Data protection and the law enforcement directive: a procrustean bed across Europe?
- PDF / 657,720 Bytes
- 16 Pages / 439.37 x 666.142 pts Page_size
- 52 Downloads / 165 Views
Data protection and the law enforcement directive: a procrustean bed across Europe? Matthias M. Hudobnik1
Accepted: 19 November 2020 / Published online: 2 December 2020 © @ ERA 2020
Abstract This article analyses the legal challenges to the transposition and compliance of Directive (EU) 2016/680, focusing on the Austrian, German, Irish and British-domestic provisions implementing Art. 11, Art. 18 and Art. 25 of Directive (EU) 2016/680. Similarities and differences between these clauses will be examined and consideration given to national legislative particularities. The article gives an overview of and outlook on transposition issues relating to the legal provisions within these countries. It may seem that there is hardly any distinction between various domestic implementations, but this article demonstrates that the devil is in the detail. Keywords Data protection · Law enforcement directive · LED · Police and criminal justice · Transposition
1 Introduction The data protection landscape in the EU is a composite legal framework of, inter alia, Regulation (EU) 2016/679, which is well known as the General Data Protection Regulation, (hereinafter the GDPR)1 constituting the lex generalis, and sectoral laws, such as Directive (EU) 2016/680, designated as the Data Protection Law En1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the pro-
tection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
B M.M. Hudobnik
[email protected]
1
Legal Engineer & At-Large Advisory Committee Member at the Internet Corporation for Assigned Names and Numbers, Vienna, Austria
486
M.M. Hudobnik
forcement Directive, (hereinafter the LED)2 or Directive 2002/58/EC, referred to as ePrivacy Directive, (hereinafter the ePD)3 and specific provisions within regulations for EU sovereignty files (e.g., Europol,4 CIS, Eurodac, SIS II, VIS) constituting a lex specialis.5 The respective scopes of the LED and the GDPR are quite distinct, although the LED is based on concepts provided for in the GDPR (e.g., the processing of sensitive data, data protection impact assessment, data protection officer), and the obligations of the data controller and the data processor are similar to those referred to in the GDPR.6 Generally, the transposition of the LED into domestic data protection laws is usually covered in specific chapters within particular legislative acts because most countries preserve their sovereignty in the sector of police and criminal justice. The LED has a reduced set of data subject rights with respect to the GDPR7 and there is no one-stop shop structure for data subjects (e.g., a target request to the applicable data controller for exercising the data subject right is obligatory). The situation regarding the mistreatment of data is similar, whereby the claim needs to be addressed to the competent jurisdiction and made against the law enforcement authority responsib
Data Loading...
