Directive 95/46 / EC (data protection directive)

from Wikipedia, the free encyclopedia
European Union flag

Directive 95/46 / EC

Title: Directive 95/46 / EC of the European Parliament and of the Council of October 24, 1995 on the protection of natural persons with regard to the processing of personal data and the free movement of data
Designation:
(not official)
Privacy Policy
Scope: EU
Legal matter: Data protection law
Basis: Article 100a of the EC Treaty
Procedure overview: European Commission
European Parliament
IPEX Wiki
Come into effect: December 13, 1995
To be
implemented in national law by:
October 24, 1998
Implemented by: Germany
Law amending the Federal Data Protection Act and other laws ( Federal Law Gazette I p. 904 );
Austria
Data Protection Act 2000
and Securities Supervision Act
Replaced by: Regulation (EU) 2016/679
Expiry: May 24, 2018
Reference: OJ L 281 of November 23, 1995, pp. 31-50
Full text Consolidated version (not official)
basic version
Regulation has expired.
Please note the information on the current version of legal acts of the European Union !

The Directive 95/46 / EC on the protection of individuals with regard to the processing of personal data and the free movement of such data is adopted in 1995 Directive of the European Community to protect the privacy of natural persons when processing personal data . It is part of the General Data Protection Regulation (EU-DSGVO) (official name: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 for the protection of natural persons ) published in the Official Journal of the European Union on May 4, 2016 the processing of personal data, the free movement of data and the repeal of Directive 95/46 / EC ) was replaced on May 25, 2018.

history

As early as the 1970s and 1980s, the European Parliament repeatedly called on the EC Commission to “think about preparing a directive to protect individual citizens of the community against abuse in the storage, processing and dissemination of personal information through automatic databases in public and in public to protect the private sector ”. This original claim from 1975 was the Commission, however, some twenty years later - with the interjection , but the Data Protection Convention of the Council of Europe to ratify - after. At first glance , this appears paradoxical , but it reflects the different starting points of Parliament and the Commission: Parliament considered the radically changing processing conditions due to computers and the possible consequences for those affected. The Commission's first premise was to promote the free movement of goods - and thus the common market . And therefore to tolerate any restriction for the market in this respect just as little as restrictive regulations for any other “ marketable good ”. On the contrary, the Commission supported the strengthening of the unrestricted movement of data.

The formal legislative process for the directive started with the publication by the Commission of a “proposal for a Council directive on the protection of individuals with regard to the processing of personal data”; this was fundamentally changed again in the legislative process in 1992. The Commission's proposal notes that the Member States had implemented its recommendation poorly. Only seven of the twelve member states of the EC had acceded to the data protection agreement, national regulations based on it existed in only six member states ( Germany , Denmark , France , Ireland , Luxembourg , and the United Kingdom ), Spain had ratified the treaty, but not yet implemented the The Netherlands had independent data protection law. In addition, the Council of the OECD adopted data protection guidelines in 1980.

Three problems in data protection law were thus identified:

  1. The basic rights of community citizens were protected differently and in some cases only incompletely. This was "inconsistent with the Community's commitment to upholding fundamental rights, as referred to in the joint declaration [...] on fundamental rights of April 5, 1977 and in paragraph 3 of the preamble to the Single European Act ".
  2. The transmission of data seemed necessary - taking into account the rights of the data subjects:
    1. Data processing is essential in many areas of economic life and the fundamental freedoms make it necessary for data to be transmitted across borders.
    2. In connection with the mobility of citizens , European integration makes it necessary for national administrations to work together, for example to exchange tax or social data in the interests of citizens.
  3. Competition is distorted when companies are subject to different levels of regulation in their country.

content

The directive describes minimum standards for data protection that must be ensured in all member states of the European Union by national laws . Only the areas expressly mentioned in Article 3 (2) of the Directive relating to the second and third pillars of the European Union , i.e. the common foreign and security policy (CFSP) and police and judicial cooperation in criminal matters (PJZS) are excluded from the application. .

The directive usually prohibits the processing of sensitive personal data. However, there are exceptions to this prohibition, for example if the person concerned has expressly consented to the processing of the data mentioned or the processing is necessary "to take into account the rights and obligations of the person responsible for processing in the field of labor law". In addition, the directive provides that, subject to appropriate safeguards, Member States can make exceptions for reasons of important public interest.

implementation

In the telecommunications sector , the data protection directive is supplemented by the data protection directive for electronic communications issued in 2002 .

In Germany, the European Data Protection Directive was only implemented by the law amending the Federal Data Protection Act and other laws of May 18, 2001, which came into force on May 23, 2001. This was preceded by infringement proceedings initiated by the EU Commission because the directive had not been transformed into German law within the agreed three-year period.

