CIPPE Outline
Chapter 1 Origins
A.Development of European Data Protection Law
a.Human Rights Declaration (aka Universal Declaration of Human Rights) 1948
i.Post WWII
ii.Not a treaty so not binding on UN member countries
iii.Promotes inherent dignity and equal and inalienable rights of all members of the human race.
1.Article 12 relates to the right to a private life
2.Article 19 promotes the right to freedom of expression
3.Article 29: these rights are not absolute and a balance should be struck
b.European Convention on Human Rights 1950
i.International treaty to protect human rights and fundamental freedoms
ii.Applies only to Council of Europe member countries
iii.Can be enforced by the Court of Human Rights
1.Article 8 relates to the rights of individuals
2.Article 10 promotes the freedom of expression and sharing ideas across international boundaries
3.Article 10(2) promotes balance between the two above articles
c.Organization for Economic Co-operation and Development (OECD) 1980
i.Guidelines developed on the protection of privacy and transborder flows of personal data (basic rules that govern transborder data flows).
ii.Guidelines, so not legally binding
iii.Aimed at facilitating data flows and protecting personal data in a global economy
iv.Issues:
1.No distinction between public and private sector
2.Neutral to technology 3.No distinction for personal information gathered electronically or otherwise
v.Key components
1.Collection limitation: any data should be obtained by lawful and fair means
2.Data Quality: data should be relevant to the purposes for which they are
to be used, accurate, complete and up to date.
3.Purpose Specification: purpose must be specified not later than at the time of data collection.
4.Use Limitation
5.Security Safeguards
6.Openness (regarding developments and practice)
7.Individual Participation: right to obtain data from controller communication to him and he may challenge data relating to him
8.Accountability: controller should be accountable for all measures.
d.Convention 108 1981
i.First legally binding international instrument in the area of data protection. ii.Open for signatures outside of Europe, but requires signatories to apply the principles of the Convention 108 in their domestic legislation
1.Article 12: between signatories, where transfers are made, those countries shall not impose any prohibitions or require any special authorizations for the purpose of the protection of privacy before such transfers can take place.
iii.Introduced the concept of adequate
iv.3 distinct parts
1.Substantive law
2.Transborder data flow
3.Mechanisms for mutual assistance and consultation between the parties
e.Directive 95/46/EC i.Was transposed into 28 national laws in the EU, differed across member states
ii.Used principles from Convention 108 as benchmark
f.Treaty of Lisbon
i.Promotes core values and fundamental rights.
ii.Promoted the Charter of Fundamental Rights of the EU to make it legally binding on the 7 institutions
g.The GDPR
i.Negotiation between the European Commission, the European Parliament, and the Council of the EU
ii.The GDPR is binding, but member states may make further legislative provisions
(approximately 50 provisions allow for local law clarification or exception). The main points are:
1.Sector specific laws already in place
2.Archiving purposes in the public interest
3.Special categories of data
4.Processing in compliance with a legal obligation
Chapter 2 European Union Institutions
A.The Union’s 7 institutions
a.One of the main aims of the Lisbon Treaty was to reform the structure of the EU’s institutions, in order to reduce bureaucracy. b.The 7 institutions are
i.The European Parliament
1.Democratic representation (they are elected)
2.Budget
3.Legislative development
ii.The European Council
1.Comprised of the heads of each 28 member states
2.Defines EU priorities and sets political direction for the EU
iii.Council of the EU 1.One minister from each of the 28 member states
2.Shares legislative power with Parliament
iv.European Commission (executive body of the EU)
1.Implements EU’s decisions and policies
2.Monitors compliance of the other institutions
3.Most active in the area of data protection 4.Has the power to adopt adequacy findings
v.Court of Justice of the EU
vi.European Central Bank
1.Set up under the Treaty of Paris to implement the legal framework of the European Coal and Steel Community
2.28 judges, each appointed by common accord of the governments of the member states for a term of 6 years
vii.Court of Auditors
viii.European Court of Human Rights
1.Not an institution of the EU, located in Strausberg 2.Enforces Convention 108 and the European Convention of Human Rights
Chapter 3 Legislative Framework A.The Council of Europe Convention
a.Convention 108 (1981)
i.Two reasons for Convention 108
1.Member states’ failure to respond to the Council’s 1973 and 1974 resolutions
2.The need for reinforcement of the principles found in those resolutions by means of a binding international instrument.
ii.Noteworthy for three reasons:
1.Based on a series of principles that address the main concerns relating to data protection
2.Ensures appropriate protections for individual privacy but also reconizes
the importance of the free flow of personal data
3.Requires signatory states to implement its principles by enacting national legislation
iii.Purpose: to achieve greater unity between the signatory states and extend safeguards for individuals’ rights and fundamental freedoms
iv.Only a small number of states ratified and their national data protection laws took a fragmented approach
B.The Data Protection Directive
a.A human rights law that protects the principles of the internal single market; goal is free movement of personal data coupled with consistent provisions to ensure the protection of individual privacy i.Consists of 1.72 recitals
2.34 articles
ii.Applied to organizations acting as controllers that were established in an EU member state or where the organization made use of data processing equipment on the territory of a member states (in which case, a representative was required)
b.Emerged because data protection legislation amongst the EU member states differed substantially. c.Unlike the Council of Europe, the EU is unable to make standalone human rights laws; must base its laws on a specific provision under the Treaty of Rome
d.Set out general principles and left the member states to implement them
C.The General Data Protection Regulation
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller walshabees. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.