Protection ◽

Eu Law ◽

The European Union ◽

Safe Harbour ◽

Court Of Justice ◽

International Data ◽

Data Transfers ◽

Data Protection Law ◽

International Data Transfers ◽

The Eu

The judgment of the Court of Justice of the European Union inSchrems v. Data Protection Commissioner, in which the Court invalidated the EU-US Safe Harbour arrangement, is a landmark in EU data protection law. The judgment affirms the fundamental right to data protection in the context of international data transfers, defines an adequate level of data protection, and illustrates how data protection rights under EU law can apply to data processing in third countries. It also raises questions about the status of other legal bases for international data transfers under EU law, and shows that many legal disputes concerning data transfers are essentially political arguments in disguise. TheSchremsjudgment illustrates the tendency of EU data protection law to focus on legalistic mechanisms to protect data transfers rather than on protection in practice. The EU and the US have since agreed on a replacement for the Safe Harbour (the EU-US Privacy Shield), the validity of which will likely be tested in the Court of Justice. Regulation of data transfers needs to go beyond formalistic measures and legal fictions, in order to move from illusion to reality.

Download Full-text