About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

31 Utrecht J. Int'l & Eur. L. 1 (2015)

handle is hein.journals/merko31 and id is 1 raw text is: 

UTRECHTJOURNAL OF                           Paul De Hert, 'The Right to Protection of Personal Data. Incapable
INTERNATIONAL AND EUROPEAN LAW              of Autonomous Standing in the Basic EU Constituting Documents?'
                                            (2015) 31(80) Utrecht Journal of International and European Law 1,
                                            DOI: http://dx.doi.org/10.5334/uj iel.cz




EDITORIAL

The Right to Protection of Personal Data.

Incapable of Autonomous Standing in the Basic

EU Constituting Documents?

Paul De Hert1
I Professor, Vrije Universiteit Brussels (VUB LSTS), Belgium & Tilbur8 University (TILT), the Netherlands


Over the past few years an overhaul of the European data protection edifice has been under way Practically
all basic data protection regulating documents in effect until today have either already been replaced or are
in the process of being thoroughly amended. This is probably a development that was long overdue, given
that all of them have an age of several decades while none of them has been released taking the internet into
account. The OECD is the first international organisation that issued any data protection regulations at all:
it did so in 1980,1 and its Guidelines remained unchanged until 2013, when their amendment process was
completed.2 The Council of Europe released its own data protection regulations, formulated in Convention
108,1 only a few weeks after the OECD; they too remained in effect unchanged over the decades that passed,
admittedly complemented by rich secondary legislation, and are now in the process of being amended.4
However, most of the data protection work undoubtedly takes place within the EU which chose to dominate
the international field since it became involved in it, through the EU Data Protection Directive in 1994.' The
Directive set the EU and international, through its adequacy criterion, data protection standard. However,
it remained hopelessly outdated, because it was released before the advent of the Internet (although the
Court of Justice through its recent Google Spain case6 showed that there is still some life left in it). The
European Commission seized the opportunity presented by the Treaty of Lisbon, and its Article 16 TFEU,
and took upon itself the herculean task of reconstructing the whole EU data protection edifice, both from
an architectural and from a substantive law point of view.
  While the outcome of the intensive law-making effort witnessed since 2012 is yet to be seen, a couple of
observations are already possible. After all, one must not lose perspective and bury his or her head in trivial
or less trivial details of the legislative arrangements that are currently being negotiated, but instead should
pay attention to the greater picture. That picture unavoidably includes Article 16 TFEU and the draft EU
General Data Protection Regulation7 that constituted the main legislative response to it. We recall the text
of Article 16 TFEU:

    1. Everyone has the right to the protection of personal data concerning them.
    2. The European Parliament and the Council, acting in accordance with the ordinary legislative
       procedure, shall lay down the rules relating to the protection of individuals with regard to
       the processing of personal data by Union institutions, bodies, offices and agencies, and by the
       Member States when carrying out activities which fall within the scope of Union law, and the


   OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 23 September 1980.
   2 OECD Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data, as amended on 11 July 2013.
   3 Council of Europe, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg,
   28.1.1981.
   See the latest draft at the respective Council of Europe data protection webpages.
   Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard
   to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995.
   C 131/12- Judgment of the Court (Grand Chamber) of 13 May 2014, Google Spain SL and Google Inc. vAgencia Espanola de Protec-
   ci6n de Datos (AEPD) and Mario Costeja Gonzalez.
   7 European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individu-
   als with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation),
   25.01.2012, COM(2012) 11 final.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most