Appendix B – MindMaps
166
, Post-Brexit, the UK adopted the GDPR as
UK GDPR, ensuring legal continuity but Application of EU Data Protection Law in
permitting future divergence. the UK
The emergence of computers in the 1970s
initiated the need for data protection as
Considered a ‘third country’ under EU law,
Brexit Implications personal information began to be
the UK received an adequacy decision processed on a large scale. This
from the European Commission, allowing technological advancement, combined
data flow continuity with a sunset clause with increased transborder trade, created
for future review. Adequacy and Data Transfers
significant privacy concerns. Consequently,
traditional European privacy laws became
inadequate, prompting the need for new
legal standards to protect individual rights
This directive, adopted with the GDPR, Rationale for Data Protection
while facilitating data exchange.
harmonizes data protection in law
enforcement, ensuring safeguards while The right to privacy is a cornerstone of
allowing national variations in human rights within the European Union.
implementation. Law Enforcement Directive (EU 2016/680) Basic Principles It serves as a basis for current data
protection laws, reinforced by
Regulating personal data in electronic Related Legislation international human rights instruments.
communications, this directive covers Such frameworks highlight the
areas like cookies and email marketing. It importance of safeguarding individual
is currently under review to ensure Human Rights Law
privacy against arbitrary interference.
alignment with GDPR standards. ePrivacy Directive
The UDHR, adopted in 1948, emphasizes
In 2018, the updated Convention 108+ dignity and equality. Relevant articles
aligned with GDPR principles, adapting to include:
modern data protection challenges. Key
updates included: Article 12: Protects privacy from arbitrary
interference.
Enhanced definitions and legal bases for
data processing Modernization of Convention 108 Convention 108+ Universal Declaration of Human Rights
Article 19: Affirms freedom of opinion,
which may conflict with privacy.
Strengthened security obligations
applicable to all sectors Article 29(2): Allows limitations on
Data Protection Applications
individual rights to respect others’ rights.
/ Signed in 2007, the Treaty of Lisbon Rationale and Legal Established in 1950, the ECHR guarantees
fundamental freedoms, including:
reinforced the EU's legal framework.
Article 16 embedded the right to data Framework
protection in EU law, binding member Article 8: Protects private and family life,
states and institutions. Treaty of Lisbon allowing lawful limitations under strict
European Convention on Human Rights conditions.
Introduced in 2012 and enforceable from
Article 10: Safeguards freedom of
May 2018, the GDPR aimed to: Treaty of Lisbon and GDPR expression, subject to necessary
restrictions.
Strengthen individual rights
Enhance organizational accountability General Data Protection Regulation (GDPR)
From the late 1960s to the 1980s, countries
Standardize EU data protection rules like Austria, Denmark, and Germany began
The GDPR introduced penalties for non- enacting data protection laws. Germany
compliance and expanded individual notably included data protection in its
rights, such as data portability. Constitution. The Council of Europe
initiated regulatory frameworks, starting
with Recommendation 509 and
subsequent resolutions that outlined
To address national inconsistencies, Pioneering Legislation
principles for data processing.
Directive 95/46/EC was proposed to
standardize data protection laws across In 1980, the OECD released guidelines to
the EU. Its objectives included: establish harmonized global data
Early Laws and Regulations protection standards. Key principles
Ensuring individual privacy protection include:
Data Protection Directive (95/46/EC)
Facilitating data movement within the EU Collection Limitation
Despite this, varied applications still led to
legal uncertainties. Need for a Harmonised OECD Guidelines Data Quality
European Approach
Proclaimed in 2000, it enshrined data Purpose Specification
protection as a distinct right within the EU
framework. Article 8 emphasizes fair
Security Safeguards
processing and individual access rights,
bolstered by oversight from independent
authorities. Charter of Fundamental Rights
, The Council of Europe, founded in 1949, The chapter examines the development of
promotes human rights and democracy EU institutions, highlighting the Treaty of
across Europe, separate from the EU Lisbon's role in reforming decision-making
framework. and enhancing data protection.
It oversees the European Convention on Evolution of EU Institutions The Lisbon Treaty aimed to improve
Distinction from the EU
Human Rights and the European Court of efficiency and democratic legitimacy
Human Rights, ensuring adherence to within the EU, particularly post-
human rights standards. enlargement.
The Council has significantly shaped data
Background The Treaty amended both the EU Treaty
protection norms, notably through and the Treaty on the Functioning of the
Convention 108, which set essential European Union (TFEU).
principles for data quality and individual
Council of Europe and Data Key reforms established a framework for
rights.