The Commission's complaint against Germany regarding the independence of the data protection officer

In July 2005, the EU Commission criticized the inadequate implementation of the content of the data protection directive in Germany. She criticizes the fact that the bodies entrusted with the data protection supervision of the federal states lack the necessary independence from state influence. The Commission therefore opened another infringement procedure. In March 2010 the European Court of Justice (ECJ) ruled that the Federal Republic of Germany had implemented the requirement incorrectly.

literature

Web links

Individual evidence

  1. a b Council of Europe : Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. In: Collection of the European Treaties . January 28, 1981, accessed May 14, 2018 (English, French, German, Italian, Russian).
  2. Regulation (EU) 2016/679 on the protection of natural persons when processing personal data, on the free movement of data and on the repeal of Directive 95/46 / EC (General Data Protection Regulation)
  3. European Parliament: Resolution on the protection of the rights of the individual in view of the advancing technical development in the field of automatic data processing . In: OJ. C 60 . March 13, 1975, p. 48 ( europa.eu [PDF; 664 kB ; accessed on May 15, 2018]).
  4. European Parliament: Resolution on the protection of the rights of the individual in view of the advancing technical development in the field of automatic data processing . In: OJ. C 100 . May 3, 1976, p. 30 ( europa.eu [PDF; 2.2 MB ; accessed on May 15, 2018]).
  5. European Parliament: Resolution on the protection of the rights of the individual in view of the advancing technical development in the field of data processing . In: OJ. C 140 . June 5, 1979, p. 34 ( europa.eu [PDF; 9.6 MB ; accessed on May 15, 2018]).
  6. European Parliament: Resolution on the protection of the rights of the individual in view of the advancing technical development in the field of data processing . In: OJ. C 87 . April 5, 1982, p. 39 ( europa.eu [PDF; 12.6 MB ; accessed on May 15, 2018]).
  7. a b Commission of the European Communities: 81/679 / EEC: Commission recommendation of 29 July 1981 on a Council of Europe convention for the protection of people with regard to automatic processing of personal data . In: OJ. L 246 . August 29, 1981, p. 31 ( eur-lex.europa.eu [accessed on May 15, 2018]).
  8. Ulrich Dammann , Spiros Simitis : EC Data Protection Directive . Comment. Nomos, Baden-Baden 1997, ISBN 978-3-7890-4517-2 , p. 61 , para. 1 .
  9. European Commission : Towards a Dynamic European Economy . Green Paper on the Development of the Common Market for Telecommunications Services and Equipment [COM (87) 290 final]. Brussels 30 June 1987 (English, eur-lex.europa.eu (PDF) [accessed on 15 May 2018]). = Federal Government : Green Paper on the Development of the Common Market for Telecommunications Services and Telecommunications Equipment - COM (87) 290 final. Information by the Federal Government. In: Bt-Drs. No. 11/930 , September 7, 1987 ( bundestag.de [PDF; 2.8 MB ; accessed on May 15, 2018]).
  10. ^ Commission of the European Communities: Proposal for a Council Resolution on the strengthening of the further co-ordination of the introduction of the Integrated Services Digital Network (ISDN) in the Community up to 1992. In: Archive of European Integration . University of Pittsburgh , December 6, 1988; Retrieved May 15, 2018 .
  11. ^ Commission of the European Communities: Communication from the Commission to the Council and the European Parliament on "Standardization and the Global Information Society: The European Approach." [COM (96) 359 final]. In: Archive of European Integration . University of Pittsburgh , July 24, 1996, accessed May 15, 2018 .
  12. a b Commission of the European Communities: Communication from the Commission on the protection of individuals with regard to the processing of personal data in the Community and on the security of information systems . Ed .: Publications Office of the European Union . September 13, 1990 ( eur-lex.europa.eu [accessed on May 13, 2018]).
  13. Commission of the European Communities: Proposal for a Council Directive on the protection of individuals with regard to the processing of personal data . In: OJ. C 277 . November 5, 1990, p. 3 ( eur-lex.europa.eu (PDF) [accessed on May 15, 2018]).
  14. Commission of the European Communities: Amended proposal for a Council Directive on the protection of individuals with regard to the processing of personal data . In: OJ. C 311 . November 27, 1992, p. 30 ( eur-lex.europa.eu [accessed on May 15, 2018]).
  15. OECD : OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data . 2002, doi : 10.1787 / 9789264196391-en (English, [1] [accessed on May 14, 2018]).
  16. European Parliament , Council of the European Communities , European Commission : Joint declaration of the European Parliament, the Council and the Commission regarding the respect for fundamental rights and the European Convention for the protection of human rights and fundamental freedoms . In: OJ. C 103 . April 27, 1977, p. 1 ( eur-lex.europe.eu [accessed on May 15, 2018]).
  17. European Commission: Action brought by the Commission of the European Communities against the Federal Republic of Germany. (PDF) JURM (2007) 6047. November 22, 2007, accessed on June 12, 2018 .
  18. ECJ: Case C-518/07 March 9, 2010.
  19. Europe frees data protectionists from political pressure. Spiegel Online, March 9, 2010.