Against All Odds – The Adoption of the General Data Protection Regulation
Two months ago, the European Parliament and the Council have enacted the European General Data Protection Regulation (GDPR) as the result of a 4 years running legislative procedure. For a long time, it was uncertain whether the regulation could be passed at all: Not only has there been considerable opposition by EU Member States, but there have also been about 4.000 amendments by Parliament, accompanied by an enormous engagement of lobby groups (cf. David Bernet’s documentary).
With the reform of European data protection law, the Commission tended to strengthen the rights of individuals conceptualized as data subjects. Regarding individual rights, the Commission pointed to three main shortcomings as a cause for the reform: an insufficient harmonization of national data protection laws dealing with individual rights, insufficient powers of national authorities to ensure an effective exercise of individual rights, and an insufficient awareness of individuals about their rights in data processing. This was deemed to be especially prevalent in online data processing. Thus, the Commission aimed to give people efficient and operational means to make sure that they are fully informed about what happens to their personal data enabling them to exercise their rights more effectively.
The effective exercise of data subject’s rights is not only wishful thinking of the Commission, but rather a constitutional issue. The constitutional basis for the protection of personal data is the fundamental right to the protection of personal data provided by Art. 8 of the EU Charter of Fundamental Rights (CFR) and Art. 16 TFEU (that have been cited as the legal basis of and in the GDPR).
The ECJ takes the fundamental right to data protection seriously and regularly includes the fundamental right to privacy and family law in Art ...Zum vollständigen Artikel