Protection Treaty of Lisbon and Institutional Reform promoting EU values, recognizing the
The 2018 modernization of Convention 108 European Council and European Central
Contributions to Data Protection Standards
aligned it with GDPR, enhancing Bank as binding decision-making
accountability and cross-border institutions.
cooperation in data processing.
While not an EU institution, the Council of
The chapter elaborates on five main
Europe's framework and guidelines often
institutions: European Parliament,
inform EU law and CJEU decisions,
European Council, Council of the
particularly in fundamental rights and
Influence on EU Law European Union, European Commission,
data protection matters.
and the Court of Justice of the European
Union (CJEU).
Implications Institutional Roles Each institution has distinct functions that
The CJEU ensures uniform interpretation
contribute to the EU's governance and
and enforcement of EU law, comprising
policy-making processes.
the Court of Justice and the General Court.
Role in EU Law
It handles cases related to treaty
/ interpretation and compliance issues. As the only directly elected EU institution,
Court of Justice of the European the European Parliament plays a vital role
The CJEU has influenced EU data
protection law significantly, including
Union (CJEU)
European Union in legislative development, oversight of EU
institutions, and budget approval.
landmark rulings establishing the "right to
be forgotten" and invalidating data Institutions It operates through three legislative
Legislative Functions
transfer agreements due to inadequate procedures: Ordinary Legislative
protections. Impact on Data Protection Procedure, Consultation Procedure, and
Consent Procedure.
European Parliament The Parliament comprises 705 Members of
The Commission serves as the EU's the European Parliament (MEPs) from 27
executive body, initiating legislation and countries, organized into political groups
ensuring compliance with EU law. based on ideological positions.
It manages the EU budget and can take Executive Functions Composition and Political Groups The legislative process includes committee
legal action against member states for work followed by debates and voting in
non-compliance. plenary sessions.
Each member state appoints one European Commission
Commissioner to oversee specific policy
areas, acting independently from national Distinct from the European Council, the
interests. Council of the European Union is the
primary decision-making body that co-
The Commission is accountable to the Independence and Accountability legislates with the Parliament.
European Parliament, which can approve
or dismiss it collectively. Decision-Making Body It examines legislative proposals, adopts
laws, and represents member states in EU
policy coordination.
Council of the European Union
Composed of ministers from member
states, the Council meets regularly and
utilizes qualified majority voting or
Membership and Voting Procedures unanimity, depending on the issue.
166
, Post-Brexit, the UK adopted the GDPR as
UK GDPR, ensuring legal continuity but Application of EU Data Protection Law in
permitting future divergence. the UK
The emergence of computers in the 1970s
initiated the need for data protection as
Considered a ‘third country’ under EU law,
Brexit Implications personal information began to be
the UK received an adequacy decision processed on a large scale. This
from the European Commission, allowing technological advancement, combined
data flow continuity with a sunset clause with increased transborder trade, created
for future review. Adequacy and Data Transfers
significant privacy concerns. Consequently,
traditional European privacy laws became
inadequate, prompting the need for new
legal standards to protect individual rights
This directive, adopted with the GDPR, Rationale for Data Protection
while facilitating data exchange.
harmonizes data protection in law
enforcement, ensuring safeguards while The right to privacy is a cornerstone of
allowing national variations in human rights within the European Union.
implementation. Law Enforcement Directive (EU 2016/680) Basic Principles It serves as a basis for current data
protection laws, reinforced by
Regulating personal data in electronic Related Legislation international human rights instruments.
communications, this directive covers Such frameworks highlight the
areas like cookies and email marketing. It importance of safeguarding individual
is currently under review to ensure Human Rights Law
privacy against arbitrary interference.
alignment with GDPR standards. ePrivacy Directive
The UDHR, adopted in 1948, emphasizes
In 2018, the updated Convention 108+ dignity and equality. Relevant articles
aligned with GDPR principles, adapting to include:
modern data protection challenges. Key
updates included: Article 12: Protects privacy from arbitrary
interference.
Enhanced definitions and legal bases for
data processing Modernization of Convention 108 Convention 108+ Universal Declaration of Human Rights
Article 19: Affirms freedom of opinion,
which may conflict with privacy.
Strengthened security obligations
applicable to all sectors Article 29(2): Allows limitations on
Data Protection Applications
individual rights to respect others’ rights.
/ Signed in 2007, the Treaty of Lisbon Rationale and Legal Established in 1950, the ECHR guarantees
fundamental freedoms, including:
reinforced the EU's legal framework.
Article 16 embedded the right to data Framework
protection in EU law, binding member Article 8: Protects private and family life,
states and institutions. Treaty of Lisbon allowing lawful limitations under strict
European Convention on Human Rights conditions.
