Charter of Fundamental Rights The right to personal data protection is a fundamental right and one of the core values of the European Union (‘EU’). It is enshrined in the EU’s Charter of Fundamental Rights(opens in new window) (the ‘Charter’). Under the Charter, everyone has the right to the protection of their personal data (Article 8(1)). The Charter became legally binding with the entry into force of the Treaty of Lisbon on 1 December 2009, which gave the Charter the same legal value as the constitutional treaties of the EU. Treaty on the Functioning of the European Union Article 16(1) of the Treaty on the Functioning of the European Union(opens in new window) (‘TFEU’) provides that everyone has the right to the protection of their personal data. The EU is unique in providing a constitutional obligation to lay down data protection rules for processing personal data. EU Data Protection Regulation Regulation (EU) 2018/1725 (opens in new window)of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, repealing Regulation (EC) 45/2001(opens in new window) and Decision № 1247/2002/EC(opens in new window) (‘EUDPR’). European Court of Auditors: Internal Rules Restrictions of certain data subjects rights Decision № 42/2021(opens in new window) of the European Court of Auditors of 20 May 2021 adopting internal rules concerning restrictions of certain rights of data subjects in relation to the processing of personal data in the framework of activities carried out by the European Court of Auditors. DPO implementing rules Decision № 11/2024 adopting implementing rules concerning the Data Protection Officer pursuant to Article 45(3) EUDPR. Other relevant references regarding the protection of privacy and personal data Regulation (EU) 2016/679(opens in new window) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or ‘GDPR’). Directive (EU) 2016/680(opens in new window) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, repealing Council framework Decision 2008/977/JH (‘LED Directive’). Directive 2002/58/EC(opens in new window) of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (‘ePrivacy Directive’). European Convention(opens in new window) for the Protection of Human Rights and Fundamental Freedoms and in particular Article 8, considering that the aim of the Council of Europe is to recognise, maintain and protect human rights and fundamental freedoms such as the right to respect for private life. Convention 108(opens in new window) of the Council of Europe of 28 January 1981 for the protection of individuals with regard to automatic processing of personal data. In 2018, the Council of Europe modernised the convention, adopting Convention 108+(opens in new window).