Data Protection in the European Union

From GDPRhub
Revision as of 12:53, 10 May 2024 by So.h (talk | contribs)
Data Protection in the European Union
Eu.png
Data Protection Authority: EDPS
Regulation for EU institutions: Regulation (EU) 2018/1725
Official Language(s): 24 EU Languages
European Legislation Database(s): Link
European Decision Database(s): Link

Legislation

History

You can help us filling this section!

Regulation (EU) 2018/1725

The European institutions are bound by Regulation 2018/1725, which provides the same rights to data subjects as the GDPR.

When the provisions of Regulation 2018/1725 follow the same principles as the GDPR, they should be interpreted homogeneously. This is because Regulation 2018/1725 should be understood as the EU bodies and institution's equivalent to GDPR (Recital 5 Regulation 2018/1725), meaning that the two regulations should be applied in parallel (Recital 4 Regulation 2018/1725). This often makes GDPR case law applicable to the interpretation of Regulation 2018/1725.

A way to understand Regulation 2018/1725, is to see it as a combination of the GDPR and Law Enforcement Directive (LED). While earlier chapters reflect principles enshrined in the GDPR, later chapters often reflect the LED.

Of particular note is Chapter IX Regulation 2018/1725 which addresses Operational Personal Data (personal data which is processed for the purposes of carrying out law-enforcement tasks).[1] Given the specialised nature of these tasks, Regulation 2018/1725 creates carve-outs within Chapter IX for the processing of this type of data. For example, the right of access under GDPR and Regulation 2018/1725, is different to the right of access under Chapter IX. These carve outs are also reflected in the LED (Law Enforcement Directive) and in many cases Chapter IX will directly overlap in text with the LED.

Data Protection Authority

The European Data Protection Supervisor (European Data Protection Supervisor) is the data protection authority for European Union institutions, bodies, offices and agencies.

→ Details see EDPS

While the EDPS mostly relies on Regulation 2018/1725 to enforce data protection law against European Union institutions, bodies, offices and agencies, there are also specialised regulations which will apply. For example, among others, the EDPS supervises Europol which alongside Chapter IX of Regulation 2018/1725 requires the use of Regulation (EU) 2016/794 (Europol Regulation).

Judicial protection

General Court

Court of Justice of the European Union

  1. The AFSJ sector (Area of Freedom Justice and Security) mainly relies on this Chapter of Regulation 2018/1725.