Legal Framework of Personal Data Protection

 

The legal reference is "Regulation (EU) 2018/1725" of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data", repealing Regulation (EC) 45/2001 and Decision No 1247/2002/EC.

On 1 February 2012 the ECA adopted implementing rules pursuant to Regulation (EC) 45/2001 (cf Decision No°11/2012 of 01/02/2012).

 

Other references relevant in the context of the protection of privacy are:

 

The Treaty on European Union

The EU Charter of Fundamental Rights
The European Union recognises the rights, freedoms and principles set out in the charter, granting a specific right to personal data protection for the first time.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
(General Data Protection Regulation – "GDPR") on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, repealing Council framework Decision 2008/977/JH

Regulation (EC) 45/2001
of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data" (previous regulation applicable to EU Institutions, Agencies and Bodies).

Directive 95/46/EC
of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data" (previous directive applicable within the EU before the entry into force of the General Data Protection Regulation (GDPR))

Directive 2002/58/EC
of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

Directive 1999/93/EC
of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures

Regulation (EU) 910/2014
on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

Regulation (EC) No 1049/2001
of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents. As Regulation 1049/2001 is not applicable to the Court of Auditors, however, the Court took the following decision applicable as from 1st March 1997

ECA Decision No 18/97
laying down internal rules for the treatment of applications for access to documents held by the Court

ECA Decision No 12/05 of 10 March 2005
defining the conditions, limits and procedures applicable to access by the public to ECA documents, repealing ECA Decision No 18/97

Decision No 14/2009 amending ECA Decision No 12/05, regarding public access to Court documents.

Council Regulation (EEC, Euratom) No 354/83
of 1 February 1983 concerning the opening to the public of the historical archives of the European Economic Community and the European Atomic Energy Community

Council Regulation (EC, Euratom) No 1700/2003
of 22 September 2003 amending Regulation (EEC, Euratom) No 354/83 concerning the opening to the public of the historical archives of the European Economic Community and the European Atomic Energy Community

European Convention for the Protection of Human Rights and Fundamental Freedoms
whereas the aim of the Council of Europe is to recognise, maintain and protect human rights and fundamental freedoms such as the right to respect for private life

Convention 108 of the Council of Europe
Provides safeguards for everyone's rights and fundamental freedoms, in particular the right to respect for privacy, considering the increasing transborder flow of personal data undergoing automatic processing

Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006
on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC

Directive 2009/136/EC amending Directive 2002/22/EC on universal service and users' rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000
on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce')

Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997
concerning the processing of personal data and the protection of privacy in the telecommunications sector replaced by Directive 2002/58/EC

Council framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, no longer in force, replaced by Directive (EU) 2016/680

 

European Court of Auditors - 12, rue Alcide De Gasperi - 1615 LUXEMBOURG - Tel. : +352 4398-1