PricingBlogAbout Us

EU Data Protection Law: Analysis of Directive 95/46/EC and GDPR Impact

Verified

Added on  2023/06/15

|9
|1656
|357
Report
AI Summary
This report provides an in-depth analysis of Article 3(2) of the Data Protection Directive 95/46/EC and Article 2(c) of the General Data Protection Regulation (GDPR), focusing on their legislative intent and purpose. It examines relevant judicial decisions by European Union courts to interpret the codified text, asserting that while the directives have limitations due to technological advancements, they have largely fulfilled their objectives. The report argues that the current provisions adequately serve their purpose and do not require immediate review, particularly concerning the balance between data protection and security concerns. The analysis considers the impact of social media and the necessity of safeguarding personal data while enabling the free flow of information. Concluding that the existing legal framework is sufficient to manage current challenges, the report suggests that future revisions should only be considered if new data transfer developments pose greater threats to personal data.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: PRIVACY AND DATA COLLECTION
PRIVACY AND DATA COLLECTION
Name of the Student
Name of the University
Author note
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Executive summary
The purpose of this report is to analyze the legislative intent and purpose of Article 3(2) of the
Data Protection Directives and Article 2(c) of the General Data Protection Regulation. In view of
the legislative intent judicial decisions by European Union courts have been considered
alongside the codified text of the legislation. The report goes on to assert that the directives
though flawed in view of the ever changing technological scenario have fulfilled their objectives
to the extent of the legislative intent. Thus the report argues that the present provisions in force
adequately cover their purpose and do not need to be reviewed.
Document Page
Table of Contents
Introduction......................................................................................................................................3
Discussion........................................................................................................................................3
Conclusion.......................................................................................................................................6
Reference list:..................................................................................................................................7
Document Page
Introduction
Free flow of data is of supreme importance in the internet age. The database oriented
approach to research and vocational structures that solely rely on exchange of data makes data
the primary focal point of all professional activities. Beyond the professional standpoint on the
utilization of data with the advent of social media a large section of an individual’s personal life
is also dependant on free flow of information1. These circumstances make it necessary to
formulate precise well structured laws that can ideally safeguard the rights of all individuals
functioning within the framework and simultaneously provide for free and uninterrupted
exchange of data that do not cause hindrances to any activities.
Discussion
Data privacy and data collection is currently regulated within the territory of European
Union vide the provisions of the Data Protection Directive 95/46/EC which was enacted in
19952. However, this directive will soon be replaced through repeal by the General Data
Protection Regulation which will come into force from May 20183. The underlying intent of both
these pieces of legislation is the protection and regulation of processing of personal data.
“Personal data” maybe defined as any data that maybe directly identified and attributed to a
natural person. This would ideally include any information in circulation pertaining to a
particular individual. “Personal data” has been statutorily codified in Article 2(a) of the
1 Floridi, Luciano. "Open data, data protection, and group privacy." Philosophy & Technology 27.1 (2014): 1-3.
2 Hustinx, Peter. "EU data protection law: The review of directive 95/46/EC and the proposed general data
protection regulation." Collected courses of the European University Institute’s Academy of European Law, 24th
Session on European Union Law (2013): 1-12.
3 Victor, Jacob M. "The EU general data protection regulation: Toward a property regime for protecting data
privacy." Yale LJ123 (2013): 513.
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
directive4. From the structural framework of the legislation it may be inferred that the directive
has been formulated based on two Pillars or ideals. Primarily, the focus is on safeguarding of
processed personal data of natural persons as enshrined in Article 1(1) of the directive. The
second is the facilitation of uninterrupted exchange of the same as envisaged in Article 1(2) of
the Act. As laid down by the ECJ in Rechnungshof v Osterreichischer Rundfunk and others5,
when interpreting the directive the principles of proportionality and the fundamental rights as
stated in Article 6 of the Treaty on European Union (TEU) and Article 8 of the European
Convention on Human rights. Further it was stated that if the domestic laws of member state
contradict the directive the plaintiff may invoke legal action prescribed in the directive and
demand protection.
