Protecting our personal data in the 21st century: why the new EU legal framework matters

by Rita de Sousa Costa, law student at UMinho
and Tiago Sérgio Cabral, law student at UMinho

Most people do not have any idea how much the processing of their personal data affects their daily life. In today’s world, our e-mail has the ability to distinguish between important and unimportant e-mails based on our previous communications. When we want to read the news our phones and tablets are able to predict the events and sources that we would be interested in. Facebook knows more about our friends than we do. If you want to watch a movie, Netflix has a broad selection and may give you some tips based on your previously watched list, same with Youtube. If we have a favorite supermarket chain it probably knows what we like to buy through our customer cards. Our keyboards are able to predict the very words we will type[i].

We would find a rather different scenario if we looked to the world in 1995. Twenty years ago, the Internet was still in its early stages of development and was rather different from what we know and use today[ii]. E-mail and instant messaging were unknown to the general population. Google and search engines did not exist. Social networking and smartphones did, but only in science fiction movies. With this in mind, it is rather astonishing that the EU legal framework regarding the protection of personal data managed to stay, more or less, unchanged for more than twenty years. In these twenty years, the Directive 95/46/CE ensured the protection of personal data for EU citizens fulfilling the required by the article 16. of the TFUE and the article 8. of the EUCFR[iii]/[iv].

Continue reading “Protecting our personal data in the 21st century: why the new EU legal framework matters”

Advertisements

Editorial of June 2016

 

6914441342_775b4ab9a7_o

by João Marques, Lawyer and member of the 
Portuguese Data Protection National Commission

The right to be remembered – Directive 95/46/CE begins its twilight and makes way for the new General Data Protection Regulation (GDPR)

It was on May the 4th that the EU paradigm regarding personal data protection started to write its chapter in the common book of legal unification. As the Regulation (EU) 2016/679 [together with Directive (EU) 2016/680] finally got published in the Official Journal of the EU, a new era is jumpstarted. The first “victim” of the new paradigm is the old Directive 95/46/CE, which for the past 20 years has served European citizens honourably.

Although it faced a challenging task, Directive 95/46/EC was generally capable of protecting EU citizens against the predatory instincts of our world regarding their personal data. A suitable testament in this regard is the fact that the principles enshrined in Chapter 2 of the Directive have been, for the most part, kept almost unchanged. Lawful processing, purpose specification and limitation, data quality, fair processing and accountability remain as the bedrock of data protection under the new legal framework.

As ever, the CJEU case-law has been of paramount importance in the consolidation of a European perspective in which the citizen’s fundamental rights are at the forefront of the Union’s responsibilities, with the recent case C-362/14 (Schrems V. Data Protection Commissioner and Digital Rights Ireland Ltd) being yet another example of the approach for which the court is well known.

Continue reading “Editorial of June 2016”