Privacy and data protection

Current European Union legislative instruments on Data Protection. 

Lis moi avec webReader

Current European Union legislative instruments on Data Protection. 

1. European Union Charter of Fundamental Rights

Articles 7 and 8 of the EU Charter of Fundamental Rights recognise respect for private life and protection of personal data as closely related but separate fundamental rights. The Charter is integrated into the Lisbon Treaty and is legally binding on the institutions and bodies of the European Union, and on the Member States when implementing EU law.

2. Council of Europe

a. Convention 108 of 1981

Council of Europe Convention 108 of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data is the first legally binding international instrument adopted in the field of data protection. Its purpose is ‘to secure … for every individual … respect for his rights and fundamental freedoms and in particular his right to privacy, with regard to automatic processing of personal data’.

b. European Convention on Human Rights (ECHR)

Article 8 of the Convention of 4 November 1950 for the Protection of Human Rights and Fundamental Freedoms establishes the right to respect for private and family life: ‘Everyone has the right to respect for his private and family life, his home and his correspondence.’

3. Current EU legislative instruments on data protection

As a consequence of the old pillar structure, data protection at the EU level has until recently been regulated by various legislative instruments. These include former first-pillar instruments such as Directive 95/46/EC on data protection (replaced by the General Data Protection Regulation in May 2018), Directive 2002/58/EC on e-privacy (modified in 2009; new proposal currently under consideration), Directive 2006/24/EC on data retention (declared invalid by the Court of Justice of the European Union on 8 April 2014 owing to its serious interference with private life and data protection) and Regulation (EC) No 45/2001 on processing of personal data by Community institutions and bodies (new proposal currently under consideration), as well as former third-pillar instruments such as the Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (replaced by the Data Protection Law Enforcement Directive in May 2018).

a. General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), became applicable in May 2018.

The rules aim to protect all EU citizens from privacy and data breaches in an increasingly data-driven world, while creating a clearer and more consistent framework for businesses.

The new rights for citizens include a clear and affirmative consent for their data to be processed and the right to receive clear and understandable information about it; the right to be forgotten: a citizen can ask for his/her data to be deleted; the right to transfer data to another service provider (e.g. when switching from one social network to another); and the right to know when data has been hacked. The new rules apply to all companies operating in the EU, even if these companies are based outside of the EU. Furthermore, it will be possible to impose corrective measures, such as warnings and orders, or fines on firms that break the rules.

b. The Data Protection Law Enforcement Directive

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, became applicable in May 2018.

The directive protects citizens’ fundamental right to data protection whenever personal data is used by law enforcement authorities. It ensures that the personal data of victims, witnesses, and suspects of crime are duly protected and facilitates cross-border cooperation in the fight against crime and terrorism.

4.European Data Protection Supervisor (EDPS) and European Data Protection Board (EDPB)

The European Data Protection Supervisor (EDPS) is an independent supervisory authority that ensures that the EU institutions and bodies meet their obligations with regard to data protection. The primary duties of the EDPS are supervision, consultation and cooperation.

The European Data Protection Board (EDPB), formerly the Article 29 Working Party, has the status of an EU body with legal personality and is provided with an independent secretariat. The EDPB brings together the EU’s national supervisory authorities, the EDPS and the Commission. The EDPB has extensive powers to determine disputes between national supervisory authorities and to give advice and guidance on key concepts of the GDPR and the Data Protection Law Enforcement Directive.

Council of Europe – Right to privacy and protection of personal data.

Lis moi avec webReader

“The right to privacy and the protection of data are essential human rights to live in dignity and security.

Legislation on surveillance and data collection should provide guarantees against arbitrary interference and democratic control of the security services”.

#DataProtectionDay

Nils Muiznieks – European Commissioner for Human Rights of the Council of Europe

Learn more : coe.int

Protection of personal data and privacy – Fundamental Rights in FRANCE.

Lis moi avec webReader
Safeguarding fundamental rights in today’s information society is a key issue for the European Union and its Member States, as more and more people use information and communications technologies (ICT) in their daily lives at work and at home.

As the European Agency for fundamental Rights explains pertinently :

“However, this growing use of ICT is creating fundamental rights challenges. These range from concerns about privacy and the potential misuse of personal data online to the threats posed by cybercrime or large-scale surveillance operations. As a result, every EU citizen may, at some point, face violations of their fundamental rights, such as their right to privacy, freedom of expression or freedom of association” (learn more : http://fra.europa.eu/en/theme/information-society-privacy-and-data-protection).


In France, the personal and biometric data of sixty million French holders of an identity card or a passport will now be compiled into a single file, called “secure electronic securities” (TES).

This database will replace the previous TES futures (dedicated to passports) and national management File (dedicated to identity cards), combined in this new file.

The resulting database will collect information such as the facial image, fingerprints, eye color, physical and digital addresses … In total, almost all the French are included, since it is sufficient to hold or have held an identity card or passport to be part of – the data is kept fifteen (for passports) to twenty years (for identity cards).

This French Decree – unnoticed – raises the question of its compatibility with the DIRECTIVE 95/46 / EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the Protection of Individuals with regard to the processing of personal data and on the free movement of Such data, and the issue of the erosion of European Fundamental Rights, such as the right to protection of personal data and privacy, guaranteed by Articles 7 and 8 of the European Charter of Fundamental Rights.

Learn more :

Press article in “Le Monde” of October 31, 2016 : http://www.lemonde.fr/pixels/article/2016/10/31/60-millions-de-francais-fiches-dans-une-base-de-donnees-commune-des-titres-d-identite_5023190_4408996.html?xtmc=fiches&xtcr=2

French Decree n° 2016-1460 of 28 october 2016 : https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000033318345&dateTexte=&categorieLien=id