Article 3(1) of the directive defines the applicability of the directive to various situations
and includes any form of processed automated personal data except data that forms part of a
specific filing system or is meant to be a part of a filing system. In this context filing system
refers to an interface on an operating system that assigns data to specific file locations which
maybe later retrieved based on the designated file. Article 3(2) of the directive defines exclusion
of various forms of personal data which does not form a part of public law (community law
specifically) this is especially applicable in case of security concerns. The exclusions in Article
3(2) imply that in case of the defined set of circumstances personal data would not be protected
by the provisions of the directive. In case of security concerns obtaining the personal data of the
perpetrator(s) would allow for swift action and consequently lead to eventual prevention or
capture. Due to this it would be prudent for legislation to allow for personal data to not be
protected in case there is a security concern.
4 Koops, Bert-Jaap. "The trouble with European data protection law." International Data Privacy Law 4.4 (2014):
250-261.
5 [2003] ECR I-4989, [2003] ECR I-6041
Document Page
In the case of Bodil Lindqvist6 it was held by the CJEC that the Articles of the directive
are applicable to websites. However the use and divulgence of individual personal information in
order to access websites does not attract provisions relating to transfer of data even if the site is
globally visible. Thus, this interpretation of the provisions of the directive poses a serious threat
to the security of personal data once uploaded to an international website. As discussed above
with the advent of social media personal data individually uploaded by a person to websites is a
common characteristic. This without statutory protection implies that all the uploaded data
maybe used and manipulated in the global community in any way possible and would not attract
legal penalties. This insufficiency of protection which is specifically related to household and
personal activities includes a plethora of data that may be uploaded to the internet.
The Data Protection Directive has been deemed to be insufficient and the General Data
Protection Regulation (GDPR) is set to replace it in 2018. This is aimed at further consolidating
the legal stand on safeguarding personal data. Article 2(c) of the Regulation excludes personal
data relating to personal or household activities. This is identical to the provisions of Article 3(2)
of the directive. Thus, the insufficiency posed by the provision remains even after the newly
formulated legislation comes into force. However, as seen in various cases it is important to
release personal data when it is instrumental in prevention of or the remedy to security concerns.
As seen from the case of František Ryneš v. Úřad pro ochranu osobních údajů7 various
process and stored data that ideally would fall within the ambit of personal or household
activities have been extended to not fall within that ambit to bring it under the provisions of the
directive8. Thus the provisions of the directive continue to operate and fulfill their legislative
6 [2003], ECR I-12971
7 C-212/13
8 Kokott, Juliane, and Christoph Sobotta. "The distinction between privacy and data protection in the jurisprudence
of the CJEU and the ECtHR." International Data Privacy Law 3.4 (2013): 222-228.
Document Page
intent and in cases where personal data is required to be obtained devoid of protection they
provisions maybe circumvented depending on judicial interpretation of the circumstance.
Conclusion
To conclude, Article 3(2) of the directive which is revised by Article 2(c) of the General
Data Protection Regulation (GDPR) meets its legislative intent and continues to serve its purpose
of protecting personal data within the jurisdiction of the European Union. Thus a revision of
these laws would only be required if future developments in data transfers pose larger threats to
personal data. For the purposes of the prevailing circumstances the law in force is well-equipped
to manage all situations that may arise, further safeguarding of personal data under the present
structure would only increase security risks and would be inadequate for dealing with the
repercussions of the same.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Reference list:
Bodil Lindqvist v Åklagarkammaren i Jönköping [2003], ECR I-12971
Floridi, Luciano. "Open data, data protection, and group privacy." Philosophy &
Technology 27.1 (2014): 1-3.
František Ryneš v. Úřad pro ochranu osobních údajů C-212/13
Hustinx, Peter. "EU data protection law: The review of directive 95/46/EC and the proposed
general data protection regulation." Collected courses of the European University Institute’s
Academy of European Law, 24th Session on European Union Law (2013): 1-12.
Kokott, Juliane, and Christoph Sobotta. "The distinction between privacy and data protection in
the jurisprudence of the CJEU and the ECtHR." International Data Privacy Law 3.4 (2013):
222-228.
Koops, Bert-Jaap. "The trouble with European data protection law." International Data Privacy
Law 4.4 (2014): 250-261.
Rechnungshof v Osterreichischer Rundfunk and others [2003] ECR I-4989, [2003] ECR I-
6041
Victor, Jacob M. "The EU general data protection regulation: Toward a property regime for
protecting data privacy." Yale LJ123 (2013): 513.
Document Page
chevron_up_icon
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.