{"title":"The Right to Protection of Personal Data. Incapable of Autonomous Standing in the Basic EU Constituting Documents","authors":"P. Hert","doi":"10.5334/UJIEL.CZ","DOIUrl":null,"url":null,"abstract":"Over the past few years an overhaul of the European data protection edifice has been under way. Practically all basic data protection regulating documents in effect until today have either already been replaced or are in the process of being thoroughly amended. This is probably a development that was long overdue, given that all of them have an age of several decades while none of them has been released taking the internet into account. The OECD is the first international organisation that issued any data protection regulations at all: it did so in 1980, and its Guidelines remained unchanged until 2013, when their amendment process was completed. The Council of Europe released its own data protection regulations, formulated in Convention 108, only a few weeks after the OECD; they too remained in effect unchanged over the decades that passed, admittedly complemented by rich secondary legislation, and are now in the process of being amended. However, most of the data protection work undoubtedly takes place within the EU which chose to dominate the international field since it became involved in it, through the EU Data Protection Directive in 1994. The Directive set the EU and international, through its “adequacy” criterion, data protection standard. However, it remained hopelessly outdated, because it was released before the advent of the Internet (although the Court of Justice through its recent Google Spain case showed that there is still some life left in it). The European Commission seized the opportunity presented by the Treaty of Lisbon, and its Article 16 TFEU, and took upon itself the herculean task of reconstructing the whole EU data protection edifice, both from an architectural and from a substantive law point of view","PeriodicalId":30606,"journal":{"name":"Utrecht Journal of International and European Law","volume":null,"pages":null},"PeriodicalIF":0.3000,"publicationDate":"2015-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Utrecht Journal of International and European Law","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5334/UJIEL.CZ","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"INTERNATIONAL RELATIONS","Score":null,"Total":0}
引用次数: 4
Abstract
Over the past few years an overhaul of the European data protection edifice has been under way. Practically all basic data protection regulating documents in effect until today have either already been replaced or are in the process of being thoroughly amended. This is probably a development that was long overdue, given that all of them have an age of several decades while none of them has been released taking the internet into account. The OECD is the first international organisation that issued any data protection regulations at all: it did so in 1980, and its Guidelines remained unchanged until 2013, when their amendment process was completed. The Council of Europe released its own data protection regulations, formulated in Convention 108, only a few weeks after the OECD; they too remained in effect unchanged over the decades that passed, admittedly complemented by rich secondary legislation, and are now in the process of being amended. However, most of the data protection work undoubtedly takes place within the EU which chose to dominate the international field since it became involved in it, through the EU Data Protection Directive in 1994. The Directive set the EU and international, through its “adequacy” criterion, data protection standard. However, it remained hopelessly outdated, because it was released before the advent of the Internet (although the Court of Justice through its recent Google Spain case showed that there is still some life left in it). The European Commission seized the opportunity presented by the Treaty of Lisbon, and its Article 16 TFEU, and took upon itself the herculean task of reconstructing the whole EU data protection edifice, both from an architectural and from a substantive law point of view
在过去的几年里,对欧洲数据保护体系的彻底改革一直在进行。实际上,迄今为止所有有效的基本数据保护规范文件要么已经被取代,要么正在被彻底修改。考虑到所有这些都有几十年的历史,而没有一个是考虑到互联网而发布的,这可能是一个早就应该出现的发展。经合组织(OECD)是第一个发布数据保护法规的国际组织:它在1980年发布了数据保护法规,其《指导方针》(Guidelines)一直保持不变,直到2013年修订过程完成。欧洲委员会(Council of Europe)发布了自己的数据保护条例,即108号公约(Convention 108),仅比经合组织晚了几周;在过去的几十年里,它们实际上也没有改变,不可否认的是,它们得到了丰富的次级立法的补充,现在正在被修改。然而,大多数数据保护工作无疑是在欧盟内部进行的,自1994年通过《欧盟数据保护指令》参与进来以来,欧盟选择了主导国际领域。该指令通过其“充分性”标准设定了欧盟和国际上的数据保护标准。然而,它仍然无可救药地过时了,因为它是在互联网出现之前发布的(尽管法院通过最近的谷歌西班牙案表明它仍然有一些生命力)。欧盟委员会抓住了《里斯本条约》及其第16条TFEU所带来的机会,从建筑和实体法的角度出发,承担起了重建整个欧盟数据保护大厦的艰巨任务