Introduced in 2012 and enforceable from
Article 10: Safeguards freedom of
May 2018, the GDPR aimed to: Treaty of Lisbon and GDPR expression, subject to necessary
restrictions.
Strengthen individual rights
Enhance organizational accountability General Data Protection Regulation (GDPR)
From the late 1960s to the 1980s, countries
Standardize EU data protection rules like Austria, Denmark, and Germany began
The GDPR introduced penalties for non- enacting data protection laws. Germany
compliance and expanded individual notably included data protection in its
rights, such as data portability. Constitution. The Council of Europe
initiated regulatory frameworks, starting
with Recommendation 509 and
subsequent resolutions that outlined
To address national inconsistencies, Pioneering Legislation
principles for data processing.
Directive 95/46/EC was proposed to
standardize data protection laws across In 1980, the OECD released guidelines to
the EU. Its objectives included: establish harmonized global data
Early Laws and Regulations protection standards. Key principles
Ensuring individual privacy protection include:
Data Protection Directive (95/46/EC)
Facilitating data movement within the EU Collection Limitation
Despite this, varied applications still led to
legal uncertainties. Need for a Harmonised OECD Guidelines Data Quality
European Approach
Proclaimed in 2000, it enshrined data Purpose Specification
protection as a distinct right within the EU
framework. Article 8 emphasizes fair
Security Safeguards
processing and individual access rights,
bolstered by oversight from independent
authorities. Charter of Fundamental Rights
, The Council of Europe, founded in 1949, The chapter examines the development of
promotes human rights and democracy EU institutions, highlighting the Treaty of
across Europe, separate from the EU Lisbon's role in reforming decision-making
framework. and enhancing data protection.
It oversees the European Convention on Evolution of EU Institutions The Lisbon Treaty aimed to improve
Distinction from the EU
Human Rights and the European Court of efficiency and democratic legitimacy
Human Rights, ensuring adherence to within the EU, particularly post-
human rights standards. enlargement.
The Council has significantly shaped data
Background The Treaty amended both the EU Treaty
protection norms, notably through and the Treaty on the Functioning of the
Convention 108, which set essential European Union (TFEU).
principles for data quality and individual
Council of Europe and Data Key reforms established a framework for
rights.
Protection Treaty of Lisbon and Institutional Reform promoting EU values, recognizing the
The 2018 modernization of Convention 108 European Council and European Central
Contributions to Data Protection Standards
aligned it with GDPR, enhancing Bank as binding decision-making
accountability and cross-border institutions.
cooperation in data processing.
While not an EU institution, the Council of
The chapter elaborates on five main
Europe's framework and guidelines often
institutions: European Parliament,
inform EU law and CJEU decisions,
European Council, Council of the
particularly in fundamental rights and
Influence on EU Law European Union, European Commission,
data protection matters.
and the Court of Justice of the European
Union (CJEU).
Implications Institutional Roles Each institution has distinct functions that
The CJEU ensures uniform interpretation
contribute to the EU's governance and
and enforcement of EU law, comprising
policy-making processes.
the Court of Justice and the General Court.
Role in EU Law
It handles cases related to treaty
/ interpretation and compliance issues. As the only directly elected EU institution,
Court of Justice of the European the European Parliament plays a vital role
The CJEU has influenced EU data
protection law significantly, including
Union (CJEU)
European Union in legislative development, oversight of EU
institutions, and budget approval.
landmark rulings establishing the "right to
be forgotten" and invalidating data Institutions It operates through three legislative
Legislative Functions
transfer agreements due to inadequate procedures: Ordinary Legislative
protections. Impact on Data Protection Procedure, Consultation Procedure, and
Consent Procedure.
European Parliament The Parliament comprises 705 Members of
The Commission serves as the EU's the European Parliament (MEPs) from 27
executive body, initiating legislation and countries, organized into political groups
ensuring compliance with EU law. based on ideological positions.
It manages the EU budget and can take Executive Functions Composition and Political Groups The legislative process includes committee
legal action against member states for work followed by debates and voting in
non-compliance. plenary sessions.
Each member state appoints one European Commission
Commissioner to oversee specific policy
areas, acting independently from national Distinct from the European Council, the
interests. Council of the European Union is the
primary decision-making body that co-
The Commission is accountable to the Independence and Accountability legislates with the Parliament.
European Parliament, which can approve
or dismiss it collectively. Decision-Making Body It examines legislative proposals, adopts
laws, and represents member states in EU
policy coordination.
Council of the European Union
Composed of ministers from member
states, the Council meets regularly and
utilizes qualified majority voting or
Membership and Voting Procedures unanimity, depending on the issue.
